From 559210d204bb2be26bed55aad00395160a7e65bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 18 Jun 2019 13:23:37 +0200 Subject: [PATCH] Oh, forgot, you have to add the email again Well, this is not good practice. If an attacker has access to the mailbox then she knows also the email account as well. It's better to ask the user for the unique username, e.g. `@username`. https://stackoverflow.com/a/16018373 --- .../PasswordReset/VerifyCode.spec.js | 3 ++- .../components/PasswordReset/VerifyCode.vue | 22 +++++++++++++++---- webapp/locales/de.json | 2 +- webapp/locales/en.json | 2 +- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/webapp/components/PasswordReset/VerifyCode.spec.js b/webapp/components/PasswordReset/VerifyCode.spec.js index 63e8ce2b3..0d198721b 100644 --- a/webapp/components/PasswordReset/VerifyCode.spec.js +++ b/webapp/components/PasswordReset/VerifyCode.spec.js @@ -41,7 +41,8 @@ describe('VerifyCode ', () => { describe('after verification code given', () => { beforeEach(() => { wrapper = Wrapper() - wrapper.find('input').setValue('123456') + wrapper.find('input#email').setValue('mail@example.org') + wrapper.find('input#code').setValue('123456') wrapper.find('form').trigger('submit') }) diff --git a/webapp/components/PasswordReset/VerifyCode.vue b/webapp/components/PasswordReset/VerifyCode.vue index 6e8f116ed..67a164ba6 100644 --- a/webapp/components/PasswordReset/VerifyCode.vue +++ b/webapp/components/PasswordReset/VerifyCode.vue @@ -2,7 +2,7 @@ + @@ -68,9 +76,15 @@ export default { return { verification: { formData: { + email: '', code: '', }, formSchema: { + email: { + type: 'email', + required: true, + message: this.$t('common.validations.email'), + }, code: { type: 'string', min: 6, @@ -103,7 +117,7 @@ export default { ], }, }, - codeSubmitted: false, + verificationSubmitted: false, disabled: true, } }, @@ -115,7 +129,7 @@ export default { this.disabled = false }, handleSubmitVerify() { - this.codeSubmitted = true + this.verificationSubmitted = true }, handleSubmitPassword() {}, matchPassword(rule, value, callback, source, options) { diff --git a/webapp/locales/de.json b/webapp/locales/de.json index cd04befe0..502f72607 100644 --- a/webapp/locales/de.json +++ b/webapp/locales/de.json @@ -24,7 +24,7 @@ }, "verify-code": { "form": { - "input": "Code eingeben", + "code": "Code eingeben", "description": "Öffne Deine E-Mail Postfach und gib den Code ein, den wir geschickt haben.", "submit": "Sicherheitscode überprüfen", "change-password":{ diff --git a/webapp/locales/en.json b/webapp/locales/en.json index b0dcc0f03..2aac32ca6 100644 --- a/webapp/locales/en.json +++ b/webapp/locales/en.json @@ -24,7 +24,7 @@ }, "verify-code": { "form": { - "input": "Enter your code", + "code": "Enter your code", "description": "Open your inbox and enter the code that we've sent to you.", "submit": "Check security code", "change-password": {