Which means the user will only be able to reset their password, and not sign-in.
Once the user resets the password the user state is set to active once more.
If the link is used a second time they will be redirected to the index page with a message
that the link in the email is not longer valid.
Refactored the forms so that fields like email_address can be used in multiple forms.
Refactored form validation so that a query function is passed into the form to be run, this
way the form is not exposed to the dao layer and the query is more efficient.
This PR still requires some frontend attention. Will work with Chris to update the templates.
Found a way to create the token that does not need to persist it to the database.
This requires proper error messages, written by people who speak menglis good.
Start implementation for new-password endpoints.
Created PasswordResetToken model
ToDo: create and save token, send valid url to user,
check validity of token, update user's password, redirect to /two-factor.
- initial versions kept it out of this class but updated as lots of duplication and errors as config
set up in multiple places and not all picking up credstash.
Submit form was
- a confusing name in itself
- not descriptive, because it also has an optional ‘back’ link
This commit also puts this component in as many pages as possible, stripping
out any hard-coded buttons and links.
It replaces any usage of buttons for ‘back’, because these are links, not
buttons (ie they don’t change any data).
For pages where
- we want you to be sure that you want to do what you’re about to do
- we want to be sure it’s you trying to do the thing
This adds a page that asks the user to confirm their password.
Adds the pages and wires them together, so that it’s possible to click
through them.
The wording is not quite English, but attempts to be an rough description of
what the consequences are for each of the four actions.
