Fix error on account activation with wrong passwd (#22609)

On activating local accounts, the error message didn't differentiate
between using a wrong or expired token, or a wrong password. The result
could already be obtained from the behaviour (different screens were
presented), but the error message was misleading and lead to confusion
for new users on Codeberg with Forgejo.

Now, entering a wrong password for a valid token prints a different
error message.

The problem was introduced in 0f14f69e6070c9aca09f57c419e7d6007d0e520b.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Otto Richter (fnetX) 2023-01-28 08:59:46 +01:00 committed by GitHub
parent 74466eb133
commit 95d9fbdcf3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 4 deletions

View File

@ -322,6 +322,7 @@ email_not_associate = The email address is not associated with any account.
send_reset_mail = Send Account Recovery Email
reset_password = Account Recovery
invalid_code = Your confirmation code is invalid or has expired.
invalid_password = Your password does not match the password that was used to create the account.
reset_password_helper = Recover Account
reset_password_wrong_user = You are signed in as %s, but the account recovery link is for %s
password_too_short = Password length cannot be less than %d characters.

View File

@ -633,7 +633,7 @@ func Activate(ctx *context.Context) {
user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsCodeInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
@ -660,7 +660,7 @@ func ActivatePost(ctx *context.Context) {
user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsCodeInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
@ -675,7 +675,7 @@ func ActivatePost(ctx *context.Context) {
return
}
if !user.ValidatePassword(password) {
ctx.Data["IsActivateFailed"] = true
ctx.Data["IsPasswordInvalid"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}

View File

@ -30,8 +30,10 @@
<input id="code" name="code" type="hidden" value="{{.Code}}">
{{else if .IsSendRegisterMail}}
<p>{{.locale.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
{{else if .IsActivateFailed}}
{{else if .IsCodeInvalid}}
<p>{{.locale.Tr "auth.invalid_code"}}</p>
{{else if .IsPasswordInvalid}}
<p>{{.locale.Tr "auth.invalid_password"}}</p>
{{else if .ManualActivationOnly}}
<p class="center">{{.locale.Tr "auth.manual_activation_only"}}</p>
{{else}}