Mercurial > prosody-modules

view mod_password_reset/password_reset/password_reset.html @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 39d48f8bc5b2
children
line wrap: on
line source

<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Reset password</title>
	<link rel="stylesheet" href="bootstrap.min.css">
</head>
<body>
	<div class="container col-md-4 col-md-offset-4" style="margin-top: 100px">
		{message&
		<div class="alert {classes}">{message}</div>
		}
		<div class="panel panel-default">
			<div class="panel-heading">
				<div class="panel-title">Reset password</div>
			</div>

			<div class="panel-body" style="padding: 20px">

				<p>Please enter a new password for your account.</p>

				<form method="post" class="form-horizontal">
					<div class="form-group" style="margin-right: 0px;">
						<label for="user" class="col-sm-2 control-label">Account:</label>
						<div class="input-group col-sm-10">
							<input type="text" name="user" class="form-control" disabled placeholder="{jid}">
						</div>
					</div>
					<div class="form-group" style="margin-right: 0px;">
						<label for="password" class="col-sm-2 control-label">Password:</label>
						<div class="input-group col-sm-10">
							<input type="password" required autofocus
								name="password"
								class="form-control"
								autocomplete="new-password"
								minlength="{min_password_length}"
							>
							<span class="form-text text-muted">Enter a new secure password for your account.</span>
						</div>
					</div>
					<input type="hidden" name="token" value="{token}">
					<button type="submit" class="btn btn-primary btn-lg">Reset</button>
				</form>
			</div>
		</div>
	</div>
</body>
</html>