Add error message on change password mismatch

Author: koldakov

futuramaapi/routers/services/passwords/change_signature_requested_user_password.py

@@ -1,7 +1,7 @@
 from typing import Any, ClassVar
 
 import jwt
-from fastapi import HTTPException, Request, status
+from fastapi import Request, status
 from fastapi.responses import RedirectResponse
 from jwt import ExpiredSignatureError, InvalidSignatureError, InvalidTokenError
 from pydantic import SecretStr
@@ -11,6 +11,8 @@
 from futuramaapi.repositories.models import UserModel
 from futuramaapi.routers.services import BaseSessionService
 
+from .get_signature_user_password_change_form import ChangeFormError
+
 
 class TokenDecodeError(Exception):
     pass
@@ -56,14 +58,14 @@ async def process(self, *args, **kwargs) -> RedirectResponse:
         try:
             token_: dict[str, Any] = self._get_decoded_token()
         except TokenDecodeError:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Token expired or invalid.",
-            ) from None
+            return RedirectResponse(
+                url=f"/passwords/change?sig={self.signature}",
+                status_code=status.HTTP_303_SEE_OTHER,
+            )
 
         if self.password1.get_secret_value() != self.password2.get_secret_value():
             return RedirectResponse(
-                self.request.headers.get("referer", self.request.url.path),
+                url=f"/passwords/change?sig={self.signature}&errorType={ChangeFormError.password_mismatch}",
                 status_code=status.HTTP_303_SEE_OTHER,
             )
 

futuramaapi/routers/services/passwords/get_signature_user_password_change_form.py

@@ -1,3 +1,4 @@
+from enum import StrEnum
 from typing import Any, ClassVar
 
 import jwt
@@ -16,10 +17,15 @@ class TokenDecodeError(Exception):
     pass
 
 
+class ChangeFormError(StrEnum):
+    password_mismatch = "password_mismatch"  # noqa: S105
+
+
 class GetSignatureUserPasswordChangeFormService(BaseSessionService[Response]):
     template_name: ClassVar[str] = "password_change.html"
 
     signature: str
+    error_type: ChangeFormError | None
 
     algorithm: ClassVar[str] = "HS256"
 
@@ -59,6 +65,7 @@ async def _get_context(self, token: dict[str, Any], /) -> dict[str, Any]:
         return {
             "_project": _project_context,
             "current_user": await self._get_current_user(token["user"]["id"]),
+            "error_type": self.error_type,
         }
 
     async def process(self, *args, **kwargs) -> Response:

futuramaapi/routers/views/passwords/api.py

@@ -9,6 +9,7 @@
     ChangeSignatureRequestedUserPasswordService,
 )
 from futuramaapi.routers.services.passwords.get_signature_user_password_change_form import (
+    ChangeFormError,
     GetSignatureUserPasswordChangeFormService,
 )
 
@@ -30,11 +31,21 @@
 )
 async def get_signature_user_password_change_form(
     request: Request,
-    sig: str,
+    sig: Annotated[
+        str,
+        Query(),
+    ],
+    error_type: Annotated[
+        ChangeFormError | None,
+        Query(
+            alias="errorType",
+        ),
+    ] = None,
 ) -> Response:
     """Show password change form."""
     service: GetSignatureUserPasswordChangeFormService = GetSignatureUserPasswordChangeFormService(
         signature=sig,
+        error_type=error_type,
         context={
             "request": request,
         },

static/css/auth.css

@@ -7,17 +7,25 @@
   padding-bottom: 2rem;
 }
 
-.auth-warning {
+.auth-message {
   margin-top: 1.25rem;
   padding: 0.6rem 0.75rem;
   border-radius: 0.6rem;
-  background: rgba(234, 179, 8, 0.12); /* amber */
-  color: #92400e;
   font-size: 0.8rem;
   text-align: center;
   line-height: 1.4;
 }
 
+.auth-message.warning {
+  background: rgba(234, 179, 8, 0.12);
+  color: #92400e;
+}
+
+.auth-message.error {
+  background: rgba(220, 38, 38, 0.12);
+  color: #b91c1c;
+}
+
 .auth-container {
   width: 100%;
   max-width: 380px;

templates/password_change.html

@@ -29,6 +29,13 @@
           Reset password
         </h1>
         {% if current_user %}
+          {% if error_type == 'password_mismatch' %}
+            <p
+              class="auth-message error"
+            >
+              Passwords do not match.
+            </p>
+          {% endif %}
           <p
             class="auth-subtitle"
           >
@@ -83,7 +90,7 @@
             </button>
           </form>
           <p
-            class="auth-warning"
+            class="auth-message warning"
           >
             This reset link expires in <span id="reset-password-countdown">15:00</span>.
           </p>
@@ -94,7 +101,7 @@
             This password reset link has expired or is invalid.
           </p>
           <div
-            class="auth-warning"
+            class="auth-message warning"
           >
             Please request a new password reset link via API.
           </div>