Show a confirmation page during user password reset (#8004)

This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
author: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> 2020-09-10 11:45:12 +0100
committer: GitHub <noreply@github.com> 2020-09-10 11:45:12 +0100
commit: a3a90ee031d3942c04ab0d985678caf30a94f9e8 (patch)
tree: f67077b00520119d640f8b914a6f59631e28cc3a /synapse/config
parent: Merge branch 'release-v1.20.0' into develop (diff)
download: synapse-a3a90ee031d3942c04ab0d985678caf30a94f9e8.tar.xz
1 files changed, 9 insertions, 3 deletions
diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py
index 7a796996c0..72b42bfd62 100644
--- a/synapse/config/emailconfig.py
+++ b/synapse/config/emailconfig.py
@@ -228,6 +228,7 @@ class EmailConfig(Config):
                 self.email_registration_template_text,
                 self.email_add_threepid_template_html,
                 self.email_add_threepid_template_text,
+                self.email_password_reset_template_confirmation_html,
                 self.email_password_reset_template_failure_html,
                 self.email_registration_template_failure_html,
                 self.email_add_threepid_template_failure_html,
@@ -242,6 +243,7 @@ class EmailConfig(Config):
                     registration_template_text,
                     add_threepid_template_html,
                     add_threepid_template_text,
+                    "password_reset_confirmation.html",
                     password_reset_template_failure_html,
                     registration_template_failure_html,
                     add_threepid_template_failure_html,
@@ -404,9 +406,13 @@ class EmailConfig(Config):
           # * The contents of password reset emails sent by the homeserver:
           #   'password_reset.html' and 'password_reset.txt'
           #
-          # * HTML pages for success and failure that a user will see when they follow
-          #   the link in the password reset email: 'password_reset_success.html' and
-          #   'password_reset_failure.html'
+          # * An HTML page that a user will see when they follow the link in the password
+          #   reset email. The user will be asked to confirm the action before their
+          #   password is reset: 'password_reset_confirmation.html'
+          #
+          # * HTML pages for success and failure that a user will see when they confirm
+          #   the password reset flow using the page above: 'password_reset_success.html'
+          #   and 'password_reset_failure.html'
           #
           # * The contents of address verification emails sent during registration:
           #   'registration.html' and 'registration.txt'
author	Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>	2020-09-10 11:45:12 +0100
committer	GitHub <noreply@github.com>	2020-09-10 11:45:12 +0100
commit	a3a90ee031d3942c04ab0d985678caf30a94f9e8 (patch)
tree	f67077b00520119d640f8b914a6f59631e28cc3a /synapse/config
parent	Merge branch 'release-v1.20.0' into develop (diff)
download	synapse-a3a90ee031d3942c04ab0d985678caf30a94f9e8.tar.xz