Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does password change issue a new api_key? #1951

Closed
eliotsykes opened this issue Apr 6, 2019 · 2 comments
Closed

Does password change issue a new api_key? #1951

eliotsykes opened this issue Apr 6, 2019 · 2 comments
Labels
attached PR

Comments

@eliotsykes
Copy link
Contributor

eliotsykes commented Apr 6, 2019
edited

(This question is a result of reading through these comments on the recent bootstrap-sass gem compromise: twbs/bootstrap-sass#1195 (comment))

Is the user's api_key reset when they change their password? I assumed it would be but I haven't found the code responsible. (I did find the User#reset_api_key! method, which is used by ApiKeysController#reset, but its not called when the user changes their password.)

If the api_key is not reset when the user's password changes - should it be?
@sonalkr132
Copy link
Member

Does password change issue a new api_key?

No it doesn't reset api key. api key reset button can be found on profile edit page.

should it be?

We could give user an option to reset api key on new password page. We probably don't want to enable it by default.

spk added a commit to spk/rubygems.org that referenced this issue Jun 10, 2019
@spk
Add reset api option on change password
d0d7d80 
ref rubygems#1951
@spk spk mentioned this issue Jun 10, 2019
Merged
@sonalkr132
Copy link
Member

Closed by #2027

Lastimoso pushed a commit to Lastimoso/rubygems.org that referenced this issue Jul 23, 2019
@spk @Lastimoso
Add reset api option on change password
8834cef 
ref rubygems#1951
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
attached PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eliotsykes @sonalkr132