Add more descriptive error on forgot password page (#26848)

## Changes - Forces flashed error to render immediately when forgot password code is incorrect or has expired. - Adds a link back to the `forgot_password` page so that the user can restart the process (in the event that their link has expired)
2025-11-04 08:30:25 +08:00 · 2023-09-01 12:15:39 -04:00
parent 04771b5ff7
commit 9881b8a4e2
3 changed files with 6 additions and 4 deletions
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -379,6 +379,7 @@ email_not_associate = The email address is not associated with any account.
 send_reset_mail = Send Account Recovery Email
 reset_password = Account Recovery
 invalid_code = Your confirmation code is invalid or has expired.
+invalid_code_forgot_password = Your confirmation code is invalid or has expired. Click <a href="%s">here</a> to start a new session.
 invalid_password = Your password does not match the password that was used to create the account.
 reset_password_helper = Recover Account
 reset_password_wrong_user = You are signed in as %s, but the account recovery link is meant for %s
--- a/routers/web/auth/password.go
+++ b/routers/web/auth/password.go
@@ -5,6 +5,7 @@ package auth

 import (
 	"errors"
+	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/models/auth"
@@ -108,14 +109,14 @@ func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFacto
 	}

 	if len(code) == 0 {
-		ctx.Flash.Error(ctx.Tr("auth.invalid_code"))
+		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
 		return nil, nil
 	}

 	// Fail early, don't frustrate the user
 	u := user_model.VerifyUserActiveCode(code)
 	if u == nil {
-		ctx.Flash.Error(ctx.Tr("auth.invalid_code"))
+		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
 		return nil, nil
 	}

@@ -134,7 +135,7 @@ func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFacto
 	ctx.Data["user_email"] = u.Email

 	if nil != ctx.Doer && u.ID != ctx.Doer.ID {
-		ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email))
+		ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email), true)
 		return nil, nil
 	}

--- a/templates/user/auth/reset_passwd.tmpl
+++ b/templates/user/auth/reset_passwd.tmpl
@@ -57,7 +57,7 @@
 							{{end}}
 						</div>
 					{{else}}
-						<p class="center">{{.locale.Tr "auth.invalid_code"}}</p>
+						<p class="center">{{.locale.Tr "auth.invalid_code_forgot_password" (printf "%s/user/forgot_password" AppSubUrl) | Str2html}}</p>
 					{{end}}
 				</div>
 			</form>