Skip to content

RUN-4217: Document password reset link expiration#1792

Merged
fdevans merged 2 commits into
grails7-upgradefrom
docs/RUN-4217-password-reset-link-expiration
Apr 23, 2026
Merged

RUN-4217: Document password reset link expiration#1792
fdevans merged 2 commits into
grails7-upgradefrom
docs/RUN-4217-password-reset-link-expiration

Conversation

@gschueler
Copy link
Copy Markdown
Member

@gschueler gschueler commented Apr 17, 2026
edited
Loading

Summary

  • Adds a new Link Expiration section to docs/manual/user-management/password-reset.md documenting the configurable TTL for password reset links introduced in rundeckpro/rundeckpro#4623
  • Documents the new config key rundeck.security.dblogin.resetLink.maxDuration (default 7d, supports d/h/m formats)
  • Notes that expired links return a 403 error (same as invalid tokens) and that admins must generate a new link — no self-service resend
  • Adds the config key to the Additional Configs reference list

Related

  • PR: rundeckpro/rundeckpro#4623
  • Jira: RUN-4217

Test plan

  • Verify the new section renders correctly on the Password Reset page in the dev server (npm run docs:dev)
  • Confirm rundeck.security.dblogin.resetLink.maxDuration appears in the Additional Configs list
  • Check no broken links or formatting issues

🤖 Generated with Claude Code

@gschueler @claude
Document password reset link expiration (RUN-4217)
101b24d 
Add Link Expiration section to password-reset.md documenting the new
configurable TTL for reset links (default 7d), the config key
rundeck.security.dblogin.resetLink.maxDuration, supported duration
formats, and the 403 behavior on expiry. Also note the lack of a
self-service resend flow and add the config key to Additional Configs.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
@gschueler gschueler requested review from a team and Copilot April 17, 2026 16:25
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds documentation for the new configurable password reset link TTL so admins understand how long reset links remain valid and how to tune/operate the behavior.

Changes:

  • Adds a Link Expiration section explaining default behavior (7 days), supported duration formats, and admin actions when links expire.
  • Documents the new config key rundeck.security.dblogin.resetLink.maxDuration, including defaults and format constraints.
  • Adds the config key to the Additional Configs reference list.

Comment thread docs/manual/user-management/password-reset.md Outdated

To change the expiration duration, set the following in `rundeck-config.properties` or *Configuration Management*:

`rundeck.security.dblogin.resetLink.maxDuration = <duration>`
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This property example uses spaces around =. Since this page already shows rundeck.password.reset.enabled=true without spaces (and other docs warn that spaces can matter in some contexts), consider switching this to key=value formatting to make copy/paste usage consistent and unambiguous.

Suggested change
`rundeck.security.dblogin.resetLink.maxDuration = <duration>`
`rundeck.security.dblogin.resetLink.maxDuration=<duration>`

Copilot uses AI. Check for mistakes.
Comment thread docs/manual/user-management/password-reset.md Outdated
Comment on lines +30 to +31
Password reset links expire after a configurable duration. By default, links expire after **7 days**. Expired links return a 403 error, treated the same as invalid tokens.

Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For clarity/precision, consider referring to this as an "HTTP 403 (Forbidden)" response (and/or "403 Forbidden") rather than a generic "403 error", since readers may not immediately connect it to HTTP status codes.

Copilot uses AI. Check for mistakes.
@gschueler gschueler changed the title Document password reset link expiration (RUN-4217) RUN-4217: Document password reset link expiration Apr 17, 2026
@gschueler gschueler added this to the 6.0.0 milestone Apr 17, 2026
@gschueler
Copy link
Copy Markdown
Member Author

gschueler commented Apr 17, 2026

@copilot address the suggestions

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 17, 2026
edited
Loading

@copilot address the suggestions

Addressed in commit 7cc21f5.

  • Updated the config example to rundeck.security.dblogin.resetLink.maxDuration=<duration>.
  • Updated both references from 403 error to HTTP 403 (Forbidden) response.

Screenshot of the rendered docs section: https://github.com/user-attachments/assets/6a9e8e78-5537-409a-842c-2150c310f8bf

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • scarf.sh
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

@fdevans fdevans changed the base branch from 4.0.x to grails7-upgrade April 23, 2026 14:04
@fdevans fdevans merged commit a5b3c29 into grails7-upgrade Apr 23, 2026
2 of 3 checks passed
@fdevans fdevans deleted the docs/RUN-4217-password-reset-link-expiration branch April 23, 2026 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fdevans fdevans fdevans approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

6.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@gschueler @fdevans