The step1 Get request doesnt seem to take a username or UID number as a payload?
So how would this API request theoretically work, if it doesnt know which user you are asking for a reset code for?
eeeee
Posts
-
Prototyping a password reset method for low security forum -
Prototyping a password reset method for low security forumI did try the first step of the two step reset process as outlined in the v3 docs
The first step is meant to generate a code
so calling the API with https://myforum.org/api/reset
but the response was empty for the code?{ "code": null, "breadcrumbs": [ ....
-
Prototyping a password reset method for low security forumI spoke before about one of my forums not needing to be high security (as it has no sensitive information) and only has infrequent visitors. Password resets are a frequently requested issue.
Ive made a widget with a puzzle to solve which is generated from a hash of the email. The user is shown the solution to this puzzle each time they login, and its easy to remember. So any time they cant login they probably will remember the solution.
The widget is on a public category in the forum viewable by guests, so a person can enter their username, and complete the puzzle.Is there an API call which can be called with Admin permissions, which will reset a password, just using the username of the user?
-
Setting up email for nodebbThere was nothing in output log, except this Warning which appears unrelated
WARNING: The keyword 'none' must be used as a single argument. ../../../bootstrap/scss/mixins/_box-shadow.scss 10:9 box-shadow() ../../../bootstrap/scss/forms/_form-control.scss 40:7 @import bootstrap/scss/_forms.scss 3:9 @import - 19:9 root stylesheet
-
Setting up email for nodebb@PitaJ
Yes I tried sending a test 'Welcome email'
The banner came up email sent
No email arrived, and I logged into the Zoho emai account and nothing was in sent folder.Do I need to set IMAP up on Zoho so nodebb can email from it?
-
Setting up email for nodebb@PitaJ
Only trying to use the email for when people register / need password reset.
But no registration confirmation ever gets sent etc -
Editing regressionThis also means that somewhere the edited post, and the corrected post must be stored.
As the corrected post shows when I click edit, and the old post still shows on screen.
How is that even possible? -
Editing regressionHow odd, I just tried to edit that post to correct spelling of italics
It shows corrected in edit mode, but it keeps showing old wrong spelling in the forum
So Edit seems to be broken!? -
Editing regression^^ I typed 1/7 times 1/7 times 1/7 using asterisk, but it changed it to italics.
I get that * makes things italics *However I tried to edit it to replace with 1/7 x 1/7 x 1/7 and it wont replace that text now, how odd!!
-
All about emails and how they're used in NodeBBI'll admit the email verification flow is janky, but it's the best we've got if you want to support some form of out-of-band password reset.
Ok, Ive given this password reset a lot of thought. I didn't know the term 'out-of-band' but this is an idea along lines of alternative method which doesnt rely on email
So background, lets say my forum
- Contains no sensitive information, so not a terrible issue if a password recovery was hacked. So an easy reset password reset method wouldnt be a risk
- it has infrequent posters. The amount of password reset requests was huge. People were re-registering
So solution could be Admins could allow users to opt into an easy click on picture reset (if they wanted the option)
Method, you can try this a maximum of say, once per month
Click your favourite:
Film: Comedy, Horror, Drama, Historical, Nature, Crime
Fruit: Apple, Banana, Pear, Orange, Coconut, Grape, Pineapple
Color: Red, Blue, Green, yellow, brown, Black, WhiteIf the correct choices are clicked then you can reset password there and then
Probability of random hack 1/7 ^ 3 so less than 0.3%Im sure there must be a name for this type of reset method, its a kind of variant of answering 3 memorable questions, but less to recall.
if the words are accompanied by pictures most people remember the 3 items they chose -
Setting up email for nodebbI saw Julian's plugin code,
https://github.com/julianlam/nodebb-plugin-emailer-sendgrid
Would this be a solution to the issues which I dont fully understand?GitHub - julianlam/nodebb-plugin-emailer-sendgrid: An emailer plugin for NodeBB using SendGrid as a third party service
An emailer plugin for NodeBB using SendGrid as a third party service - julianlam/nodebb-plugin-emailer-sendgrid
GitHub (github.com)
-
Setting up email for nodebbNodebb doesnt report email is sent
This is where I am confused. If I used a hotmail, or gmail even instead, do I need to reach out to their support too?
Can you just say a little more on what DKIM and SPF are? -
Setting up email for nodebbIts been a while since I tried getting the email working (which sends out confirmation links, password resets etc)
So I retried ...
put in my Zoho email and its password in the Admin - settings - email, but nothing gets sent out. (Ive put an example email in for this screenshot)
Is there something else I need to do Zoho end to let Nodebb send emails?
-
Login issuesOK this problem resolved, by removing the nginx header settings that the install docs recommended.
Next ...
A minor but very annoying thing
Why is Forgot Password now between Username and Password, when you tab?
So you type user name, hit enter then Forgot Password gets highlighted. So if you quickly type in password when you hit return it goes to reset password. That happens every time!
Forgot password needs to be below the enter password box! -
All about emails and how they're used in NodeBBEmails . It is Nodebb's 'Elephant in the room' if I can be permitted to say.
Problems include outward registration emails not sending, particularly to gmail accounts. (which I understand are more to do with the email servers than Nodebb)
But, the whole email registration and password reset method needs a rethink.
Ive heard from others its the number 1 reason why people start using Nodebb then dont continue. -
Login issuesWhat is this error please?
Im trying to loggin in as admin with the correct password
Has been happening often recently
Error is invalid csrf token
-
Reconciling ActivityPub Deletes with NodeBB deletionJust my thought, but the whole Delete then Purge has always irritated me.
Delete should just be Delete.
If a Mod wants to temporarily hide something they could move post, or delete and keep a copy.
The only thing Delete then Purge does is add extra step to removing something! -
Confusion on where nodejs is installed?Yes, thanks both. I was confused!
-
Confusion on where nodejs is installed?Running two nodebb websites now
I got some help installing the second one and something looks odd to me.
The directories var/www/site1.com and var/www/site2.com both have directories called node_modules.
It seems node has been installed twice.
Does each website need its own node installation?
Surely there is a better way to organise it?So this is not related to my previous question if nodebb files need to be installed twice, its about node runtime itself.
I just assumed you only need one lot of that per server? -
Two NodeBB instances on same server@julian can you elaborate please about how that could be done with
'environment variables'?
I want to try it as it will make updating both quicker and save on storage