Commit fbb3d28
authored
feat: warn on /account.html when password is still default (#18)
On page load, /account.html now probes JSS's PUT /idp/credentials
with {currentPassword:"me", newPassword:"me"} via session.authFetch.
- 204 (current matches) → red warning banner above the password
form: "You're using the default password. Change it below to
claim your pod."
- 401 (current doesn't match) → no banner.
The probe is server-side truth (no localStorage state to go stale
across browsers). Side effect is a bcrypt re-hash of the same value
when the password is still default — rate-limited 10/min per IP by
JSS, no functional change.
After a successful password update, the warning is hidden
synchronously (no reload needed). On subsequent loads the probe
sees 401 and the warning stays gone.
Refs #1 #61 parent b895463 commit fbb3d28
2 files changed
Lines changed: 28 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
52 | 55 | | |
53 | 56 | | |
54 | 57 | | |
| |||
127 | 130 | | |
128 | 131 | | |
129 | 132 | | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
130 | 155 | | |
131 | 156 | | |
132 | 157 | | |
| |||
195 | 220 | | |
196 | 221 | | |
197 | 222 | | |
| 223 | + | |
| 224 | + | |
198 | 225 | | |
199 | 226 | | |
200 | 227 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
0 commit comments