fix(reset): validate token on GET and surface errors on POST
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
- Verify reset token before showing the form (GET), redirecting with an error immediately if the token is invalid or expired - Add peekResetToken to check token validity non-destructively - Fix POST form action to include query params so the URL check doesn't silently redirect to /lost before processing errors - Update page title and subtitle to reflect the reset step Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2e6227b36c
commit
71805cf65c
3 changed files with 19 additions and 3 deletions
|
|
@ -1,8 +1,8 @@
|
|||
{{template "header" .}}
|
||||
<h1 class="page-title">Forgot your password?</h1>
|
||||
<p class="page-subtitle">Define a new one!</p>
|
||||
<h1 class="page-title">Define your new password</h1>
|
||||
<p class="page-subtitle">Choose a strong password to secure your account.</p>
|
||||
|
||||
<form method="post" action="reset">
|
||||
<form method="post" action="reset?l={{ .login }}&t={{ .token }}">
|
||||
{{if .error}}<div class="alert alert-error" role="alert">{{.error}}</div>{{end}}
|
||||
<input type="hidden" name="csrf_token" value="{{ .csrf_token }}">
|
||||
<div class="form-field">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue