Skip to content

Commit d3a4d76

Browse files
author
AJ ONeal
committed
allow current user to reset their own password
1 parent 378af8e commit d3a4d76

File tree

2 files changed

+19
-4
lines changed

2 files changed

+19
-4
lines changed

routers/routes/routes.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,10 @@ func RegisterRoutes(m *macaron.Macaron) {
185185
m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
186186

187187
// ***** START: User *****
188+
m.Group("/user", func() {
189+
m.Get("/reset_password", user.ResetPasswd)
190+
m.Post("/reset_password", user.ResetPasswdPost)
191+
})
188192
m.Group("/user", func() {
189193
m.Get("/login", user.SignIn)
190194
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
@@ -205,8 +209,6 @@ func RegisterRoutes(m *macaron.Macaron) {
205209
}, openIDSignInEnabled)
206210
m.Get("/sign_up", user.SignUp)
207211
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
208-
m.Get("/reset_password", user.ResetPasswd)
209-
m.Post("/reset_password", user.ResetPasswdPost)
210212
m.Group("/oauth2", func() {
211213
m.Get("/:provider", user.SignInOAuth)
212214
m.Get("/:provider/callback", user.SignInOAuthCallback)

routers/user/auth.go

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -859,8 +859,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
859859
ctx.Redirect(setting.AppSubURL + "/user/login")
860860
}
861861

862-
// SignOut sign out from login status
863-
func SignOut(ctx *context.Context) {
862+
func handleSignOut(ctx *context.Context) {
864863
ctx.Session.Delete("uid")
865864
ctx.Session.Delete("uname")
866865
ctx.Session.Delete("socialId")
@@ -870,6 +869,11 @@ func SignOut(ctx *context.Context) {
870869
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
871870
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
872871
ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
872+
}
873+
874+
// SignOut sign out from login status
875+
func SignOut(ctx *context.Context) {
876+
handleSignOut(ctx)
873877
ctx.Redirect(setting.AppSubURL + "/")
874878
}
875879

@@ -1139,6 +1143,8 @@ func ForgotPasswdPost(ctx *context.Context) {
11391143
func ResetPasswd(ctx *context.Context) {
11401144
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
11411145

1146+
// TODO for security and convenience, show the username / email here
1147+
11421148
code := ctx.Query("code")
11431149
if len(code) == 0 {
11441150
ctx.Error(404)
@@ -1179,6 +1185,10 @@ func ResetPasswdPost(ctx *context.Context) {
11791185
ctx.ServerError("UpdateUser", err)
11801186
return
11811187
}
1188+
1189+
// Just in case the user is signed in to another account
1190+
handleSignOut(ctx)
1191+
11821192
u.HashPassword(passwd)
11831193
u.MustChangePassword = false
11841194
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
@@ -1187,6 +1197,9 @@ func ResetPasswdPost(ctx *context.Context) {
11871197
}
11881198

11891199
log.Trace("User password reset: %s", u.Name)
1200+
1201+
// TODO change the former form to have password retype and remember me,
1202+
// then sign in here instead of redirecting
11901203
ctx.Redirect(setting.AppSubURL + "/user/login")
11911204
return
11921205
}

0 commit comments

Comments
 (0)