Verify password for local-account activation (#13631)

* Verify passwords for activation This is to prevent 3rd party activation * Fix function comment * only veify password on local-account aktivation * fix lint * Update templates/user/auth/activate.tmpl Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Andreas Shimokawa <shimokawa@fsfe.org> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2025-07-22 18:28:37 +00:00 · 2020-11-28 23:41:06 +01:00
parent e82150d41b
commit 0f14f69e60
2 changed files with 64 additions and 34 deletions
--- a/templates/user/auth/activate.tmpl
+++ b/templates/user/auth/activate.tmpl
@@ -18,7 +18,19 @@
 							<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.SignedUser.Email|Escape) .ActiveCodeLives | Str2html}}</p>
 						{{end}}
 					{{else}}
-						{{if .IsSendRegisterMail}}
+						{{if .NeedsPassword}}
+							<form class="ui form" action="/user/activate" method="post">
+								<div class="required inline field">
+									<label for="password">{{.i18n.Tr "password"}}</label>
+									<input id="password" name="password" type="password" autocomplete="off" required>
+								</div>
+								<div class="inline field">
+									<label></label>
+									<button class="ui green button">{{.i18n.Tr "install.confirm_password"}}</button>
+								</div>
+								<input id="code" name="code" type="hidden" value="{{.Code}}">
+							</form>
+						{{else if .IsSendRegisterMail}}
 							<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
 						{{else if .IsActivateFailed}}
 							<p>{{.i18n.Tr "auth.invalid_code"}}</p>