[Feature]: Remove the Reset Password Link in Log Entries and Provide an Alternative Method to Reset Password

[ame-appsmith]

Is there an existing issue for this?

• I have searched the existing issues

Summary

Entries such as the reset password link should not show up in the logs.
Some users might want to disable log entries for reset password links, considering this a security issue because other persons would be able to change the password of a user when accessing the server logs, while other users find it useful to be able to grab the link from the logs in case their email service does not work or users are not able to get the reset password email for some reason.
For users who are not able to reset their password for various reasons (e.g., misconfigured email service), we should provide another reset method (e.g., using the appsmithctl command).

Front thread

Why should this be worked on?

This would solve a security issue and improve the reset password experience for users.

[martzinj]

We need this from a compliance point of view, it represents a major security gap for us and should therefore be fixed as soon as possible so that impersonation is not possible via password reset links.

[Nikhil-Nandagopal]

@martzinj we'll look into this but generally for compliance we recommend using SSO and disabling form login so that you do not face this problem. Let me know if that is not an option for you.

[martzinj]

This is an option if you have the enterprise license, which we do not have.
So this would be an important change for all those who use the free version