Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

Reset a password only once #44922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahus1 merged 2 commits into from
Jan 9, 2026
Merged

Reset a password only once #44922

ahus1 merged 2 commits into from
Jan 9, 2026

Conversation

@ahus1
Copy link
Contributor

@ahus1 ahus1 commented Dec 15, 2025

Closes #37231

@ahus1 ahus1 self-assigned this Dec 15, 2025
@ahus1 ahus1 force-pushed the is-37231-reset-password-only-once branch 4 times, most recently from 1ff90ac to c6081fd Compare December 21, 2025 21:31
@ahus1
Reset a password only once
c897d7b 
Closes keycloak#37231

Signed-off-by: Alexander Schwartz <[email protected]>
@ahus1 ahus1 force-pushed the is-37231-reset-password-only-once branch from c6081fd to c897d7b Compare January 8, 2026 12:19
@ahus1
Copy link
Contributor Author

ahus1 commented Jan 8, 2026

@pruivo - this touches the revoked token mechanism and applies it to reset password. Can you please have look at the ISPN parts? Let me know if you are OK to review the other parts as well, or if I should look for someone else.

Thanks!

@ahus1 ahus1 requested a review from pruivo January 8, 2026 12:34
@ahus1 ahus1 marked this pull request as ready for review January 8, 2026 14:54
@ahus1 ahus1 requested review from a team as code owners January 8, 2026 14:54
pruivo
pruivo previously approved these changes Jan 8, 2026
View reviewed changes
Copy link
Member

@pruivo pruivo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ISPN changes look fine to me 👍

@ahus1 ahus1 requested a review from rmartinc January 8, 2026 16:13
@ahus1
Copy link
Contributor Author

ahus1 commented Jan 8, 2026

@rmartinc - May I ask you for a review of this PR? Thanks!

rmartinc
rmartinc approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@rmartinc rmartinc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ahus1! I tested this and it works OK for me. I thought that that doing this we could have issues with email scanners, but your solution is OK. It re-checks the token at the end, so no problem if the URL is scanned. Just a minor comment in the test. I prefer to check the reset password and the error. I approved it, but consider adding the checks in the test.

@ahus1 @rmartinc
Update testsuite/integration-arquillian/tests/base/src/test/java/org/…
539c8e3 
…keycloak/testsuite/forms/ResetPasswordTest.java

Co-authored-by: Ricardo Martin <[email protected]>
Signed-off-by: Alexander Schwartz <[email protected]>
@ahus1 ahus1 enabled auto-merge (squash) January 9, 2026 11:44
rmartinc
rmartinc approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@rmartinc rmartinc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ahus1!

@ahus1 ahus1 merged commit 83f31b1 into keycloak:main Jan 9, 2026
82 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedroigor pedroigor pedroigor approved these changes

@pruivo pruivo pruivo left review comments

+1 more reviewer

@rmartinc rmartinc rmartinc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ahus1 ahus1

Labels

team/cloud-native team/core-clients team/core-iam team/sre

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Set New Password Multiple Times via Password Reset Function

4 participants

@ahus1 @pedroigor @pruivo @rmartinc