Permalink
Browse files

Improve password reset form

+ Try to avoid autocomplete for current password

  * The password was reset to a temporary value and thus
    autocompleting the old value in isn't helpful at all!

+ Remove notification about `Email verification successful`

+ Remove leading whitespace from password-reset email to
  make copy/paste easier
  • Loading branch information...
tanzer committed Jun 11, 2015
1 parent 44813ca commit 18013084e777860b8cd5a318a0320d1aa3a4f99a
Showing with 43 additions and 19 deletions.
  1. +8 −2 _GTW/_OMP/_Auth/Account_Handling.py
  2. +8 −7 _GTW/_RST/Auth_Mixin.py
  3. +12 −4 _GTW/_RST/_TOP/Auth.py
  4. +4 −3 _JNJ/email/reset_password.jnj
  5. +11 −3 _JNJ/html/form.jnj
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-# Copyright (C) 2010-2014 Martin Glueck All rights reserved
+# Copyright (C) 2010-2015 Martin Glueck All rights reserved
# Langstrasse 4, A--2244 Spannberg, Austria. martin@mangari.org
# ****************************************************************************
# This module is part of the package GTW.OMP.Auth.
@@ -32,6 +32,7 @@
# 28-Jan-2013 (CT) Fix spelling of `Action_Expired`
# 10-May-2013 (CT) Add `_Account_Action_.show_in_ui_T = False`
# 13-May-2013 (CT) Replace `auto_cache` by `link_ref_attr_name`
+# 11-Jun-2015 (CT) Move `description.default` to `Account_EMail_Verification`
# ««revision-date»»···
#--
@@ -165,7 +166,6 @@ class token (A_String) :
class description (A_String) :
kind = Attr.Const
- default = "Email verification successful."
max_length = 100
# end class description
@@ -195,6 +195,12 @@ class _Attributes (_Ancestor_Essence._Attributes) :
_Ancestor = _Ancestor_Essence._Attributes
+ class description (_Ancestor.description) :
+
+ default = "Email verification successful."
+
+ # end class description
+
class new_email (A_Email) :
"""The new email address for the linked account."""
View
@@ -1,9 +1,9 @@
# -*- coding: utf-8 -*-
-# Copyright (C) 2013-2014 Mag. Christian Tanzer All rights reserved
+# Copyright (C) 2013-2015 Mag. Christian Tanzer All rights reserved
# Glasauergasse 32, A--1130 Wien, Austria. tanzer@swing.co.at
# #*** <License> ************************************************************#
# This module is part of the package GTW.RST.
-#
+#
# This module is licensed under the terms of the BSD 3-Clause License
# <http://www.c-tanzer.at/license/bsd_3c.html>.
# #*** </License> ***********************************************************#
@@ -18,6 +18,7 @@
# Revision Dates
# 1-May-2013 (CT) Creation
# 6-May-2013 (CT) Change error format in `_authenticate`
+# 11-Jun-2015 (CT) Improve argument names of `_credentials_validation`
# ««revision-date»»···
#--
@@ -121,12 +122,12 @@ def get_password \
def _credentials_validation \
( self, resource, request
- , username = "username"
- , password = "password"
- , debug = False
+ , field_name_username = "username"
+ , field_name_password = "password"
+ , debug = False
) :
- username = self.get_username (request, username)
- password = self.get_password (request, password)
+ username = self.get_username (request, field_name_username)
+ password = self.get_password (request, field_name_password)
error_add = lambda e : self.errors [None].append (e)
if not username :
error_add (_T ("Please enter a username"))
View
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-# Copyright (C) 2012-2014 Mag. Christian Tanzer All rights reserved
+# Copyright (C) 2012-2015 Mag. Christian Tanzer All rights reserved
