From c66a9851cc83cbe2564fd9307be54c559c0d9985 Mon Sep 17 00:00:00 2001
From: binwiederhier <pheckel@datto.com>
Date: Sat, 21 Jan 2023 20:07:39 -0500
Subject: [PATCH] Re-add password confirmation
---
server/server.go | 1 -
web/src/components/Signup.js | 35 +++++++++++++++++++++++++++++++++--
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/server/server.go b/server/server.go
index cceb7d86..42216531 100644
--- a/server/server.go
+++ b/server/server.go
@@ -41,7 +41,6 @@ TODO
UAT results (round 1):
- Security: Account re-creation leads to terrible behavior. Use user ID instead of user name for (a) visitor map, (b) messages.user column, (c) Stripe checkout session
- Account: Changing password should confirm the old password (Thorben)
-- Signup: Re-add password confirmation (Thorben & deadcade)
- Reservation: Kill existing subscribers when topic is reserved (deadcade)
- Reservation (UI): Show "This topic is reserved" error message when trying to reserve a reserved topic (Thorben)
- Reservation (UI): Ask for confirmation when removing reservation (deadcade)
diff --git a/web/src/components/Signup.js b/web/src/components/Signup.js
index 9665bd46..c5cbaf04 100644
--- a/web/src/components/Signup.js
+++ b/web/src/components/Signup.js
@@ -20,7 +20,10 @@ const Signup = () => {
const [error, setError] = useState("");
const [username, setUsername] = useState("");
const [password, setPassword] = useState("");
+ const [confirm, setConfirm] = useState("");
const [showPassword, setShowPassword] = useState(false);
+ const [showConfirm, setShowConfirm] = useState(false);
+
const handleSubmit = async (event) => {
event.preventDefault();
const user = { username, password };
@@ -43,6 +46,7 @@ const Signup = () => {
}
}
};
+
if (!config.enable_signup) {
return (
<AvatarBox>
@@ -50,6 +54,7 @@ const Signup = () => {
</AvatarBox>
);
}
+
return (
<AvatarBox>
<Typography sx={{ typography: 'h6' }}>
@@ -75,7 +80,7 @@ const Signup = () => {
label={t("signup_form_password")}
type={showPassword ? "text" : "password"}
id="password"
- autoComplete="current-password"
+ autoComplete="new-password"
value={password}
onChange={ev => setPassword(ev.target.value.trim())}
InputProps={{
@@ -93,11 +98,37 @@ const Signup = () => {
)
}}
/>
+ <TextField
+ margin="dense"
+ required
+ fullWidth
+ name="password"
+ label={t("signup_form_confirm_password")}
+ type={showConfirm ? "text" : "password"}
+ id="confirm"
+ autoComplete="new-password"
+ value={confirm}
+ onChange={ev => setConfirm(ev.target.value.trim())}
+ InputProps={{
+ endAdornment: (
+ <InputAdornment position="end">
+ <IconButton
+ aria-label={t("signup_form_toggle_password_visibility")}
+ onClick={() => setShowConfirm(!showConfirm)}
+ onMouseDown={(ev) => ev.preventDefault()}
+ edge="end"
+ >
+ {showConfirm ? <VisibilityOff /> : <Visibility />}
+ </IconButton>
+ </InputAdornment>
+ )
+ }}
+ />
<Button
type="submit"
fullWidth
variant="contained"
- disabled={username === "" || password === ""}
+ disabled={username === "" || password === "" || password !== confirm}
sx={{mt: 2, mb: 2}}
>
{t("signup_form_button_submit")}