Validation of user email addresses (#5434)

* Validation of user email addresses * Improve email and password change forms
2026-05-09 15:54:03 +00:00 · 2025-11-07 11:17:34 +01:00
parent a0dbf6c5db
commit 1cb2d443f9
20 changed files with 620 additions and 142 deletions
--- a/src/pretix/control/templates/pretixcontrol/user/change_email.html
+++ b/src/pretix/control/templates/pretixcontrol/user/change_email.html
@@ -0,0 +1,29 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Change login email address" %}{% endblock %}
+{% block content %}
+    <form action="" method="post" class="form centered-form">
+        <h1>
+            {% trans "Change login email address" %}
+        </h1>
+        {% csrf_token %}
+        {% bootstrap_form_errors form %}
+        <p class="text-muted">
+            {% trans "This changes the email address used to login to your account, as well as where we send email notifications." %}
+        </p>
+        {% bootstrap_field form.old_email %}
+        {% bootstrap_field form.new_email %}
+        <p>
+            {% trans "We will send a confirmation code to your new email address, which you need to enter in the next step to confirm the email address is correct." %}
+        </p>
+        <div class="form-group submit-group">
+            <a href="{% url "control:user.settings" %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-primary btn-save btn-lg">
+                {% trans "Continue" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/change_password.html
+++ b/src/pretix/control/templates/pretixcontrol/user/change_password.html
@@ -0,0 +1,24 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Change password" %}{% endblock %}
+{% block content %}
+    <form action="" method="post" class="form centered-form">
+        <h1>
+            {% trans "Change password" %}
+        </h1>
+        <br>
+        {% csrf_token %}
+        {% bootstrap_form_errors form %}
+        {% bootstrap_field form.email %}
+        {% bootstrap_field form.old_pw %}
+        {% bootstrap_field form.new_pw %}
+        {% bootstrap_field form.new_pw_repeat %}
+        <div class="form-group submit-group">
+            <a href="{% url "control:user.settings" %}" class="btn btn-default btn-cancel">{% trans "Cancel" %}</a>
+            <button type="submit" class="btn btn-primary btn-save btn-lg">
+                {% trans "Change password" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/confirmation_code_dialog.html
+++ b/src/pretix/control/templates/pretixcontrol/user/confirmation_code_dialog.html
@@ -0,0 +1,21 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Enter confirmation code" %}{% endblock %}
+{% block content %}
+    <form action="" method="post" class="form centered-form">
+        <h1>
+            {% trans "Enter confirmation code" %}
+        </h1>
+        {% csrf_token %}
+        {% bootstrap_form_errors form type='all' layout='inline' %}
+        <p>{{ message }}</p>
+        {% bootstrap_field form.code %}
+        <div class="form-group submit-group">
+            <a href="{{ cancel_url }}" class="btn btn-default btn-cancel">{% trans "Cancel" %}</a>
+            <button type="submit" class="btn btn-primary btn-save btn-lg">
+                {% trans "Continue" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/settings.html
+++ b/src/pretix/control/templates/pretixcontrol/user/settings.html
@@ -3,8 +3,26 @@
 {% load bootstrap3 %}
 {% block title %}{% trans "Account settings" %}{% endblock %}
 {% block content %}
+{% if not user.is_verified %}
+    <div class="alert alert-info">
+        <p>
+            {% blocktrans trimmed %}
+            Your email address is not confirmed yet. To secure your account, please confirm your email address using
+            a confirmation code we will send to your email address.
+            {% endblocktrans %}
+        </p>
+        <p>
+            <form action="{% url "control:user.settings.email.send_verification_code" %}" method="post" class="form-horizontal">
+                {% csrf_token %}
+                <button type="submit" class="btn btn-primary">
+                    {% trans "Send confirmation email" %}
+                </button>
+            </form>
+        </p>
+    </div>
+{% endif %}
 <h1>{% trans "Account settings" %}</h1>
-<form action="" method="post" class="form-horizontal">
+<form action="" method="post" class="form-horizontal" data-testid="usersettingsform">
    {% csrf_token %}
    {% bootstrap_form_errors form %}
    <fieldset>
@@ -13,7 +31,7 @@
        {% bootstrap_field form.locale layout='horizontal' %}
        {% bootstrap_field form.timezone layout='horizontal' %}
        <div class="form-group">
-            <label class="col-md-3 control-label" for="id_new_pw_repeat">{% trans "Notifications" %}</label>
+            <label class="col-md-3 control-label">{% trans "Notifications" %}</label>
            <div class="col-md-9 static-form-row">
                {% if request.user.notifications_send and request.user.notification_settings.exists %}
                    <span class="label label-success">
@@ -41,8 +59,18 @@
            {% bootstrap_field form.new_pw layout='horizontal' %}
            {% bootstrap_field form.new_pw_repeat layout='horizontal' %}
        {% endif %}
+        {% if user.auth_backend == 'native' %}
+            <div class="form-group">
+                <label class="col-md-3 control-label">{% trans "Password" %}</label>
+                <div class="col-md-9 static-form-row">
+                    <a href="{% url "control:user.settings.password.change" %}">
+                        <span class="fa fa-edit"></span> {% trans "Change password" %}
+                    </a>
+                </div>
+            </div>
+        {% endif %}
        <div class="form-group">
-            <label class="col-md-3 control-label" for="id_new_pw_repeat">{% trans "Two-factor authentication" %}</label>
+            <label class="col-md-3 control-label">{% trans "Two-factor authentication" %}</label>
            <div class="col-md-9 static-form-row">
                {% if user.require_2fa %}
                    <span class="label label-success">{% trans "Enabled" %}</span> &nbsp;
@@ -58,7 +86,7 @@
            </div>
        </div>
        <div class="form-group">
-            <label class="col-md-3 control-label" for="">{% trans "Authorized applications" %}</label>
+            <label class="col-md-3 control-label">{% trans "Authorized applications" %}</label>
            <div class="col-md-9 static-form-row">
                <a href="{% url "control:user.settings.oauth.list" %}">
                    <span class="fa fa-plug"></span>
@@ -67,7 +95,7 @@
            </div>
        </div>
        <div class="form-group">
-            <label class="col-md-3 control-label" for="">{% trans "Account history" %}</label>
+            <label class="col-md-3 control-label">{% trans "Account history" %}</label>
            <div class="col-md-9 static-form-row">
                <a href="{% url "control:user.settings.history" %}">
                    <span class="fa fa-history"></span>