diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 48813dc2a..f5be1be19 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -184,6 +184,10 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues) // ***** START: User ***** + m.Group("/user", func() { + m.Get("/reset_password", user.ResetPasswd) + m.Post("/reset_password", user.ResetPasswdPost) + }) m.Group("/user", func() { m.Get("/login", user.SignIn) m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost) @@ -204,8 +208,6 @@ func RegisterRoutes(m *macaron.Macaron) { }, openIDSignInEnabled) m.Get("/sign_up", user.SignUp) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) - m.Get("/reset_password", user.ResetPasswd) - m.Post("/reset_password", user.ResetPasswdPost) m.Group("/oauth2", func() { m.Get("/:provider", user.SignInOAuth) m.Get("/:provider/callback", user.SignInOAuthCallback) diff --git a/routers/user/auth.go b/routers/user/auth.go index 759ff679b..9b59725b5 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -855,10 +855,10 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au // TODO LoginName should come from form.UserName... shouldn't it? u := &models.User{ - Name: form.UserName, - Email: form.Email, - Passwd: form.Password, - IsActive: !setting.Service.RegisterEmailConfirm, + Name: form.UserName, + Email: form.Email, + Passwd: form.Password, + IsActive: !setting.Service.RegisterEmailConfirm, } // This will link the account in such a way that it cannot be removed @@ -902,8 +902,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au handleRegister(ctx, u, form.Remember, true) } -// SignOut sign out from login status -func SignOut(ctx *context.Context) { +func handleSignOut(ctx *context.Context) { ctx.Session.Delete("uid") ctx.Session.Delete("uname") ctx.Session.Delete("socialId") @@ -913,6 +912,11 @@ func SignOut(ctx *context.Context) { ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state. +} + +// SignOut sign out from login status +func SignOut(ctx *context.Context) { + handleSignOut(ctx) ctx.Redirect(setting.AppSubURL + "/") } @@ -1144,6 +1148,8 @@ func ForgotPasswdPost(ctx *context.Context) { func ResetPasswd(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("auth.reset_password") + // TODO for security and convenience, show the username / email here + code := ctx.Query("code") if len(code) == 0 { ctx.Error(404) @@ -1184,6 +1190,10 @@ func ResetPasswdPost(ctx *context.Context) { ctx.ServerError("UpdateUser", err) return } + + // Just in case the user is signed in to another account + handleSignOut(ctx) + u.HashPassword(passwd) if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { ctx.ServerError("UpdateUser", err) @@ -1191,6 +1201,9 @@ func ResetPasswdPost(ctx *context.Context) { } log.Trace("User password reset: %s", u.Name) + + // TODO change the former form to have password retype and remember me, + // then sign in here instead of redirecting ctx.Redirect(setting.AppSubURL + "/user/login") return }