settings: Remove password confirmation in modal.

This removes the requirement to confirm your new password. It isn't necessary and can be fixed easily with an email reset if messed up.
2026-06-24 21:08:25 +08:00 · 2018-01-11 11:28:18 -08:00 · 2018-01-11 11:28:18 -08:00 · ffe3a6c127
commit ffe3a6c127
parent 2b133ee99c
5 changed files with 3 additions and 33 deletions
--- a/frontend_tests/casper_tests/06-settings.js
+++ b/frontend_tests/casper_tests/06-settings.js
@ -42,7 +42,6 @@ casper.then(function () {
        casper.waitForResource("zxcvbn.js", function () {
            casper.test.assertVisible("#old_password");
            casper.test.assertVisible("#new_password");
-            casper.test.assertVisible("#confirm_password");

            casper.test.assertEqual(casper.getFormValues(form_sel).full_name, "Iago");

@ -50,7 +49,6 @@ casper.then(function () {
                full_name: "IagoNew",
                old_password: test_credentials.default_user.password,
                new_password: "qwertyuiop",
-                confirm_password: "qwertyuiop",
            });
            casper.test.assertNotVisible("#account-settings-status");
            casper.click('button[name="change_settings"]');
@ -83,7 +81,6 @@ casper.then(function () {
            full_name: "Iago",
            old_password: "qwertyuiop",
            new_password: test_credentials.default_user.password,
-            confirm_password: test_credentials.default_user.password,
        });
        casper.click('button[name="change_settings"]');
        */
--- a/static/js/settings_account.js
+++ b/static/js/settings_account.js
@ -80,7 +80,7 @@ exports.set_up = function () {
    function clear_password_change() {
        // Clear the password boxes so that passwords don't linger in the DOM
        // for an XSS attacker to find.
-        $('#old_password, #new_password, #confirm_password').val('');
+        $('#old_password, #new_password').val('');
    }

    clear_password_change();
--- a/static/templates/settings/account-settings.handlebars
+++ b/static/templates/settings/account-settings.handlebars
@ -79,11 +79,6 @@
                                    </div>
                                </div>
                            </div>
-
-                            <div class="input-group">
-                                <label class="inline-block title" for="confirm_password title">{{t "Confirm password" }}</label>
-                                <input type="password" autocomplete="off" name="confirm_password" id="confirm_password" class="w-200 inline-block" value="" />
-                            </div>
                        </div>
                        {{/if}}

--- a/zerver/tests/test_settings.py
+++ b/zerver/tests/test_settings.py
@ -65,7 +65,6 @@ class ChangeSettingsTest(ZulipTestCase):
                full_name='Foo Bar',
                old_password=initial_password(self.example_email("hamlet")),
                new_password='foobar1',
-                confirm_password='foobar1',
            ))
        self.assert_json_success(json_result)
        result = ujson.loads(json_result.content)
@ -132,31 +131,13 @@ class ChangeSettingsTest(ZulipTestCase):
    def test_enter_sends_setting(self) -> None:
        self.check_for_toggle_param('/json/users/me/enter-sends', "enter_sends")

-    def test_mismatching_passwords(self) -> None:
-        """
-        new_password and confirm_password must match
-        """
-        self.login(self.example_email("hamlet"))
-        result = self.client_patch(
-            "/json/settings",
-            dict(
-                new_password="mismatched_password",
-                confirm_password="not_the_same",
-            ))
-        self.assert_json_error(result,
-                               "New password must match confirmation password!")
-
    def test_wrong_old_password(self) -> None:
-        """
-        new_password and confirm_password must match
-        """
        self.login(self.example_email("hamlet"))
        result = self.client_patch(
            "/json/settings",
            dict(
                old_password='bad_password',
                new_password="ignored",
-                confirm_password="ignored",
            ))
        self.assert_json_error(result, "Wrong password!")

--- a/zerver/views/user_settings.py
+++ b/zerver/views/user_settings.py
@ -73,14 +73,11 @@ def json_change_settings(request: HttpRequest, user_profile: UserProfile,
                         full_name: Text=REQ(default=""),
                         email: Text=REQ(default=""),
                         old_password: Text=REQ(default=""),
-                         new_password: Text=REQ(default=""),
-                         confirm_password: Text=REQ(default="")) -> HttpResponse:
+                         new_password: Text=REQ(default="")) -> HttpResponse:
    if not (full_name or new_password or email):
        return json_error(_("No new data supplied"))

-    if new_password != "" or confirm_password != "":
-        if new_password != confirm_password:
-            return json_error(_("New password must match confirmation password!"))
+    if new_password != "":
        if not authenticate(username=user_profile.email, password=old_password,
                            realm=user_profile.realm):
            return json_error(_("Wrong password!"))