overleaf/services/web/app/views/user/setPassword.pug
Alf Eaton a5637651b5 Add Content-Security-Policy header (#3783)
* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header

GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
2021-03-26 03:04:55 +00:00

61 lines
2 KiB
Text

extends ../layout
block content
main.content.content-alt
.container
.row
.col-md-6.col-md-offset-3.col-lg-4.col-lg-offset-4
.card
.page-header
h1 #{translate("reset_your_password")}
form(
async-form="password-reset",
name="passwordResetForm",
action="/user/password/set",
method="POST",
ng-cloak
)
input(type="hidden", name="_csrf", value=csrfToken)
.alert.alert-success(ng-show="passwordResetForm.response.success")
| #{translate("password_has_been_reset")}.
a(href='/login') #{translate("login_here")}
div(ng-show="passwordResetForm.response.error == true")
div(ng-switch="passwordResetForm.response.status")
.alert.alert-danger(ng-switch-when="404")
| #{translate('password_reset_token_expired')}
br
a(href="/user/password/reset")
| Request a new password reset email
.alert.alert-danger(ng-switch-when="400")
| #{translate('invalid_password')}
.alert.alert-danger(ng-switch-default)
| #{translate('error_performing_request')}
.form-group
input.form-control#passwordField(
type='password',
name='password',
placeholder='new password',
required,
ng-model="password",
autofocus,
complex-password
)
span.small.text-primary(ng-show="passwordResetForm.password.$error.complexPassword", ng-bind-html="complexPasswordErrorMessage")
input(
type="hidden",
name="passwordResetToken",
value=passwordResetToken
ng-non-bindable
)
.actions
button.btn.btn-primary(
type='submit',
ng-disabled="passwordResetForm.$invalid"
) #{translate("set_new_password")}
script(type="text/javascript", nonce=scriptNonce).
window.usersEmail = "#{getReqQueryParam('email')}"
window.passwordStrengthOptions = !{StringHelper.stringifyJsonForScript(settings.passwordStrengthOptions || {})}