UX: Require a password for invited users (#16291)

Invited users were allowed to accept invites without entering a
password. When this happened, instead of receiving an activation email,
they received a password reset email. Basically, a user could postpone
choosing a password until after registration.

Unfortunately, this led to a confusing user experience and this commit
attempts to fix that by making the client require a password. There is
a single case when users do not need to input a password: when they sign
up using an external authenticator and password field is completely
hidden. In this case, the third party handles the password logic.

Technically, invites can still be redeemed without a password, but that
functionality was kept to preserve backwards compatibility.
This commit is contained in:
Dan Ungureanu 2022-04-05 14:57:15 +03:00 committed by GitHub
parent e90815a429
commit 7179fbab77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 4 deletions

View File

@ -1,4 +1,4 @@
import { alias, notEmpty, or, readOnly } from "@ember/object/computed"; import { alias, not, or, readOnly } from "@ember/object/computed";
import Controller, { inject as controller } from "@ember/controller"; import Controller, { inject as controller } from "@ember/controller";
import DiscourseURL from "discourse/lib/url"; import DiscourseURL from "discourse/lib/url";
import EmberObject from "@ember/object"; import EmberObject from "@ember/object";
@ -33,7 +33,7 @@ export default Controller.extend(
emailVerifiedByLink: alias("model.email_verified_by_link"), emailVerifiedByLink: alias("model.email_verified_by_link"),
differentExternalEmail: alias("model.different_external_email"), differentExternalEmail: alias("model.different_external_email"),
accountUsername: alias("model.username"), accountUsername: alias("model.username"),
passwordRequired: notEmpty("accountPassword"), passwordRequired: not("externalAuthsOnly"),
successMessage: null, successMessage: null,
errorMessage: null, errorMessage: null,
userFields: null, userFields: null,

View File

@ -97,10 +97,11 @@
{{password-field value=accountPassword class=(value-entered accountPassword) type="password" id="new-account-password" capsLockOn=capsLockOn}} {{password-field value=accountPassword class=(value-entered accountPassword) type="password" id="new-account-password" capsLockOn=capsLockOn}}
<label class="alt-placeholder" for="new-account-password"> <label class="alt-placeholder" for="new-account-password">
{{i18n "invites.password_label"}} {{i18n "invites.password_label"}}
<span class="required">*</span>
</label> </label>
{{input-tip validation=passwordValidation}} {{input-tip validation=passwordValidation}}
<div class="instructions"> <div class="instructions">
{{passwordInstructions}} {{i18n "invites.optional_description"}} {{passwordInstructions}}
<div class="caps-lock-warning {{unless capsLockOn "invisible"}}"> <div class="caps-lock-warning {{unless capsLockOn "invisible"}}">
{{d-icon "exclamation-triangle"}} {{i18n "login.caps_lock_warning"}} {{d-icon "exclamation-triangle"}} {{i18n "login.caps_lock_warning"}}
</div> </div>

View File

@ -119,6 +119,12 @@ acceptance("Invite accept", function (needs) {
); );
await fillIn("#new-account-email", "john.doe@example.com"); await fillIn("#new-account-email", "john.doe@example.com");
assert.ok(
exists(".invites-show .btn-primary:disabled"),
"submit is disabled because password is not filled"
);
await fillIn("#new-account-password", "top$ecret");
assert.notOk( assert.notOk(
exists(".invites-show .btn-primary:disabled"), exists(".invites-show .btn-primary:disabled"),
"submit is enabled" "submit is enabled"

View File

@ -1999,7 +1999,6 @@ en:
success: "Your account has been created and you're now logged in." success: "Your account has been created and you're now logged in."
name_label: "Name" name_label: "Name"
password_label: "Password" password_label: "Password"
optional_description: "(optional)"
password_reset: password_reset:
continue: "Continue to %{site_name}" continue: "Continue to %{site_name}"