Add client-side validation in password change forms (#14564)

* Fix client-side username validation at registration It used the Account::USERNAME_RE regexp which is for *remote* users, local user validation is stricter. Also take into account max username length. * Add client-side form validation for password change * Add client-side form validation to dedicated registration form Previous changes only applied to the /about page, not the dedicated form on /auth
2020-08-12 12:11:15 +02:00
parent d70c3ab4c3
commit 7dc4c74265
5 changed files with 21 additions and 9 deletions
--- a/app/views/auth/passwords/edit.html.haml
+++ b/app/views/auth/passwords/edit.html.haml
@ -1,14 +1,14 @@
 - content_for :page_title do
  = t('auth.set_new_password')

-= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
+= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put, novalidate: false }) do |f|
  = render 'shared/error_messages', object: resource

  - if !use_seamless_external_login? || resource.encrypted_password.present?
    = f.input :reset_password_token, as: :hidden

    .fields-group
-      = f.input :password, wrapper: :with_label, autofocus: true, label: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off' }, required: true
+      = f.input :password, wrapper: :with_label, autofocus: true, label: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password'), :autocomplete => 'off', :minlength => User.password_length.first, :maxlength => User.password_length.last }, required: true
    .fields-group
      = f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password'), :autocomplete => 'off' }, required: true