Show a confirmation page during user password reset (#8004)

This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
2025-05-02 22:14:55 -04:00 · 2020-09-10 11:45:12 +01:00 · 2020-09-10 11:45:12 +01:00 · a3a90ee031
commit a3a90ee031
parent e44e9ee518
16 changed files with 271 additions and 90 deletions
--- a/tests/server.py
+++ b/tests/server.py
@ -1,6 +1,6 @@
 import json
 import logging
-from io import BytesIO
+from io import SEEK_END, BytesIO

 import attr
 from zope.interface import implementer
@ -135,6 +135,7 @@ def make_request(
    request=SynapseRequest,
    shorthand=True,
    federation_auth_origin=None,
+    content_is_form=False,
 ):
    """
    Make a web request using the given method and path, feed it the
@ -150,6 +151,8 @@ def make_request(
        with the usual REST API path, if it doesn't contain it.
        federation_auth_origin (bytes|None): if set to not-None, we will add a fake
            Authorization header pretenting to be the given server name.
+        content_is_form: Whether the content is URL encoded form data. Adds the
+            'Content-Type': 'application/x-www-form-urlencoded' header.

    Returns:
        Tuple[synapse.http.site.SynapseRequest, channel]
@ -181,6 +184,8 @@ def make_request(
    req = request(channel)
    req.process = lambda: b""
    req.content = BytesIO(content)
+    # Twisted expects to be at the end of the content when parsing the request.
+    req.content.seek(SEEK_END)
    req.postpath = list(map(unquote, path[1:].split(b"/")))

    if access_token:
@ -195,7 +200,13 @@ def make_request(
        )

    if content:
-        req.requestHeaders.addRawHeader(b"Content-Type", b"application/json")
+        if content_is_form:
+            req.requestHeaders.addRawHeader(
+                b"Content-Type", b"application/x-www-form-urlencoded"
+            )
+        else:
+            # Assume the body is JSON
+            req.requestHeaders.addRawHeader(b"Content-Type", b"application/json")

    req.requestReceived(method, path, b"1.1")