mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-03 12:12:43 +01:00
5a89da12e2
Summary: Depends on D20119. Fixes T9512. When you don't have a password on your account, the "Password" panel in Settings is non-obviously useless: you can't provide an old password, so you can't change your password. The correct remedy is to "Forgot password?" and go through the password reset flow. However, we don't guide you to this and it isn't really self-evident. Instead: - Guide users to the password reset flow. - Make it work when you're already logged in. - Skin it as a "set password" flow. We're still requiring you to prove you own the email associated with your account. This is a pretty weak requirement, but maybe stops attackers who use the computer at the library after you do in some bizarre emergency and forget to log out? It would probably be fine to just let users "set password", this mostly just keeps us from having two different pieces of code responsible for setting passwords. Test Plan: - Set password as a logged-in user. - Reset password on the normal flow as a logged-out user. Reviewers: amckinley Reviewed By: amckinley Subscribers: revi Maniphest Tasks: T9512 Differential Revision: https://secure.phabricator.com/D20120 |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| action | ||
| application | ||
| capability | ||
| conduit | ||
| constants | ||
| controller | ||
| data | ||
| editor | ||
| engine | ||
| engineextension | ||
| exception | ||
| extension | ||
| factor | ||
| future | ||
| garbagecollector | ||
| guidance | ||
| management | ||
| message | ||
| password | ||
| phid | ||
| provider | ||
| query | ||
| revoker | ||
| sshkey | ||
| storage | ||
| tokentype | ||
| view | ||
| worker | ||
| xaction | ||