You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/01/07 19:18:05 UTC
[GitHub] muraiki commented on issue #2731: Give users the rights to change
their password
muraiki commented on issue #2731: Give users the rights to change their password
URL: https://github.com/apache/incubator-superset/issues/2731#issuecomment-452049075
One workaround is to grant a role only the `can this form post on ResetMyPasswordView` and `can this form get on ResetMyPasswordView` permissions, then have the users manually go to your Superset URL + `/resetmypassword/form` to reset their password.
Using the Network developer tool in Firefox, I verified that only the password (and a CSRF token) is sent in the POST request -- there's no user ID, so this doesn't appear to open a way to reset other users' passwords.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org