# Glasauergasse 32, A--1130 Wien, Austria. tanzer@swing.co.at
# #*** <License> ************************************************************#
# This module is part of the package GTW.RST.TOP.
@@ -55,6 +55,9 @@
# 3-Sep-2014 (CT) Add message to `Forbidden` of `_skip_render`
# 12-Oct-2014 (CT) Use `TFL.Secure_Hash`
# 12-Dec-2014 (CT) Factor `HTTP_POST_CRSF_Mixin`
+# 11-Jun-2015 (CT) Add `description` guard to `_Activate_.GET._response_body`
+# 11-Jun-2015 (CT) Add `field_name_password = current` to
+# `_Activate_.POST._response_body`
# ««revision-date»»···
#--
@@ -178,8 +181,9 @@ def _response_body (self, resource, request, response) :
try :
description = action.description
next = action.handle (resource)
- response.add_notification \
- (GTW.Notification (_T (description)))
+ if description :
+ response.add_notification \
+ (GTW.Notification (_T (description)))
raise HTTP_Status.See_Other (next)
except GTW.OMP.Auth.Action_Expired :
action.destroy ()
@@ -253,7 +257,11 @@ def _response_body (self, resource, request, response) :
top = resource.top
HTTP_Status = top.Status
self.errors = Errors ()
- self._credentials_validation (resource, request, debug = debug)
+ self._credentials_validation \
+ ( resource, request
+ , field_name_password = "current"
+ , debug = debug
+ )
new_password = self.get_password \
(request, "npassword", verify_field = "vpassword")
account = self.account
@@ -1,7 +1,7 @@
{%- extends "email/email.jnj" %}
{#- jinja template: reset_password.jnj -#}
{#
-## Copyright (C) 2010 Mag. Christian Tanzer All rights reserved
+## Copyright (C) 2010-2015 Mag. Christian Tanzer All rights reserved
## Glasauergasse 32, A--1130 Wien, Austria. tanzer@swing.co.at
## ****************************************************************************
## This template is part of the package JNJ.
@@ -19,6 +19,7 @@
##
## Revision Dates
## 15-Dec-2010 (CT) Creation
+## 11-Jun-2015 (CT) Remove leading blanks before `new_password` and `link`
## ««revision-date»»···
##--
#}
@@ -28,13 +29,13 @@
{{ GTW._T ("Your password was reset to the temporary value") -}}:
- {{ new_password }}
+{{ new_password }}
{{ GTW._T
("Please click the following link to change the temporary password to a new value")
-}}:
- {{ link }}
+{{ link }}
{%- endblock body -%}
View
@@ -86,6 +86,7 @@
## 7-Jun-2015 (CT) Change `maxlength` of `username` from `30` to `80`
## 9-Jun-2015 (CT) Add class `internal` to login button
## 9-Jun-2015 (CT) Remove `user.name` from `Logout` button
+## 11-Jun-2015 (CT) Try to avoid `autocomplete` for `password_change`
## ««revision-date»»···
##--
#}
@@ -448,14 +449,21 @@
{%- if (not next) or next.split ("?") [0].endswith (page.abs_href) %}
{%- set next = page.top.abs_href %}
{% endif -%}
- {% call form (action = action, ** kwargs) -%}
+ {% call form (action = action, autocomplete = "off", ** kwargs) -%}
{%- if l_caller -%}{{- l_caller () -}}{%- endif -%}
<ul>
<li class="account-name">{{ account.name }}</li>
{{- display_errors (errors, None) -}}
- <li><label for="F_password">{{ GTW._T ("Current Password") }}</label></li>
- <li>{{ X.input.password (id = "F_password", name = "password") }}</li>
+ <li><label for="F_current">{{ GTW._T ("Current Password") }}</label></li>
+ <li>
+ {{- X.input.password
+ ( id = "F_current"
+ , name = "current"
+ , autocomplete = "off"
+ )
+ -}}
+ </li>
{{- display_errors (errors, "password") -}}
<li><label for="F_npassword">{{ GTW._T ("New Password") }}</label></li>

0 comments on commit 1801308

Please sign in to comment.