Add more descriptive error on forgot password page (#26848)

## Changes
- Forces flashed error to render immediately when forgot password code
is incorrect or has expired.
- Adds a link back to the `forgot_password` page so that the user can
restart the process (in the event that their link has expired)
This commit is contained in:
Jack Hay 2023-09-01 12:15:39 -04:00 committed by GitHub
parent 04771b5ff7
commit 9881b8a4e2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 4 deletions

View file

@ -379,6 +379,7 @@ email_not_associate = The email address is not associated with any account.
send_reset_mail = Send Account Recovery Email send_reset_mail = Send Account Recovery Email
reset_password = Account Recovery reset_password = Account Recovery
invalid_code = Your confirmation code is invalid or has expired. invalid_code = Your confirmation code is invalid or has expired.
invalid_code_forgot_password = Your confirmation code is invalid or has expired. Click <a href="%s">here</a> to start a new session.
invalid_password = Your password does not match the password that was used to create the account. invalid_password = Your password does not match the password that was used to create the account.
reset_password_helper = Recover Account reset_password_helper = Recover Account
reset_password_wrong_user = You are signed in as %s, but the account recovery link is meant for %s reset_password_wrong_user = You are signed in as %s, but the account recovery link is meant for %s

View file

@ -5,6 +5,7 @@ package auth
import ( import (
"errors" "errors"
"fmt"
"net/http" "net/http"
"code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/auth"
@ -108,14 +109,14 @@ func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFacto
} }
if len(code) == 0 { if len(code) == 0 {
ctx.Flash.Error(ctx.Tr("auth.invalid_code")) ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
return nil, nil return nil, nil
} }
// Fail early, don't frustrate the user // Fail early, don't frustrate the user
u := user_model.VerifyUserActiveCode(code) u := user_model.VerifyUserActiveCode(code)
if u == nil { if u == nil {
ctx.Flash.Error(ctx.Tr("auth.invalid_code")) ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
return nil, nil return nil, nil
} }
@ -134,7 +135,7 @@ func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFacto
ctx.Data["user_email"] = u.Email ctx.Data["user_email"] = u.Email
if nil != ctx.Doer && u.ID != ctx.Doer.ID { if nil != ctx.Doer && u.ID != ctx.Doer.ID {
ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email)) ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email), true)
return nil, nil return nil, nil
} }

View file

@ -57,7 +57,7 @@
{{end}} {{end}}
</div> </div>
{{else}} {{else}}
<p class="center">{{.locale.Tr "auth.invalid_code"}}</p> <p class="center">{{.locale.Tr "auth.invalid_code_forgot_password" (printf "%s/user/forgot_password" AppSubUrl) | Str2html}}</p>
{{end}} {{end}}
</div> </div>
</form> </form>