github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[PR #5042] [MERGED] UX + Security current user password reset #17607

New Issue
Closed
opened 2025-11-02 14:25:00 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-02 14:25:00 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/5042
Author: @coolaj86
Created: 10/7/2018
Status: Merged
Merged: 4/18/2019
Merged by: @lafriks

Base: masterHead: ux-current-user-password-reset

📝 Commits (7)

  • 4e0b451 allow current user to reset their own password
  • a93b4ef handle reset password edge cases properly and consistently
  • 44f943e remove dangling assignment
  • 87314f2 properly label account recovery instead of reset password
  • e7a01b6 remove 'Click here' from button
  • 3839984 update English-only account-recovery templates
  • 1688720 Merge branch 'master' into ux-current-user-password-reset

📊 Changes

7 files changed (+100 additions, -57 deletions)

View changed files

📝 models/mail.go (+1 -1)
📝 options/locale/locale_en-US.ini (+9 -7)
📝 routers/routes/routes.go (+2 -2)
📝 routers/user/auth.go (+68 -43)
📝 templates/mail/auth/register_notify.tmpl (+1 -1)
📝 templates/mail/auth/reset_passwd.tmpl (+4 -3)
📝 templates/user/auth/reset_passwd.tmpl (+15 -0)

📄 Description

Follow up to https://github.com/go-gitea/gitea/pull/5034

I'll annotate these a little later, but it's combos for these states:

  • not logged in
  • logged in as expected user
  • logged in as an unexpected user
  • valid code
  • invalid code (or expired code)

Default Condition

  • Not logged In
  • Valid Reset Code

Result

  • Shows email of user for whom the password is to be reset
  • Shows "Remember me"
  • Signs in the user

screen shot 2018-10-07 at 11 15 55 am

Logged In

  • Already Logged In
  • Valid Reset Code

Result

  • Shows email of user for whom the password is to be reset
  • Doesn't show "Remember me"
  • Renews user session

screen shot 2018-10-07 at 11 15 31 am

Invalid Code

  • Login Status N/A
  • Invalid Code

Result

  • Error about invalid code
  • Submits to same error page (could probably just disable submit)

screen shot 2018-10-07 at 11 14 22 am

Invalid User

  • User Logged in as FOO USER
  • Valid Code for BAR USER

Result

  • Error about mismatch user
  • Submits to same error page (could probably just disable submit)

screen shot 2018-10-07 at 11 13 35 am

screen shot 2018-10-07 at 11 13 49 am

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/5042 **Author:** [@coolaj86](https://github.com/coolaj86) **Created:** 10/7/2018 **Status:** ✅ Merged **Merged:** 4/18/2019 **Merged by:** [@lafriks](https://github.com/lafriks) **Base:** `master` ← **Head:** `ux-current-user-password-reset` --- ### 📝 Commits (7) - [`4e0b451`](https://github.com/go-gitea/gitea/commit/4e0b4516b9371e1de4098cc8061149ae8a87fbfd) allow current user to reset their own password - [`a93b4ef`](https://github.com/go-gitea/gitea/commit/a93b4efb48049d62dc35b835a6bf178199118c7d) handle reset password edge cases properly and consistently - [`44f943e`](https://github.com/go-gitea/gitea/commit/44f943e5eae836c276161a29eb823fc386d87364) remove dangling assignment - [`87314f2`](https://github.com/go-gitea/gitea/commit/87314f2f552e12ae193fc64c0fcb2c458b351b99) properly label account recovery instead of reset password - [`e7a01b6`](https://github.com/go-gitea/gitea/commit/e7a01b6cead4763527f0d4f2f7486b7b1966a9b1) remove 'Click here' from button - [`3839984`](https://github.com/go-gitea/gitea/commit/383998494c960f9c6acbea6cd49d7260f65782bd) update English-only account-recovery templates - [`1688720`](https://github.com/go-gitea/gitea/commit/16887206ee28fd7c72f8b4f3853abb4bf10dbdfd) Merge branch 'master' into ux-current-user-password-reset ### 📊 Changes **7 files changed** (+100 additions, -57 deletions) <details> <summary>View changed files</summary> 📝 `models/mail.go` (+1 -1) 📝 `options/locale/locale_en-US.ini` (+9 -7) 📝 `routers/routes/routes.go` (+2 -2) 📝 `routers/user/auth.go` (+68 -43) 📝 `templates/mail/auth/register_notify.tmpl` (+1 -1) 📝 `templates/mail/auth/reset_passwd.tmpl` (+4 -3) 📝 `templates/user/auth/reset_passwd.tmpl` (+15 -0) </details> ### 📄 Description Follow up to https://github.com/go-gitea/gitea/pull/5034 I'll annotate these a little later, but it's combos for these states: * not logged in * logged in as expected user * logged in as an unexpected user * valid code * invalid code (or expired code) Default Condition ------------------ * Not logged In * Valid Reset Code Result * Shows email of user for whom the password is to be reset * Shows "Remember me" * Signs in the user ![screen shot 2018-10-07 at 11 15 55 am](https://user-images.githubusercontent.com/122831/46585312-94493e80-ca2c-11e8-9292-443e12fe9856.png) Logged In ---------- * Already Logged In * Valid Reset Code Result * Shows email of user for whom the password is to be reset * Doesn't show "Remember me" * Renews user session ![screen shot 2018-10-07 at 11 15 31 am](https://user-images.githubusercontent.com/122831/46585313-94493e80-ca2c-11e8-8da0-bb1109784704.png) Invalid Code ---------- * Login Status N/A * Invalid Code Result * Error about invalid code * Submits to same error page (could probably just disable submit) ![screen shot 2018-10-07 at 11 14 22 am](https://user-images.githubusercontent.com/122831/46585314-94493e80-ca2c-11e8-91dd-48722faf56ec.png) Invalid User ---------- * User Logged in as FOO USER * Valid Code for BAR USER Result * Error about mismatch user * Submits to same error page (could probably just disable submit) ![screen shot 2018-10-07 at 11 13 35 am](https://user-images.githubusercontent.com/122831/46585316-94e1d500-ca2c-11e8-92b4-7fa6e6f00020.png) ![screen shot 2018-10-07 at 11 13 49 am](https://user-images.githubusercontent.com/122831/46585315-94493e80-ca2c-11e8-8578-4059c8a4a33d.png) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-02 14:25:00 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#17607
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?