Oh, forgot, you have to add the email again

Well, this is not good practice. If an attacker has access to the mailbox then she knows also the email account as well. It's better to ask the user for the unique username, e.g. `@username`. https://stackoverflow.com/a/16018373
2025-12-13 07:46:06 +00:00 · 2019-06-18 13:23:37 +02:00 · 2019-06-18 13:23:37 +02:00 · 559210d204
commit 559210d204
parent 288e5002fd
4 changed files with 22 additions and 7 deletions
--- a/webapp/components/PasswordReset/VerifyCode.spec.js
+++ b/webapp/components/PasswordReset/VerifyCode.spec.js
@ -41,7 +41,8 @@ describe('VerifyCode ', () => {
    describe('after verification code given', () => {
      beforeEach(() => {
        wrapper = Wrapper()
-        wrapper.find('input').setValue('123456')
+        wrapper.find('input#email').setValue('mail@example.org')
+        wrapper.find('input#code').setValue('123456')
        wrapper.find('form').trigger('submit')
      })

--- a/webapp/components/PasswordReset/VerifyCode.vue
+++ b/webapp/components/PasswordReset/VerifyCode.vue
@ -2,7 +2,7 @@
  <ds-card class="verify-code">
    <ds-space margin="large">
      <ds-form
-        v-if="!codeSubmitted"
+        v-if="!verificationSubmitted"
        v-model="verification.formData"
        :schema="verification.formSchema"
        @submit="handleSubmitVerify"
@ -10,9 +10,17 @@
        @input-valid="handleInputValid"
      >
        <ds-input
-          :placeholder="$t('verify-code.form.input')"
+          :placeholder="$t('login.email')"
+          model="email"
+          id="email"
+          name="email"
+          icon="envelope"
+        />
+        <ds-input
+          :placeholder="$t('verify-code.form.code')"
          model="code"
          name="code"
+          id="code"
          icon="question-circle"
        />
        <ds-space margin-botton="large">
@ -68,9 +76,15 @@ export default {
    return {
      verification: {
        formData: {
+          email: '',
          code: '',
        },
        formSchema: {
+          email: {
+            type: 'email',
+            required: true,
+            message: this.$t('common.validations.email'),
+          },
          code: {
            type: 'string',
            min: 6,
@ -103,7 +117,7 @@ export default {
          ],
        },
      },
-      codeSubmitted: false,
+      verificationSubmitted: false,
      disabled: true,
    }
  },
@ -115,7 +129,7 @@ export default {
      this.disabled = false
    },
    handleSubmitVerify() {
-      this.codeSubmitted = true
+      this.verificationSubmitted = true
    },
    handleSubmitPassword() {},
    matchPassword(rule, value, callback, source, options) {
--- a/webapp/locales/de.json
+++ b/webapp/locales/de.json
@ -24,7 +24,7 @@
  },
  "verify-code": {
    "form": {
-      "input": "Code eingeben",
+      "code": "Code eingeben",
      "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.",
      "submit": "Sicherheitscode überprüfen",
      "change-password":{
--- a/webapp/locales/en.json
+++ b/webapp/locales/en.json
@ -24,7 +24,7 @@
  },
  "verify-code": {
    "form": {
-      "input": "Enter your code",
+      "code": "Enter your code",
      "description": "Open your inbox and enter the code that we've sent to you.",
      "submit": "Check security code",
      "change-password": {