mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
3288f87dbe
* [web] set-password: reject same as current password * [web] Add 'peek' operation on tokens This allows us to improve the UX of the reset-password form, by not invalidating the token in the case where the new password will be rejected by validation logic. We give up to three attempts before invalidating the token. * [web] Add hide-on-error feature to async forms This allows us to hide the form elements when certain named error conditions occur. * [web] reset-password: handle same-password rejection We also change the implementation to use the new peekValueFromToken API, and to expire the token explicitely after it has been used to set the new password. * [web] Validate OneTimeToken when loading password reset form * [web] Rate limit GET: /user/password/set Now that we are peeking at OneTimeToken when accessing this page, we add rate to the GET request, matching that of the POST request. * [web] Tidy up pug layout and mongo query for token peeking Co-authored-by: Mathias Jakobsen <mathias.jakobsen@overleaf.com> GitOrigin-RevId: 835205cc7c7ebe1209ee8e5b693efeb939a3056a
70 lines
2 KiB
Text
70 lines
2 KiB
Text
extends ../layout-marketing
|
|
|
|
block content
|
|
main.content.content-alt#main-content
|
|
.container
|
|
.row
|
|
.col-md-6.col-md-offset-3.col-lg-4.col-lg-offset-4
|
|
.card
|
|
.page-header
|
|
h1 #{translate("reset_your_password")}
|
|
form(
|
|
data-ol-async-form,
|
|
name="passwordResetForm",
|
|
action="/user/password/set",
|
|
method="POST",
|
|
data-ol-hide-on-error="token-expired"
|
|
)
|
|
div.alert.alert-success(
|
|
hidden
|
|
role="alert"
|
|
aria-live="assertive"
|
|
data-ol-sent
|
|
)
|
|
| #{translate("password_has_been_reset")}.
|
|
br
|
|
a(href='/login') #{translate("login_here")}
|
|
|
|
div(data-ol-not-sent)
|
|
+formMessages()
|
|
|
|
+customFormMessage('token-expired', 'danger')
|
|
| #{translate('password_reset_token_expired')}
|
|
br
|
|
a(href="/user/password/reset")
|
|
| #{translate('request_new_password_reset_email')}
|
|
|
|
+customFormMessage('invalid-password', 'danger')
|
|
| #{translate('invalid_password')}
|
|
|
|
+customFormMessage('password-must-be-different', 'danger')
|
|
| #{translate('password_change_password_must_be_different')}
|
|
|
|
input(type="hidden", name="_csrf", value=csrfToken)
|
|
input(type="hidden", name="email", value=email)
|
|
|
|
.form-group
|
|
input.form-control#passwordField(
|
|
type='password',
|
|
name='password',
|
|
placeholder='new password',
|
|
autocomplete="new-password",
|
|
autofocus,
|
|
required,
|
|
minlength=settings.passwordStrengthOptions.length.min
|
|
)
|
|
input(
|
|
type="hidden",
|
|
name="passwordResetToken",
|
|
value=passwordResetToken
|
|
)
|
|
.actions
|
|
button.btn.btn-primary(
|
|
type='submit',
|
|
data-ol-disabled-inflight
|
|
aria-label=translate('set_new_password')
|
|
)
|
|
span(data-ol-inflight="idle")
|
|
| #{translate('set_new_password')}
|
|
span(hidden data-ol-inflight="pending")
|
|
| #{translate('set_new_password')}…
|