limit reset password identifiers

Question

limit reset password identifiers

Closed this issue a year ago · 7 comments

please make it possible to set it so you have to enter an email and cant enter usernames etc
im sick of being spammed with password reset requests by bots

Answer 1 · 2023-12-20T18:20:01.000Z

Settings to enable/disable each way of initiating a PWR have been added to the userpage settings.

Answer 2 · 2023-12-20T19:08:53.000Z

could you run a build pls

Answer 3 · 2023-12-20T19:38:44.000Z

an option to disable password resets for the jellyfin website but still have them for the user login page would also be awesome !

since currently you can still spam users just by knowing their username

Answer 4 · 2023-12-20T20:20:53.000Z

You can do this by just setting the password reset directory to something wrong.

Answer 5 · 2023-12-20T20:31:07.000Z

You can do this by just setting the password reset directory to something wrong.

would this stop emails etc too?

Answer 6 · 2023-12-20T21:04:08.000Z

Not quite sure what you mean, all this would do is make the "forgot password" page on Jellyfin from working.

Answer 7 · 2023-12-21T11:20:45.000Z

sounds good tysm