Rillke
commented
8 years ago On arsnova.eu, there is additionally (b.) the issue that the reset button is greyed out and (c.) you are redirected to https://arsnova.thm.de/blog/ after logging in.
Steps to reproduce on arsnova.eu:
- Go to https://arsnova.eu/mobile/
- Press Dozent/in
- Press ARSnova
- Register and reload this page (F5).
- Click "Passwort vergessen" and get a reset link
- Open the reset link from your inbox
- You can fill in passwords now but you can't submit the form. (b.) Fill in
no%20Spaceas the new password in both fields. - Open a DOM inspector and remove the disabled attribute from the submit button. Submit the form.
- Now enter your e-Mailaddress and
no Spaceas the password (a.) and submit. - You end up at https://arsnova.thm.de/blog/ (c.)
First I'd like to apologize for reporting here as it is a customization issue; it seems to be impossible for me to get an account at https://git.thm.de
In https://git.thm.de/arsnova/arsnova-customization/blob/master/src/main/webapp/account.html#L280 it seems you send the new password not url encoded. Users may type
%20or similar in their passwords and do not expect they have to fill a white space at next login time. To mitigate this issue, I suggest e.g. copyingjQuery.post. It takes care of this and a lot more, e.g. the issue reported in thm-projects/arsnova-backend#36