New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reset password form should has captcha #1071

Closed
yurem opened this Issue Aug 8, 2018 · 11 comments

Comments

Projects
None yet
5 participants
@yurem
Contributor

yurem commented Aug 8, 2018

We need to apply few changes to user reset functionality:

  1. We need to add captcha validation to password reset form.
  • oxTrust should display current form without captcha if admin decided to not enable it (current flow)
  • Show captcha if admin activated captcha config
  1. Remove section of code which send mail to not register e-mails. We also need to remove related messages from message resource files.
  2. Update message which we show after password reset If this email is associated with a user account in our system, you will receive an email with instructions to reset your password.

@yurem yurem added this to the 3.1.4 milestone Aug 8, 2018

@willow9886 willow9886 changed the title from Reset password form should has catcha to Reset password form should has captcha Aug 8, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Aug 8, 2018

This issue depends on #1072

@yurem

This comment has been minimized.

Contributor

yurem commented Aug 10, 2018

Second point is resolved.

shekhar16 added a commit that referenced this issue Aug 15, 2018

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Aug 15, 2018

image

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Aug 15, 2018

@yurem we already have captcha functionality in resetpassword and passwordreminder page.

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Aug 15, 2018

@yurem can we close #356 issue same as this one.

@willow9886

This comment has been minimized.

Contributor

willow9886 commented Aug 15, 2018

@shekhar16 there's no reason to take someone to a dedicated page with this text.. it should simply be a note on the password reset page.

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Aug 15, 2018

@willow9886 i agree ,I think 356 is related to mail content different from this one.

@willow9886

This comment has been minimized.

Contributor

willow9886 commented Aug 15, 2018

@shekhar16 yes, #356 is the content supplied in the email to the user.

@shekhar16 shekhar16 closed this Aug 21, 2018

@natt-tester

This comment has been minimized.

natt-tester commented Sep 12, 2018

@yurem, @shekhar16

  1. Done
    2. Not working correctly: after enabling captcha and sending an email I disabled it as an admin. After waiting a while + clearing cache + restarting oxauth, it's still in the form:

captcha1

  1. I think it's done -- tested with an unregistered email and got no password reset email
  2. Not updated in RC4 -- there are too many capital letters and no space marked in the picture. Also, I think a button taking the user back to the login page would be a nice enhancement. What do you think, @willow9886?
    reset_suc

@natt-tester natt-tester reopened this Sep 12, 2018

@willow9886

This comment has been minimized.

Contributor

willow9886 commented Sep 12, 2018

@natt-tester

Also, I think a button taking the user back to the login page would be a nice enhancement. What do you think, @willow9886?

Can we tell what page they were trying to access, and make sure we send them back to the login page with the right redirect URI baked in?

Instead of sending them to a new page that says.. "Please check your email.." would it be easier to just show a pop up message on the existing page?

Ideally its a good flow for the user, so something like this:

user --> app --> login (which, after success, would redirect back to the app, but since they don't have password....) --> reset password --> click validation email --> set new password --> redirect back to login page with the original redirect URI set

@natt-tester

This comment has been minimized.

natt-tester commented Sep 14, 2018

@shekhar16, there's no need for a new resetPasswordSucces page, just put the message in a pop-up still in passwordReminder.

shekhar16 added a commit that referenced this issue Sep 14, 2018

yurem added a commit that referenced this issue Sep 19, 2018

Merge pull request #1215 from GluuFederation/1071
#1071 : added condition for enable/disable captcha for captcha box on reset pwd set page.

yurem added a commit that referenced this issue Sep 19, 2018

syntrydy pushed a commit that referenced this issue Sep 23, 2018

syntrydy pushed a commit that referenced this issue Sep 23, 2018

syntrydy pushed a commit that referenced this issue Sep 23, 2018

@syntrydy syntrydy closed this Sep 23, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment