allow current user to reset their own password
This commit is contained in:
parent
378af8ea88
commit
d3a4d76d0e
|
|
@ -185,6 +185,10 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
|
m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
|
||||||
|
|
||||||
// ***** START: User *****
|
// ***** START: User *****
|
||||||
|
m.Group("/user", func() {
|
||||||
|
m.Get("/reset_password", user.ResetPasswd)
|
||||||
|
m.Post("/reset_password", user.ResetPasswdPost)
|
||||||
|
})
|
||||||
m.Group("/user", func() {
|
m.Group("/user", func() {
|
||||||
m.Get("/login", user.SignIn)
|
m.Get("/login", user.SignIn)
|
||||||
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
|
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
|
||||||
|
|
@ -205,8 +209,6 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
}, openIDSignInEnabled)
|
}, openIDSignInEnabled)
|
||||||
m.Get("/sign_up", user.SignUp)
|
m.Get("/sign_up", user.SignUp)
|
||||||
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
|
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
|
||||||
m.Get("/reset_password", user.ResetPasswd)
|
|
||||||
m.Post("/reset_password", user.ResetPasswdPost)
|
|
||||||
m.Group("/oauth2", func() {
|
m.Group("/oauth2", func() {
|
||||||
m.Get("/:provider", user.SignInOAuth)
|
m.Get("/:provider", user.SignInOAuth)
|
||||||
m.Get("/:provider/callback", user.SignInOAuthCallback)
|
m.Get("/:provider/callback", user.SignInOAuthCallback)
|
||||||
|
|
|
||||||
|
|
@ -859,8 +859,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/login")
|
ctx.Redirect(setting.AppSubURL + "/user/login")
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignOut sign out from login status
|
func handleSignOut(ctx *context.Context) {
|
||||||
func SignOut(ctx *context.Context) {
|
|
||||||
ctx.Session.Delete("uid")
|
ctx.Session.Delete("uid")
|
||||||
ctx.Session.Delete("uname")
|
ctx.Session.Delete("uname")
|
||||||
ctx.Session.Delete("socialId")
|
ctx.Session.Delete("socialId")
|
||||||
|
|
@ -870,6 +869,11 @@ func SignOut(ctx *context.Context) {
|
||||||
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
||||||
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
||||||
ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
|
ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
|
||||||
|
}
|
||||||
|
|
||||||
|
// SignOut sign out from login status
|
||||||
|
func SignOut(ctx *context.Context) {
|
||||||
|
handleSignOut(ctx)
|
||||||
ctx.Redirect(setting.AppSubURL + "/")
|
ctx.Redirect(setting.AppSubURL + "/")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1139,6 +1143,8 @@ func ForgotPasswdPost(ctx *context.Context) {
|
||||||
func ResetPasswd(ctx *context.Context) {
|
func ResetPasswd(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
|
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
|
||||||
|
|
||||||
|
// TODO for security and convenience, show the username / email here
|
||||||
|
|
||||||
code := ctx.Query("code")
|
code := ctx.Query("code")
|
||||||
if len(code) == 0 {
|
if len(code) == 0 {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
|
|
@ -1179,6 +1185,10 @@ func ResetPasswdPost(ctx *context.Context) {
|
||||||
ctx.ServerError("UpdateUser", err)
|
ctx.ServerError("UpdateUser", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Just in case the user is signed in to another account
|
||||||
|
handleSignOut(ctx)
|
||||||
|
|
||||||
u.HashPassword(passwd)
|
u.HashPassword(passwd)
|
||||||
u.MustChangePassword = false
|
u.MustChangePassword = false
|
||||||
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
|
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
|
||||||
|
|
@ -1187,6 +1197,9 @@ func ResetPasswdPost(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Trace("User password reset: %s", u.Name)
|
log.Trace("User password reset: %s", u.Name)
|
||||||
|
|
||||||
|
// TODO change the former form to have password retype and remember me,
|
||||||
|
// then sign in here instead of redirecting
|
||||||
ctx.Redirect(setting.AppSubURL + "/user/login")
|
ctx.Redirect(setting.AppSubURL + "/user/login")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue