Add lockout user for forgot password
What does this MR do and why?
- Add anti-lockout-user functionality
- Add API handler to take request from forgot password button
- Upon request create a user called anti-lockout-user with STRONG password
- Write credentials into a file in config directory chmod file to 600 perms
- Create schedule to delete anti-lockout-user account after 1 hour
- Do not list anti-lockout-user account in users list.
- Delete anti-lockout-user account on startup
Resolves #329 (closed) #78 (closed)
Screenshots or screen recordings
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
Have you checked this doesn't interfere/conflict/duplicate someone elses work? -
Have you fully tested your changes? -
Have you resolved any lint issues? -
Have you assigned a reviewer? -
Have you applied correct labels?
Edited by Iain Powrie