Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement forgot password, added security updates
Some checks failed
Deploy / deploy (push) Successful in 1m28s
Details
Security Tests / security-non-db (push) Failing after 18s
Details
Security Tests / security-db (push) Failing after 22s
Details

Browse Source
This commit is contained in:
Ricearoni1245
2026-03-01 21:47:15 -06:00
parent c7c72e8199
commit 15e0c0a88a
19 changed files with 761 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.env
View File

@@ -30,11 +30,16 @@ EMAIL_FROM=SkyMoney Budget <no-reply@skymoneybudget.com>
EMAIL_BOUNCE_FROM=bounces@skymoneybudget.com
EMAIL_REPLY_TO=support@skymoneybudget.com
UPDATE_NOTICE_VERSION=2
UPDATE_NOTICE_TITLE=SkyMoney Security Update
UPDATE_NOTICE_BODY=We strengthened OWASP security controls, auth protections, and deployment security checks.
UPDATE_NOTICE_VERSION=3
UPDATE_NOTICE_TITLE=SkyMoney Update
UPDATE_NOTICE_BODY=We shipped account security improvements, including a new password reset flow and stronger session protections.
ALLOW_INSECURE_AUTH_FOR_DEV=false
JWT_ISSUER=skymoney-api
JWT_AUDIENCE=skymoney-web
AUTH_MAX_FAILED_ATTEMPTS=5
AUTH_LOCKOUT_WINDOW_MS=900000
AUTH_LOCKOUT_WINDOW_MS=900000
PASSWORD_RESET_TTL_MINUTES=30
PASSWORD_RESET_RATE_LIMIT_PER_MINUTE=5
PASSWORD_RESET_CONFIRM_RATE_LIMIT_PER_MINUTE=10