2013-07-29 23:03:31 +02:00
|
|
|
{% extends "zerver/portico_signup.html" %}
|
2013-04-08 21:24:44 +02:00
|
|
|
{% block customhead %}
|
2016-04-21 08:48:33 +02:00
|
|
|
{{ super() }}
|
2017-05-25 01:32:27 +02:00
|
|
|
{{ render_bundle('zxcvbn') }}
|
2013-04-08 21:24:44 +02:00
|
|
|
{% endblock %}
|
|
|
|
|
|
2012-11-05 19:53:16 +01:00
|
|
|
{% block portico_content %}
|
|
|
|
|
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="password-container flex full-page new-style">
|
|
|
|
|
|
|
|
|
|
<!-- wrapper for flex content -->
|
|
|
|
|
<div>
|
|
|
|
|
<div class="get-started">
|
|
|
|
|
<h1>{{ _('Reset your password.') }}</h1>
|
2016-08-16 19:28:02 +02:00
|
|
|
</div>
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="password-reset white-box">
|
|
|
|
|
<!-- TODO: Ask about meta viewport 1:1 scaling -->
|
2012-11-05 19:53:16 +01:00
|
|
|
|
2017-05-04 07:48:53 +02:00
|
|
|
{% if validlink %}
|
|
|
|
|
<form method="post" id="password_reset" class="form-horizontal" autocomplete="off">
|
|
|
|
|
{{ csrf_input }}
|
|
|
|
|
<div class="input-box" id="email-section">
|
|
|
|
|
<label for="id_email">{{ _("Email") }}</label>
|
|
|
|
|
<div>
|
|
|
|
|
<input type="text" name="name" placeholder='{{ form.user.email }}' disabled />
|
|
|
|
|
</div>
|
2017-02-24 16:42:13 +01:00
|
|
|
</div>
|
2016-08-16 19:28:02 +02:00
|
|
|
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="input-box">
|
|
|
|
|
<label for="id_new_password1" class="">{{ _('Password') }}</label>
|
2016-08-16 19:25:18 +02:00
|
|
|
<input id="id_new_password1" class="required" type="password" name="new_password1"
|
|
|
|
|
value="{% if form.new_password1.value() %}{{ form.new_password1.value() }}{% endif %}"
|
2017-01-09 18:04:23 +01:00
|
|
|
maxlength="100"
|
|
|
|
|
data-min-length="{{password_min_length}}"
|
passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful. For configuration and the core
accept/reject logic, it's better to use units that are readily
understood. Switch to those.
I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses. And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft". So, "guesses" it is.
And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting. So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.
(Thanks to @YJDave for a prototype that the code changes in this
commit are based on.)
2017-10-03 19:48:06 +02:00
|
|
|
data-min-guesses="{{password_min_guesses}}" required />
|
2016-08-16 19:25:18 +02:00
|
|
|
{% if form.new_password1.errors %}
|
|
|
|
|
{% for error in form.new_password1.errors %}
|
2017-02-24 16:42:13 +01:00
|
|
|
<div class="alert alert-error">{{ error }}</div>
|
2016-08-16 19:25:18 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
</div>
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="input-box">
|
|
|
|
|
<div class="">
|
|
|
|
|
<div class="progress" id="pw_strength">
|
|
|
|
|
<div class="bar bar-danger" style="width: 10%;"></div>
|
|
|
|
|
</div>
|
2016-08-16 19:25:18 +02:00
|
|
|
</div>
|
2013-04-08 21:24:44 +02:00
|
|
|
</div>
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="input-box">
|
|
|
|
|
<label for="id_new_password2" class="">{{ _('Confirm password') }}</label>
|
2016-08-16 19:25:18 +02:00
|
|
|
<input id="id_new_password2" class="required" type="password" name="new_password2"
|
|
|
|
|
value="{% if form.new_password2.value() %}{{ form.new_password2.value() }}{% endif %}"
|
2017-05-04 07:48:53 +02:00
|
|
|
maxlength="100" required />
|
2016-08-16 19:25:18 +02:00
|
|
|
{% if form.new_password2.errors %}
|
|
|
|
|
{% for error in form.new_password2.errors %}
|
2017-02-24 16:42:13 +01:00
|
|
|
<div class="alert alert-error">{{ error }}</div>
|
2016-08-16 19:25:18 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
</div>
|
2012-11-05 19:53:16 +01:00
|
|
|
|
2017-05-04 07:48:53 +02:00
|
|
|
<div class="input-box m-t-30">
|
|
|
|
|
<div class="centered-button">
|
|
|
|
|
<button type="submit" class="" value="Submit">Submit</button>
|
|
|
|
|
</div>
|
2016-08-16 19:25:18 +02:00
|
|
|
</div>
|
2017-05-04 07:48:53 +02:00
|
|
|
</form>
|
2016-08-16 19:25:18 +02:00
|
|
|
|
2017-05-04 07:48:53 +02:00
|
|
|
<script type="text/javascript">
|
2017-06-22 22:08:43 +02:00
|
|
|
common.autofocus('#id_new_password1');
|
2017-05-04 07:48:53 +02:00
|
|
|
</script>
|
|
|
|
|
{% else %}
|
|
|
|
|
<p>{{ _('Sorry, the link you provided is invalid or has already been used.') }}</p>
|
|
|
|
|
{% endif %}
|
|
|
|
|
</div>
|
2016-08-16 19:28:02 +02:00
|
|
|
</div>
|
2016-08-16 19:25:18 +02:00
|
|
|
</div>
|
2012-11-05 19:53:16 +01:00
|
|
|
|
|
|
|
|
{% endblock %}
|
