jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d3bb5c67ee42cebc80ecfdef4101de15ccbe9708
danbooru/app/views/sessions/new.html.erb
evazion 5625458f69 users: refactor password reset flow. 
The old password reset flow:

* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.

The new password reset flow:

* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
2020-03-08 23:18:15 -05:00

23 lines
716 B
Plaintext
Raw Blame History

<% page_title "Login" %>
<% meta_description "Login to #{Danbooru.config.app_name}" %>
<%= render "sessions/secondary_links" %>
<div id="c-sessions">
<div id="a-new">
<section>
<h1>Login</h1>
<%= simple_form_for(:session, url: session_path) do |f| %>
<%= f.input :url, as: :hidden, input_html: { value: params[:url] } %>
<%= f.input :name %>
<%= f.input :password, hint: link_to("Forgot password?", password_reset_path), input_html: { autocomplete: "password" } %>
<%= f.submit "Login" %>
<% end %>
<p class="fineprint">
New to <%= Danbooru.config.app_name %>? <%= link_to "Create a new account", new_user_path %>.
</p>
</div>
</div>
Reference in New Issue View Git Blame Copy Permalink