diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2020-09-10 11:45:12 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-10 11:45:12 +0100 |
commit | a3a90ee031d3942c04ab0d985678caf30a94f9e8 (patch) | |
tree | f67077b00520119d640f8b914a6f59631e28cc3a /synapse/config/emailconfig.py | |
parent | Merge branch 'release-v1.20.0' into develop (diff) | |
download | synapse-a3a90ee031d3942c04ab0d985678caf30a94f9e8.tar.xz |
Show a confirmation page during user password reset (#8004)
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
Diffstat (limited to 'synapse/config/emailconfig.py')
-rw-r--r-- | synapse/config/emailconfig.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py index 7a796996c0..72b42bfd62 100644 --- a/synapse/config/emailconfig.py +++ b/synapse/config/emailconfig.py @@ -228,6 +228,7 @@ class EmailConfig(Config): self.email_registration_template_text, self.email_add_threepid_template_html, self.email_add_threepid_template_text, + self.email_password_reset_template_confirmation_html, self.email_password_reset_template_failure_html, self.email_registration_template_failure_html, self.email_add_threepid_template_failure_html, @@ -242,6 +243,7 @@ class EmailConfig(Config): registration_template_text, add_threepid_template_html, add_threepid_template_text, + "password_reset_confirmation.html", password_reset_template_failure_html, registration_template_failure_html, add_threepid_template_failure_html, @@ -404,9 +406,13 @@ class EmailConfig(Config): # * The contents of password reset emails sent by the homeserver: # 'password_reset.html' and 'password_reset.txt' # - # * HTML pages for success and failure that a user will see when they follow - # the link in the password reset email: 'password_reset_success.html' and - # 'password_reset_failure.html' + # * An HTML page that a user will see when they follow the link in the password + # reset email. The user will be asked to confirm the action before their + # password is reset: 'password_reset_confirmation.html' + # + # * HTML pages for success and failure that a user will see when they confirm + # the password reset flow using the page above: 'password_reset_success.html' + # and 'password_reset_failure.html' # # * The contents of address verification emails sent during registration: # 'registration.html' and 'registration.txt' |