huge icon indicating copy to clipboard operation
huge copied to clipboard

Published 20 hours ago verified publisher icon panique

#728 Encrypt user_id on account verification

Open OmarElgabry opened this issue 8 years ago • 8 comments

Instead of passing user_id in the URL as action method argument, passing the encrypted version of user_id in query parameter will work just fine. The link looks long and ugly :smile: but in case you want a solution for #728

OmarElgabry avatar Jan 05 '16 12:01 OmarElgabry

Thanks, looks very good! Would be cool if everybody who reads this could test it a little bit to make sure this is bulletproof in most possible browser/mailprovider/server/os-setup (there are sometimes problems when using complex strings with special characters in URLs).

panique avatar Jan 05 '16 15:01 panique

@slaveek It's fixed now, Thanks.

OmarElgabry avatar Jan 10 '16 14:01 OmarElgabry

You have changed the sendVerificationEmail() but what about sendPasswordResetMail() ? Do I need to change it too ?

borgogelli avatar Apr 26 '16 11:04 borgogelli

The password reset uses the user name instead of user id, that's why I changed sendVerificationEmail(). You can use the user id instead in sendPasswordResetMail(), encrypt it, and don't forget to pass it as a query argument.

OmarElgabry avatar Apr 28 '16 16:04 OmarElgabry

Hi @panique Will you be adding this to huge?

ghost avatar May 10 '16 06:05 ghost

Hi @di48l069, yes it's the plan but i had no time for review and merging yet :/ ... you know, working full time + summer is always tricky :)

panique avatar May 10 '16 08:05 panique

Hi @panique thank you for response haha I understand working full time is hectic no problem man i will just keep eye on pull request :P

Thanks for this amazing secure framework it has helped my projects alot

ghost avatar May 10 '16 09:05 ghost

v

Kayumba avatar Nov 13 '17 17:11 Kayumba