UX + Security current user password reset (#5042)

* allow current user to reset their own password * handle reset password edge cases properly and consistently * remove dangling assignment * properly label account recovery instead of reset password * remove 'Click here' from button * update English-only account-recovery templates
2025-08-04 00:28:36 +00:00 · 2019-04-18 01:23:59 -06:00
parent fdb933cd67
commit 6dbd261852
7 changed files with 104 additions and 61 deletions
--- a/templates/mail/auth/register_notify.tmpl
+++ b/templates/mail/auth/register_notify.tmpl
@@ -9,7 +9,7 @@
 	<p>Hi <b>{{.DisplayName}}</b>, this is your registration confirmation email for {{AppName}}!</p>
 	<p>You can now login via username: {{.Username}}.</p>
 	<p><a href="{{AppUrl}}user/login">{{AppUrl}}user/login</a></p>
-	<p>If this account has been created for you, please <a href="{{AppUrl}}user/forgot_password">reset your password</a> first.</p>
+	<p>If this account has been created for you, please <a href="{{AppUrl}}user/forgot_password">set your password</a> first.</p>
 	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
 </html>
--- a/templates/mail/auth/reset_passwd.tmpl
+++ b/templates/mail/auth/reset_passwd.tmpl
@@ -2,13 +2,14 @@
 <html>
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-	<title>{{.DisplayName}}, you have requested to reset your password</title>
+	<title>{{.DisplayName}}, you have requested to recover your account</title>
 </head>

 <body>
 	<p>Hi <b>{{.DisplayName}}</b>,</p>
-	<p>Please click the following link to reset your password within <b>{{.ResetPwdCodeLives}}</b>:</p>
-	<p><a href="{{AppUrl}}user/reset_password?code={{.Code}}">{{AppUrl}}user/reset_password?code={{.Code}}</a></p>
+	<p>Please click the following link to recover your account within <b>{{.ResetPwdCodeLives}}</b>:</p>
+
+	<p><a href="{{AppUrl}}user/recover_account?code={{.Code}}">{{AppUrl}}user/recover_account?code={{.Code}}</a></p>
 	<p>Not working? Try copying and pasting it to your browser.</p>
 	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
--- a/templates/user/auth/reset_passwd.tmpl
+++ b/templates/user/auth/reset_passwd.tmpl
@@ -10,11 +10,26 @@
 				</h2>
 				<div class="ui attached segment">
 					{{template "base/alert" .}}
+					{{if .user_email }}
+						<div class="inline field">
+							<label for="user_name">{{.i18n.Tr "email"}}</label>
+							<input id="user_name" type="text" value="{{ .user_email }}" disabled>
+						</div>
+					{{end}}
 					{{if .IsResetForm}}
 						<div class="required inline field {{if .Err_Password}}error{{end}}">
 							<label for="password">{{.i18n.Tr "password"}}</label>
 							<input id="password" name="password" type="password"  value="{{.password}}" autocomplete="off" autofocus required>
 						</div>
+						{{if not .user_signed_in}}
+						<div class="inline field">
+							<label></label>
+							<div class="ui checkbox">
+								<label>{{.i18n.Tr "auth.remember_me"}}</label>
+								<input name="remember" type="checkbox">
+							</div>
+						</div>
+						{{end}}
 						<div class="ui divider"></div>
 						<div class="inline field">
 							<label></label>