Skip to content

Commit

Permalink
CB/bp: Fix error on account activation with wrong passwd (go-gitea#22609
Browse files Browse the repository at this point in the history
)

On activating local accounts, the error message didn't differentiate
between using a wrong or expired token, or a wrong password. The result
could already be obtained from the behaviour (different screens were
presented), but the error message was misleading and lead to confusion
for new users on Codeberg with Forgejo.

Now, entering a wrong password for a valid token prints a different
error message.

The problem was introduced in 0f14f69.

Co-authored-by: Lunny Xiao <[email protected]>
  • Loading branch information
2 people authored and Codeberg Admins @ build committed Feb 23, 2023
1 parent 45dcaec commit 0cbe5ea
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 4 deletions.
1 change: 1 addition & 0 deletions options/locales/gitea_en-US.ini
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ email_not_associate = The email address is not associated with any account.
send_reset_mail = Send Account Recovery Email
reset_password = Account Recovery
invalid_code = Your confirmation code is invalid or has expired.
invalid_password = Your password does not match the password that was used to create the account.
reset_password_helper = Recover Account
reset_password_wrong_user = You are signed in as %s, but the account recovery link is for %s
password_too_short = Password length cannot be less than %d characters.
Expand Down
6 changes: 3 additions & 3 deletions routers/web/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -687,7 +687,7 @@ func Activate(ctx *context.Context) {
user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsCodeInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
Expand All @@ -714,7 +714,7 @@ func ActivatePost(ctx *context.Context) {
user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsCodeInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
Expand All @@ -729,7 +729,7 @@ func ActivatePost(ctx *context.Context) {
return
}
if !user.ValidatePassword(password) {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsPasswordInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
Expand Down
4 changes: 3 additions & 1 deletion templates/user/auth/activate.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,10 @@
<input id="code" name="code" type="hidden" value="{{.Code}}">
{{else if .IsSendRegisterMail}}
<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
{{else if .IsActivateFailed}}
{{else if .IsCodeInvalid}}
<p>{{.locale.Tr "auth.invalid_code"}}</p>
{{else if .IsPasswordInvalid}}
<p>{{.locale.Tr "auth.invalid_password"}}</p>
{{else if .ManualActivationOnly}}
<p class="center">{{.locale.Tr "auth.manual_activation_only"}}</p>
{{else}}
Expand Down

0 comments on commit 0cbe5ea

Please sign in to comment.