[allura] branch master updated: when a password reset link doesn't work, make the error more obvious and don't show them a login form since that's confusing

[brondsem]

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git


The following commit(s) were added to refs/heads/master by this push:
     new 485ecf041 when a password reset link doesn't work, make the error more 
obvious and don't show them a login form since that's confusing
485ecf041 is described below

commit 485ecf0419ab25515e8740315362b2e96e9a1e70
Author: Dave Brondsema <dbronds...@slashdotmedia.com>
AuthorDate: Tue Aug 15 12:02:01 2023 -0400

    when a password reset link doesn't work, make the error more obvious and 
don't show them a login form since that's confusing
---
 Allura/allura/controllers/auth.py           | 8 ++++----
 Allura/allura/tests/functional/test_auth.py | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Allura/allura/controllers/auth.py 
b/Allura/allura/controllers/auth.py
index fea00d13e..7cd0189c2 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -168,14 +168,14 @@ class AuthController(BaseController):
             {'tool_data.AuthPasswordReset.hash': hash}).first()
         if not user_record:
             log.info(f'Reset hash not found: {hash}')
-            flash('Unable to process reset, please try again')
-            redirect(login_url)
+            flash('Unable to process password reset', 'error', sticky=True)
+            redirect('/')
         hash_expiry = user_record.get_tool_data(
             'AuthPasswordReset', 'hash_expiry')
         if not hash_expiry or hash_expiry < datetime.utcnow():
             log.info(f'Reset hash expired: {hash} {hash_expiry}')
-            flash('Unable to process reset, please try again')
-            redirect(login_url)
+            flash('Password reset link is invalid or expired', 'error', 
sticky=True)
+            redirect('/')
         return user_record
 
     @expose('jinja:allura:templates/forgotten_password.html')
diff --git a/Allura/allura/tests/functional/test_auth.py 
b/Allura/allura/tests/functional/test_auth.py
index 5a2562ef3..b75eb91a8 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1780,17 +1780,17 @@ To update your password on %s, please visit the 
following URL:
         hash = user.get_tool_data('AuthPasswordReset', 'hash')
         user.set_tool_data('AuthPasswordReset',
                            hash_expiry=datetime(2000, 10, 10))
-        r = self.app.get('/auth/forgotten_password/%s' % hash.encode('utf-8'))
-        assert 'Unable to process reset, please try again' in r.follow().text
+        r = self.app.get('/auth/forgotten_password/%s' % hash)
+        assert 'Password reset link is invalid or expired' in 
r.follow().follow().text
         r = self.app.post('/auth/set_new_password/%s' %
                           hash.encode('utf-8'), {'pw': '154321', 'pw2': 
'154321',
                                                  '_session_id': 
self.app.cookies['_session_id'],
                                                  })
-        assert 'Unable to process reset, please try again' in r.follow().text
+        assert 'Unable to process password reset' in r.follow().follow().text
 
     def test_hash_invalid(self):
         r = self.app.get('/auth/forgotten_password/123412341234', status=302)
-        assert 'Unable to process reset, please try again' in r.follow().text
+        assert 'Unable to process password reset' in r.follow().follow().text
 
     @patch('allura.lib.plugin.AuthenticationProvider')
     def test_provider_disabled(self, AP):