[PR #5034] [CLOSED] allow current user to reset their own password #17605

New Issue

GiteaMirror · 2025-11-02T14:23:59-06:00

GiteaMirror commented

2025-11-02 14:23:59 -06:00

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/5034
Author: @coolaj86
Created: 10/7/2018
Status: ❌ Closed

Base: master ← Head: current-user-password-reset

📝 Commits (1)

0d701e4 allow current user to reset their own password

📊 Changes

2 files changed (+19 additions, -4 deletions)

View changed files

📝 routers/routes/routes.go (+4 -2)
📝 routers/user/auth.go (+15 -2)

📄 Description

Re: https://github.com/go-gitea/gitea/issues/5008

The current logged-in user (which may have signed in via OAuth) is not able to reset their own password via email reset, because they cannot access the form.

Users can get to reset form logged in and logged out
Can attempt to reset password without being logged out
If password reset will be successful, user is logged out (and is redirected to login)

Beyond fixing the bug, these are some things I'd be open to adding now (but would prefer to wait until after this clears)

show username / email of user
- take some action if that's different from the current user?
treat reset password form the same as register & sign in (remember me, retype password)
invalidate the code once used
set time to 15 minutes rather than 3 hours

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/5034 **Author:** [@coolaj86](https://github.com/coolaj86) **Created:** 10/7/2018 **Status:** ❌ Closed **Base:** `master` ← **Head:** `current-user-password-reset` --- ### 📝 Commits (1) - [`0d701e4`](https://github.com/go-gitea/gitea/commit/0d701e4540c507946183be42b07f0af7af84d48a) allow current user to reset their own password ### 📊 Changes **2 files changed** (+19 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `routers/routes/routes.go` (+4 -2) 📝 `routers/user/auth.go` (+15 -2) </details> ### 📄 Description Re: https://github.com/go-gitea/gitea/issues/5008 The current logged-in user (which may have signed in via OAuth) is not able to reset their own password via email reset, because they cannot access the form. * [x] Users can get to reset form logged in and logged out * [x] Can attempt to reset password without being logged out * [x] If password reset will be successful, user is logged out (and is redirected to login) Beyond fixing the bug, these are some things I'd be open to adding now (but would prefer to wait until after this clears) * [ ] show username / email of user * [ ] take some action if that's different from the current user? * [ ] treat reset password form the same as register & sign in (remember me, retype password) * [ ] invalidate the code once used * [ ] set time to 15 minutes rather than 3 hours --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-02 14:23:59 -06:00

GiteaMirror closed this issue

2025-11-02 14:24:05 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#17605