TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 15:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
docs-rate-limit
zitadel/internal
History
Livio Spring ffe6d41588 fix(login v1): handle password reset when authenticating with email or phone number (#10228) 
# Which Problems Are Solved

When authenticating with email or phone number in the login V1, users
were not able to request a password reset and would be given a "User not
found" error.
This was due to a check of the loginname of the auth request, which in
those cases would not match the user's stored loginname.

# How the Problems Are Solved

Switch to a check of the resolved userID in the auth request. (We still
check the user again, since the ID might be a placeholder for an unknown
user and we do not want to disclose any information by omitting a check
and reduce the response time.)

# Additional Changes

None

# Additional Context

- reported through support
- requires backport to v3.x
2025-07-10 09:29:26 +02:00
..
actions
fix(actions): handle empty deny list correctly (#9753)
2025-04-25 07:12:42 +00:00
activity
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
admin/repository/eventsourcing
fix(eventstore): use decimal, correct mirror (#9914)
2025-05-28 21:54:18 +00:00
api
fix(login v1): handle password reset when authenticating with email or phone number (#10228)
2025-07-10 09:29:26 +02:00
auth/repository
fix(login v1): ensure the user's organization is always set into the token context (#10221)
2025-07-09 16:51:13 +02:00
auth_request/repository
fix(login): correctly reload policies on auth request (#7839)
2024-04-24 08:44:55 +00:00
authz
feat: App API v2 (#10077)
2025-06-27 17:25:44 +02:00
cache
feat: federated logout for SAML IdPs (#9931)
2025-05-23 13:52:25 +02:00
command
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
config
Merge commit from fork
2025-05-02 13:44:24 +02:00
crypto
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
database
feat: Hosted login translation API (#10011)
2025-06-18 13:24:39 +02:00
domain
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
eventstore
feat: user api requests to resource API (#9794)
2025-06-04 07:17:23 +00:00
execution
fix(setup): reenable index creation (#9868)
2025-05-08 15:13:57 +00:00
feature
chore(oidc): remove feature flag for introspection triggers (#10132)
2025-06-30 05:48:04 +00:00
form
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
i18n
fix(login): avoid disallowed languages with custom texts (#9094)
2024-12-20 11:31:03 +01:00
iam
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
id
chore!: Introduce ZITADEL v3 (#9645)
2025-04-02 16:53:06 +02:00
idp
fix(api): return typed saml form post data in idp intent (#10136)
2025-06-30 15:07:33 +00:00
integration
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
logstore
migration
feat(projections): resource counters (#9979)
2025-06-03 14:15:30 +00:00
net
notification
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
org
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
project
feat: App API v2 (#10077)
2025-06-27 17:25:44 +02:00
protoc
feat: exchange gRPC server implementation to connectRPC (#10145)
2025-07-04 14:06:20 +00:00
qrcode
query
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
queue
feat: implement service ping (#10080)
2025-07-02 13:57:41 +02:00
renderer
chore: Replace deprecated io/ioutil functions with recommended alternatives (#9542)
2025-03-17 13:17:14 +00:00
repository
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
serviceping
fix(service ping): correct endpoint, validate and randomize default interval (#10166)
2025-07-04 13:45:15 +00:00
static
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
statik
telemetry
feat: add prometheus metrics on projection handlers (#9561)
2025-03-27 07:40:27 +01:00
test
feat: list users scim v2 endpoint (#9187)
2025-01-21 13:31:54 +01:00
user
feat: federated logout for SAML IdPs (#9931)
2025-05-23 13:52:25 +02:00
v2
feat: implement service ping (#10080)
2025-07-02 13:57:41 +02:00
view/repository
perf(query): remove transactions for queries (#8614)
2024-11-04 10:06:14 +01:00
webauthn
fix(webauthn): allow to use "old" passkeys/u2f credentials on session API (#10150)
2025-07-02 11:04:59 +00:00
zerrors
feat: create user scim v2 endpoint (#9132)
2025-01-09 12:46:36 +01:00