fix(reset): validate token on GET and surface errors on POST
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
- Verify reset token before showing the form (GET), redirecting with an error immediately if the token is invalid or expired - Add peekResetToken to check token validity non-destructively - Fix POST form action to include query params so the URL check doesn't silently redirect to /lost before processing errors - Update page title and subtitle to reflect the reset step Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2e6227b36c
commit
335a656a0e
3 changed files with 19 additions and 3 deletions
10
lost.go
10
lost.go
|
|
@ -49,6 +49,16 @@ func storeResetToken(token string, dn string) {
|
|||
}
|
||||
}
|
||||
|
||||
func peekResetToken(token string) bool {
|
||||
resetTokenStore.mu.Lock()
|
||||
defer resetTokenStore.mu.Unlock()
|
||||
entry, ok := resetTokenStore.tokens[token]
|
||||
if !ok || time.Now().After(entry.expiresAt) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func consumeResetToken(token string) (string, bool) {
|
||||
resetTokenStore.mu.Lock()
|
||||
defer resetTokenStore.mu.Unlock()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue