Improves change password flow

There are two changes: one is to require the current password to change your password (which is a security improvement), and the other is error reporting when you either get your current password wrong or your new password doesn't match it's second entry.
2022-07-10 20:05:54 -07:00 · 2022-07-10 20:05:54 -07:00 · f44b3cc4b2
commit f44b3cc4b2
parent bead43a20a
2 changed files with 53 additions and 4 deletions
--- a/bookwyrm/templates/preferences/change_password.html
+++ b/bookwyrm/templates/preferences/change_password.html
@ -8,15 +8,46 @@
 {% endblock %}

 {% block panel %}
+{% if success %}
+<div class="notification is-success is-light">
+    <span class="icon icon-check" aria-hidden="true"></span>
+    <span>
+        {% trans "Successfully changed password" %}
+    </span>
+</div>
+{% endif %}
 <form name="edit-profile" action="{% url 'prefs-password' %}" method="post" enctype="multipart/form-data">
    {% csrf_token %}
+    <div class="field">
+        <label class="label" for="id_password">{% trans "Current password:" %}</label>
+        <input
+            type="password"
+            name="current_password"
+            maxlength="128"
+            class="input"
+            required=""
+            id="id_current_password"
+            aria-describedby="desc_current_password"
+        >
+        {% include 'snippets/form_errors.html' with errors_list=errors.current_password id="desc_current_password" %}
+    </div>
+    <hr aria-hidden="true" />
    <div class="field">
        <label class="label" for="id_password">{% trans "New password:" %}</label>
        <input type="password" name="password" maxlength="128" class="input" required="" id="id_password">
    </div>
    <div class="field">
        <label class="label" for="id_confirm_password">{% trans "Confirm password:" %}</label>
-        <input type="password" name="confirm-password" maxlength="128" class="input" required="" id="id_confirm_password">
+        <input
+            type="password"
+            name="confirm-password"
+            maxlength="128"
+            class="input"
+            required=""
+            id="id_confirm_password"
+            aria-describedby="desc_confirm_password"
+        >
+        {% include 'snippets/form_errors.html' with errors_list=errors.confirm_password id="desc_confirm_password" %}
    </div>
    <button class="button is-primary" type="submit">{% trans "Change Password" %}</button>
 </form>