diff options
| author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2020-09-10 11:45:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-10 11:45:12 +0100 |
| commit | a3a90ee031d3942c04ab0d985678caf30a94f9e8 (patch) | |
| tree | f67077b00520119d640f8b914a6f59631e28cc3a /synapse/res | |
| parent | Merge branch 'release-v1.20.0' into develop (diff) | |
| download | synapse-a3a90ee031d3942c04ab0d985678caf30a94f9e8.tar.xz | |
Show a confirmation page during user password reset (#8004)
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
Diffstat (limited to 'synapse/res')
| -rw-r--r-- | synapse/res/templates/password_reset_confirmation.html | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/synapse/res/templates/password_reset_confirmation.html b/synapse/res/templates/password_reset_confirmation.html new file mode 100644 index 0000000000..def4b5162b --- /dev/null +++ b/synapse/res/templates/password_reset_confirmation.html @@ -0,0 +1,16 @@ +<html> +<head></head> +<body> +<!--Use a hidden form to resubmit the information necessary to reset the password--> +<form method="post"> + <input type="hidden" name="sid" value="{{ sid }}"> + <input type="hidden" name="token" value="{{ token }}"> + <input type="hidden" name="client_secret" value="{{ client_secret }}"> + + <p>You have requested to <strong>reset your Matrix account password</strong>. Click the link below to confirm this action. <br /><br /> + If you did not mean to do this, please close this page and your password will not be changed.</p> + <p><button type="submit">Confirm changing my password</button></p> +</form> +</body> +</html> + |