Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lucia branch: Suggestion: When pw reset code is invalid, show this error as soon as the site loads, don't wait until user tries to enter a new pw #134

Open
Boscop opened this issue Dec 28, 2023 · 1 comment

Comments

@Boscop
Copy link

Boscop commented Dec 28, 2023

If a user clicks on an outdated/already-used password reset link (in the email they get after requesting a pw reset), the frontend (on https://<domain>/password-reset/update-password?code=<code>&email=<email>) first behaves as if this pw reset link is still valid. In other words, it shows no error, until the user enters a new pw and clicks "Change password".
Only then it shows a toast with this message:

message: `There are no active verification codes where ${providerId} is ${providerUserId}`,

Suggestion: When the pw reset code is invalid, show this error as soon as the site loads.


Btw: The pw reset email also contains the code on a separate line as the pw reset link, but it's irrelevant to the user because the user is never/nowhere asked to enter this code!
To make it less confusing to the user, we could remove the code from the email. (Considering the the link in the email already contains this code in a query param.)

(And then, we could add a non linkified version of the pw reset URL on a separate line with something like "If the link above doesn't work, enter this URL manually in your browser's address bar".)

@Boscop
Copy link
Author

Boscop commented Dec 28, 2023

Similarly, when the code has already expired when the user visits the pw reset link, it should also already show an error (instead of letting the user enter a new pw and click the button and only then showing an error).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant