Martyn Houghton Posted December 12, 2018 Share Posted December 12, 2018 Can you advise on how long the automated links sent via the Customer Portal 'Forgotten Password' automate process are valid for? Most systems apply an expiry period on this type of links to stop interception/man in the middle attacks. Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorHarris Posted December 12, 2018 Share Posted December 12, 2018 It can be set with the setting security.guest.passwordPolicy.userResetResponseTimeout - the default is 24 hours. There is a similar setting for normal users as well:- Link to comment Share on other sites More sharing options...
Martyn Houghton Posted December 12, 2018 Author Share Posted December 12, 2018 @TrevorHarris Thanks for the prompt reply and as I now know the duration I was looking to update the system notification email template that get sent so that it says how long the link remain valid for, but it does not appear to be in the list system notifications emails available via the Email Template window? Is there any way to update this template? Cheers Martyn Link to comment Share on other sites More sharing options...
TrevorHarris Posted December 13, 2018 Share Posted December 13, 2018 Unfortunately, we don't have a template for this, however, these are controlled by the following translation strings so can be updated there: security.passwordResetRequest.authorisationRequestSubject security.passwordResetRequest.authorisationRequestMessage 1 Link to comment Share on other sites More sharing options...
Martyn Houghton Posted December 13, 2018 Author Share Posted December 13, 2018 @TrevorHarris Thanks for the pointer. Cheers Martyn Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now