handle reset password edge cases properly and consistently
This commit is contained in:
parent
4c7727c3ed
commit
9d3690f8df
|
@ -211,7 +211,8 @@ email_not_associate = The email address is not associated with any account.
|
||||||
send_reset_mail = Click here to resend your password reset email
|
send_reset_mail = Click here to resend your password reset email
|
||||||
reset_password = Reset Your Password
|
reset_password = Reset Your Password
|
||||||
invalid_code = Your confirmation code is invalid or has expired.
|
invalid_code = Your confirmation code is invalid or has expired.
|
||||||
reset_password_helper = Click here to reset your password
|
reset_password_helper = Reset Password
|
||||||
|
reset_password_wrong_user = You are signed in as %s, but the password reset link is for %s
|
||||||
password_too_short = Password length cannot be less than %d characters.
|
password_too_short = Password length cannot be less than %d characters.
|
||||||
non_local_account = Non-local users can not update their password through the Gitea web interface.
|
non_local_account = Non-local users can not update their password through the Gitea web interface.
|
||||||
verify = Verify
|
verify = Verify
|
||||||
|
|
|
@ -1144,70 +1144,85 @@ func ForgotPasswdPost(ctx *context.Context) {
|
||||||
ctx.HTML(200, tplForgotPassword)
|
ctx.HTML(200, tplForgotPassword)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Keep consistent behavior between phases of password reset
|
||||||
|
func commonResetPassword(ctx *context.Context) *models.User {
|
||||||
|
code := ctx.Query("code")
|
||||||
|
|
||||||
|
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
|
||||||
|
ctx.Data["Code"] = code
|
||||||
|
|
||||||
|
if nil != ctx.User {
|
||||||
|
ctx.Data["user_signed_in"] = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(code) == 0 {
|
||||||
|
ctx.Flash.Error(ctx.Tr("auth.invalid_code"))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fail early, don't frustrate the user
|
||||||
|
u := models.VerifyUserActiveCode(code)
|
||||||
|
if u == nil {
|
||||||
|
ctx.Flash.Error(ctx.Tr("auth.invalid_code"))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Show the user that they are affecting the account that they intended to
|
||||||
|
ctx.Data["user_email"] = u.Email
|
||||||
|
|
||||||
|
if nil != ctx.User && u.ID != ctx.User.ID {
|
||||||
|
ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.User.Email, u.Email))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return u
|
||||||
|
}
|
||||||
|
|
||||||
// ResetPasswd render the reset password page
|
// ResetPasswd render the reset password page
|
||||||
func ResetPasswd(ctx *context.Context) {
|
func ResetPasswd(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
|
|
||||||
|
|
||||||
// TODO for security and convenience, show the username / email here
|
|
||||||
|
|
||||||
code := ctx.Query("code")
|
|
||||||
if len(code) == 0 {
|
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ctx.Data["Code"] = code
|
|
||||||
ctx.Data["IsResetForm"] = true
|
ctx.Data["IsResetForm"] = true
|
||||||
|
|
||||||
|
_ = commonResetPassword(ctx)
|
||||||
|
|
||||||
ctx.HTML(200, tplResetPassword)
|
ctx.HTML(200, tplResetPassword)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ResetPasswdPost response from reset password request
|
// ResetPasswdPost response from reset password request
|
||||||
func ResetPasswdPost(ctx *context.Context) {
|
func ResetPasswdPost(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
|
u := commonResetPassword(ctx)
|
||||||
|
if nil == u {
|
||||||
code := ctx.Query("code")
|
// Flash Error has been set
|
||||||
if len(code) == 0 {
|
ctx.HTML(200, tplResetPassword)
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ctx.Data["Code"] = code
|
|
||||||
|
|
||||||
if u := models.VerifyUserActiveCode(code); u != nil {
|
|
||||||
// Validate password length.
|
|
||||||
passwd := ctx.Query("password")
|
|
||||||
if len(passwd) < setting.MinPasswordLength {
|
|
||||||
ctx.Data["IsResetForm"] = true
|
|
||||||
ctx.Data["Err_Password"] = true
|
|
||||||
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var err error
|
|
||||||
if u.Rands, err = models.GetUserSalt(); err != nil {
|
|
||||||
ctx.ServerError("UpdateUser", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if u.Salt, err = models.GetUserSalt(); err != nil {
|
|
||||||
ctx.ServerError("UpdateUser", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Just in case the user is signed in to another account
|
|
||||||
handleSignOut(ctx)
|
|
||||||
|
|
||||||
u.HashPassword(passwd)
|
|
||||||
if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil {
|
|
||||||
ctx.ServerError("UpdateUser", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Trace("User password reset: %s", u.Name)
|
|
||||||
|
|
||||||
// TODO change the former form to have password retype and remember me,
|
|
||||||
// then sign in here instead of redirecting
|
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/login")
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Data["IsResetFailed"] = true
|
// Validate password length.
|
||||||
ctx.HTML(200, tplResetPassword)
|
passwd := ctx.Query("password")
|
||||||
|
if len(passwd) < setting.MinPasswordLength {
|
||||||
|
ctx.Data["IsResetForm"] = true
|
||||||
|
ctx.Data["Err_Password"] = true
|
||||||
|
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
if u.Rands, err = models.GetUserSalt(); err != nil {
|
||||||
|
ctx.ServerError("UpdateUser", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if u.Salt, err = models.GetUserSalt(); err != nil {
|
||||||
|
ctx.ServerError("UpdateUser", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
u.HashPassword(passwd)
|
||||||
|
if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil {
|
||||||
|
ctx.ServerError("UpdateUser", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Trace("User password reset: %s", u.Name)
|
||||||
|
|
||||||
|
remember := len(ctx.Query("remember")) != 0
|
||||||
|
handleSignInFull(ctx, u, remember, true)
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,11 +10,26 @@
|
||||||
</h2>
|
</h2>
|
||||||
<div class="ui attached segment">
|
<div class="ui attached segment">
|
||||||
{{template "base/alert" .}}
|
{{template "base/alert" .}}
|
||||||
|
{{if .user_email }}
|
||||||
|
<div class="inline field">
|
||||||
|
<label for="user_name">{{.i18n.Tr "email"}}</label>
|
||||||
|
<input id="user_name" type="text" value="{{ .user_email }}" disabled>
|
||||||
|
</div>
|
||||||
|
{{end}}
|
||||||
{{if .IsResetForm}}
|
{{if .IsResetForm}}
|
||||||
<div class="required inline field {{if .Err_Password}}error{{end}}">
|
<div class="required inline field {{if .Err_Password}}error{{end}}">
|
||||||
<label for="password">{{.i18n.Tr "password"}}</label>
|
<label for="password">{{.i18n.Tr "password"}}</label>
|
||||||
<input id="password" name="password" type="password" value="{{.password}}" autocomplete="off" autofocus required>
|
<input id="password" name="password" type="password" value="{{.password}}" autocomplete="off" autofocus required>
|
||||||
</div>
|
</div>
|
||||||
|
{{if not .user_signed_in}}
|
||||||
|
<div class="inline field">
|
||||||
|
<label></label>
|
||||||
|
<div class="ui checkbox">
|
||||||
|
<label>{{.i18n.Tr "auth.remember_me"}}</label>
|
||||||
|
<input name="remember" type="checkbox">
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{{end}}
|
||||||
<div class="ui divider"></div>
|
<div class="ui divider"></div>
|
||||||
<div class="inline field">
|
<div class="inline field">
|
||||||
<label></label>
|
<label></label>
|
||||||
|
|
Loading…
Reference in New Issue