users: refactor password reset flow.
The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
This commit is contained in:
evazion
22
app/views/password_resets/show.html.erb
Normal file
22
app/views/password_resets/show.html.erb
Normal file
@@ -0,0 +1,22 @@
|
||||
<% page_title "Reset Password" %>
|
||||
<%= render "sessions/secondary_links" %>
|
||||
|
||||
<div id="c-password-resets">
|
||||
<div id="a-show">
|
||||
<h1>Reset Password</h1>
|
||||
|
||||
<p>
|
||||
Enter your username below to reset your password. You will be sent an
|
||||
email containing a link to reset your password.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If your account doesn't have a valid email address, then your password can't be reset.
|
||||
</p>
|
||||
|
||||
<%= edit_form_for(:user, url: password_reset_path, action: :post) do |f| %>
|
||||
<%= f.input :name, label: "Username", input_html: { "data-autocomplete": "user" } %>
|
||||
<%= f.submit "Submit" %>
|
||||
<% end %>
|
||||
</div>
|
||||
</div>
|
||||
Reference in New Issue
Block a user