remember me, password reset

2026-01-30 10:08:41 +01:00
parent 4e5c25adbf
commit 20ce18ca74
18 changed files with 457 additions and 25 deletions
@@ -2,14 +2,15 @@

 ## Authentication & Authorization

- [ ] **Authentication system**
+- [x] **Authentication system**
  - [x] Sessions controller and views (login/logout)
  - [x] Email/password authentication with session management
  - [x] Login redirects (admin vs regular users)
  - [x] Logout functionality
-  - [ ] Password reset flow
-  - [ ] Rate limiting on login attempts
-  - [ ] Session management (remember me, session timeout)
+  - [x] Password reset flow (email-based, 1 hour expiry)
+  - [x] Rate limiting on login attempts (5 attempts, 15 minute lockout)
+  - [x] Session management (remember me for 2 weeks, 30 minute timeout)
+  - [x] Sign in status in the site header
 - [x] **Invitation system**
  - [x] Invitations controller (create, list, cancel)
  - [x] Invitation token generation