-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve "must-change-password" logic and document #30472
Improve "must-change-password" logic and document #30472
Conversation
return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength) | ||
return fmt.Errorf("password is not long enough, needs to be at least %d characters", setting.MinPasswordLength) | ||
case errors.Is(err, password.ErrComplexity): | ||
return errors.New("Password does not meet complexity requirements") | ||
return errors.New("password does not meet complexity requirements") | ||
case errors.Is(err, password.ErrIsPwned): | ||
return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords") | ||
return errors.New("the password is in a list of stolen passwords previously exposed in public data breaches, please try again with a different password, to see more details: https://haveibeenpwned.com/Passwords") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't these errors shown to the user?
So, shouldn't they be correct English instead of Go error messages?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -95,7 +94,7 @@ Admin operations: | |||
- Options: | |||
- `--username value`, `-u value`: Username. Required. | |||
- `--password value`, `-p value`: New password. Required. | |||
- `--must-change-password`: If provided, the user is required to choose a new password after the login. Optional. | |||
- `--must-change-password`: The user is required to set a new password after the login, default: true. It could be disabled by `--must-change-password=false`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- `--must-change-password`: The user is required to set a new password after the login, default: true. It could be disabled by `--must-change-password=false`. | |
- `--must-change-password`: The user must set a new password after login, default: true. Can be disabled using `--must-change-password=false`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can be disabled using ...
doesn't seem correct English 🤣
I think it should be "be disabled by something"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unify the behaviors of "user create" and "user change-password". Co-authored-by: KN4CK3R <[email protected]>
Backport #30472 by wxiaoguang Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: KN4CK3R <[email protected]>
* origin/main: (35 commits) Remove fomantic button module (go-gitea#30475) Improve "must-change-password" logic and document (go-gitea#30472) Fix commitstatus summary (go-gitea#30431) Remove fomantic menu module (go-gitea#30325) Use `flex-container` for dashboard layout (go-gitea#30214) Rewrite and restyle reaction selector and enable no-sizzle eslint rule (go-gitea#30453) Pulse page improvements (go-gitea#30149) Fix JS error when opening to expanded code comment (go-gitea#30463) fix: Fix to delete cookie when AppSubURL is non-empty (go-gitea#30375) Add `interface{}` to `any` replacement to `make fmt`, exclude `*.pb.go` (go-gitea#30461) Fix network error when open/close organization/individual projects and redirect to project page (go-gitea#30387) Avoid losing token when updating mirror settings (go-gitea#30429) Fix label rendering (go-gitea#30456) Add comment for ContainsRedirectURI about the exact match (go-gitea#30457) Update JS and PY deps, lock eslint and related plugins (go-gitea#30452) Refactor cache and disable go-chi cache (go-gitea#30417) Fix admin notice view-detail (go-gitea#30450) Fix mirror error when mirror repo is empty (go-gitea#30432) Add `/public/assets/img/webpack` to ignore files again (go-gitea#30451) Lock a few tool dependencies to major versions (go-gitea#30439) ...
* origin/main: Improve flex ellipsis (go-gitea#30479) Remove fomantic button module (go-gitea#30475) Improve "must-change-password" logic and document (go-gitea#30472) Fix commitstatus summary (go-gitea#30431) Remove fomantic menu module (go-gitea#30325) Use `flex-container` for dashboard layout (go-gitea#30214) Rewrite and restyle reaction selector and enable no-sizzle eslint rule (go-gitea#30453) Pulse page improvements (go-gitea#30149) Fix JS error when opening to expanded code comment (go-gitea#30463) fix: Fix to delete cookie when AppSubURL is non-empty (go-gitea#30375) Add `interface{}` to `any` replacement to `make fmt`, exclude `*.pb.go` (go-gitea#30461) Fix network error when open/close organization/individual projects and redirect to project page (go-gitea#30387) Avoid losing token when updating mirror settings (go-gitea#30429)
* giteaofficial/main: [skip ci] Updated licenses and gitignores Revert 100% label max-width (go-gitea#30481) Improve flex ellipsis (go-gitea#30479) Remove fomantic button module (go-gitea#30475) Improve "must-change-password" logic and document (go-gitea#30472) Fix commitstatus summary (go-gitea#30431) Remove fomantic menu module (go-gitea#30325) Use `flex-container` for dashboard layout (go-gitea#30214) Rewrite and restyle reaction selector and enable no-sizzle eslint rule (go-gitea#30453) Pulse page improvements (go-gitea#30149)
Follow #27626 (comment)
Unify the behaviors of "user create" and "user change-password". The details are commented in code.
And fix a strange output in old code: