Skip to content

Commit 0d701e4

Browse files
AJ ONealryanburnette
AJ ONeal
authored and
ryanburnette
committed
allow current user to reset their own password
1 parent c168095 commit 0d701e4

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

routers/routes/routes.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,10 @@ func RegisterRoutes(m *macaron.Macaron) {
253253
m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
254254

255255
// ***** START: User *****
256+
m.Group("/user", func() {
257+
m.Get("/reset_password", user.ResetPasswd)
258+
m.Post("/reset_password", user.ResetPasswdPost)
259+
})
256260
m.Group("/user", func() {
257261
m.Get("/login", user.SignIn)
258262
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
@@ -273,8 +277,6 @@ func RegisterRoutes(m *macaron.Macaron) {
273277
}, openIDSignInEnabled)
274278
m.Get("/sign_up", user.SignUp)
275279
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
276-
m.Get("/reset_password", user.ResetPasswd)
277-
m.Post("/reset_password", user.ResetPasswdPost)
278280
m.Group("/oauth2", func() {
279281
m.Get("/:provider", user.SignInOAuth)
280282
m.Get("/:provider/callback", user.SignInOAuthCallback)

routers/user/auth.go

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -893,8 +893,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
893893
ctx.Redirect(setting.AppSubURL + "/user/login")
894894
}
895895

896-
// SignOut sign out from login status
897-
func SignOut(ctx *context.Context) {
896+
func handleSignOut(ctx *context.Context) {
898897
ctx.Session.Delete("uid")
899898
ctx.Session.Delete("uname")
900899
ctx.Session.Delete("socialId")
@@ -904,6 +903,11 @@ func SignOut(ctx *context.Context) {
904903
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
905904
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
906905
ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
906+
}
907+
908+
// SignOut sign out from login status
909+
func SignOut(ctx *context.Context) {
910+
handleSignOut(ctx)
907911
ctx.Redirect(setting.AppSubURL + "/")
908912
}
909913

@@ -1178,6 +1182,8 @@ func ForgotPasswdPost(ctx *context.Context) {
11781182
func ResetPasswd(ctx *context.Context) {
11791183
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
11801184

1185+
// TODO for security and convenience, show the username / email here
1186+
11811187
code := ctx.Query("code")
11821188
if len(code) == 0 {
11831189
ctx.Error(404)
@@ -1222,6 +1228,10 @@ func ResetPasswdPost(ctx *context.Context) {
12221228
ctx.ServerError("UpdateUser", err)
12231229
return
12241230
}
1231+
1232+
// Just in case the user is signed in to another account
1233+
handleSignOut(ctx)
1234+
12251235
u.HashPassword(passwd)
12261236
u.MustChangePassword = false
12271237
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
@@ -1230,6 +1240,9 @@ func ResetPasswdPost(ctx *context.Context) {
12301240
}
12311241

12321242
log.Trace("User password reset: %s", u.Name)
1243+
1244+
// TODO change the former form to have password retype and remember me,
1245+
// then sign in here instead of redirecting
12331246
ctx.Redirect(setting.AppSubURL + "/user/login")
12341247
return
12351248
}

0 commit comments

Comments
 (0)