From 7179fbab7734bff42f4c6338ea971a7624df50f8 Mon Sep 17 00:00:00 2001 From: Dan Ungureanu Date: Tue, 5 Apr 2022 14:57:15 +0300 Subject: [PATCH] UX: Require a password for invited users (#16291) Invited users were allowed to accept invites without entering a password. When this happened, instead of receiving an activation email, they received a password reset email. Basically, a user could postpone choosing a password until after registration. Unfortunately, this led to a confusing user experience and this commit attempts to fix that by making the client require a password. There is a single case when users do not need to input a password: when they sign up using an external authenticator and password field is completely hidden. In this case, the third party handles the password logic. Technically, invites can still be redeemed without a password, but that functionality was kept to preserve backwards compatibility. --- .../javascripts/discourse/app/controllers/invites-show.js | 4 ++-- .../javascripts/discourse/app/templates/invites/show.hbs | 3 ++- .../discourse/tests/acceptance/invite-accept-test.js | 6 ++++++ config/locales/client.en.yml | 1 - 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/app/assets/javascripts/discourse/app/controllers/invites-show.js b/app/assets/javascripts/discourse/app/controllers/invites-show.js index 4a6307d75c0..7079a5ea2cb 100644 --- a/app/assets/javascripts/discourse/app/controllers/invites-show.js +++ b/app/assets/javascripts/discourse/app/controllers/invites-show.js @@ -1,4 +1,4 @@ -import { alias, notEmpty, or, readOnly } from "@ember/object/computed"; +import { alias, not, or, readOnly } from "@ember/object/computed"; import Controller, { inject as controller } from "@ember/controller"; import DiscourseURL from "discourse/lib/url"; import EmberObject from "@ember/object"; @@ -33,7 +33,7 @@ export default Controller.extend( emailVerifiedByLink: alias("model.email_verified_by_link"), differentExternalEmail: alias("model.different_external_email"), accountUsername: alias("model.username"), - passwordRequired: notEmpty("accountPassword"), + passwordRequired: not("externalAuthsOnly"), successMessage: null, errorMessage: null, userFields: null, diff --git a/app/assets/javascripts/discourse/app/templates/invites/show.hbs b/app/assets/javascripts/discourse/app/templates/invites/show.hbs index cda2c355421..a5554b07dd7 100644 --- a/app/assets/javascripts/discourse/app/templates/invites/show.hbs +++ b/app/assets/javascripts/discourse/app/templates/invites/show.hbs @@ -97,10 +97,11 @@ {{password-field value=accountPassword class=(value-entered accountPassword) type="password" id="new-account-password" capsLockOn=capsLockOn}} {{input-tip validation=passwordValidation}}
- {{passwordInstructions}} {{i18n "invites.optional_description"}} + {{passwordInstructions}}
{{d-icon "exclamation-triangle"}} {{i18n "login.caps_lock_warning"}}
diff --git a/app/assets/javascripts/discourse/tests/acceptance/invite-accept-test.js b/app/assets/javascripts/discourse/tests/acceptance/invite-accept-test.js index 0247a8ea0bb..64b9000802d 100644 --- a/app/assets/javascripts/discourse/tests/acceptance/invite-accept-test.js +++ b/app/assets/javascripts/discourse/tests/acceptance/invite-accept-test.js @@ -119,6 +119,12 @@ acceptance("Invite accept", function (needs) { ); await fillIn("#new-account-email", "john.doe@example.com"); + assert.ok( + exists(".invites-show .btn-primary:disabled"), + "submit is disabled because password is not filled" + ); + + await fillIn("#new-account-password", "top$ecret"); assert.notOk( exists(".invites-show .btn-primary:disabled"), "submit is enabled" diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml index 5a2a02cf363..7dfa54e5161 100644 --- a/config/locales/client.en.yml +++ b/config/locales/client.en.yml @@ -1999,7 +1999,6 @@ en: success: "Your account has been created and you're now logged in." name_label: "Name" password_label: "Password" - optional_description: "(optional)" password_reset: continue: "Continue to %{site_name}"