continuwuation/continuwuity
continuwuation/continuwuity
14
77
Fork 85
Code Issues 107 Pull requests 42 Releases 27 Packages 3 Activity Actions 5

feat: Self-service password resets #1484

Open
ginger wants to merge 18 commits from ginger/password-reset into main
pull from: ginger/password-reset
merge into: continuwuation:main
Conversation 3 Commits 18 Files changed 39 +1277 -189
ginger commented 2026-03-03 18:37:06 +00:00
Owner
Copy link

This pull request adds support for self-service password resets using links issued by an admin command. Support for password reset emails will be added in a future PR.

Pull request checklist:

  • This pull request targets the main branch, and the branch is named something other than
    main.
  • I have written an appropriate pull request title and my description is clear.
  • I understand I am responsible for the contents of this pull request.
  • I have followed the contributing guidelines:
<!-- In order to help reviewers know what your pull request does at a glance, you should ensure that 1. Your PR title is a short, single sentence describing what you changed 2. You have described in more detail what you have changed, why you have changed it, what the intended effect is, and why you think this will be beneficial to the project. If you have made any potentially strange/questionable design choices, but didn't feel they'd benefit from code comments, please don't mention them here - after opening your pull request, go to "files changed", and click on the "+" symbol in the line number gutter, and attach comments to the lines that you think would benefit from some clarification. --> This pull request adds support for self-service password resets using links issued by an admin command. Support for password reset emails will be added in a future PR. <!-- Example: This pull request allows us to warp through time and space ten times faster than before by double-inverting the warp drive with hyperheated jump fluid, both making the drive faster and more efficient. This resolves the common issue where we have to wait more than 10 milliseconds to engage, use, and disengage the warp drive when travelling between galaxies. --> <!-- Closes: #... --> <!-- Fixes: #... --> <!-- Uncomment the above line(s) if your pull request fixes an issue or closes another pull request by superseding it. Replace `#...` with the issue/pr number, such as `#123`. --> **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [x] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [x] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
chore: News fragment
Some checks failed
Checks / Prek / Pre-commit & Formatting (pull_request) Waiting to run
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Waiting to run
Details
Update flake hashes / update-flake-hashes (pull_request) Waiting to run
Details
Documentation / Build and Deploy Documentation (pull_request) Has been cancelled
Details
6b1db1081e
ginger changed title from ginger/password-reset to feat: Self-service password resets 2026-03-03 18:37:31 +00:00
fix: Disallow issuing password reset tokens for deactivated users
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m42s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m19s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 2m49s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
750b689ded
Jade reviewed 2026-03-03 19:15:03 +00:00
src/web/pages/password_reset.rs Outdated
@ -0,0 +87,4 @@
State(services): State<crate::State>,
Query(query): Query<PasswordResetQuery>,
axum::Form(form): axum::Form<PasswordResetForm>,
) -> Result<Response, WebError> {
Jade commented 2026-03-03 19:15:03 +00:00
Owner
Copy link

To prevent CSRF, this needs to assert that the Sec-Fetch-Site and Origin headers are from the same domain (or use a CSRF token)

To prevent CSRF, this needs to assert that the Sec-Fetch-Site and Origin headers are from the same domain (or use a CSRF token)
Jade commented 2026-03-03 19:15:30 +00:00
Owner
Copy link

https://www.alexedwards.net/blog/preventing-csrf-in-go

https://www.alexedwards.net/blog/preventing-csrf-in-go
ginger commented 2026-03-03 19:30:34 +00:00
Author
Owner
Copy link

Addressed.

Addressed.
ginger marked this conversation as resolved
fix: Add CSRF protection
Some checks are pending
Documentation / Build and Deploy Documentation (pull_request) Waiting to run
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Waiting to run
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Waiting to run
Details
Update flake hashes / update-flake-hashes (pull_request) Waiting to run
Details
58e0716391
Jade reviewed 2026-03-03 19:31:34 +00:00
src/web/pages/index.rs Outdated
@ -0,0 +16,4 @@
#[derive(Debug, Template)]
#[template(path = "index.html.j2")]
struct Index<'a> {
client_domain: &'a str,
Jade commented 2026-03-03 19:31:34 +00:00
Owner
Copy link

Using client_domain seems incorrect here, clients can resolve well-known themselves.

Using client_domain seems incorrect here, clients can resolve well-known themselves.
ginger commented 2026-03-03 19:44:17 +00:00
Author
Owner
Copy link

oh yeah that is true

oh yeah that is true
ginger marked this conversation as resolved
fix: Use server name in index again
Some checks are pending
Checks / Prek / Pre-commit & Formatting (pull_request) Has started running
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has started running
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 53s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 3m13s
Details
8b8c4aadff
Jade approved these changes 2026-03-03 19:54:06 +00:00
ginger force-pushed ginger/password-reset from 8b8c4aadff
Some checks are pending
Checks / Prek / Pre-commit & Formatting (pull_request) Has started running
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has started running
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 53s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 3m13s
Details
to e74974661d
Some checks are pending
Documentation / Build and Deploy Documentation (pull_request) Waiting to run
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Waiting to run
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Waiting to run
Details
Update flake hashes / update-flake-hashes (pull_request) Waiting to run
Details
2026-03-04 15:26:49 +00:00 Compare
chore: Remove unnecessary database map left over from refactor
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 2m9s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 28s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m45s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
d1c4e994ab
feat: Implement dedicated 404 page for routes under /_continuwuity/
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 9m41s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 5m58s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 3m59s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 1h0m0s
Details
cfedde4e33
ginger force-pushed ginger/password-reset from cfedde4e33
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 9m41s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 5m58s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 3m59s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 1h0m0s
Details
to 8443d2d813
Some checks failed
Update flake hashes / update-flake-hashes (pull_request) Successful in 41s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 2m8s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m5s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
2026-03-04 19:39:19 +00:00 Compare
fix: Evil CSS hackery
Some checks failed
Update flake hashes / update-flake-hashes (pull_request) Successful in 30s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m41s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m16s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 16m15s
Details
0c035f1328
fix: Fix M_NOT_FOUND for users with no origin set
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m17s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m29s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 1m54s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 12m10s
Details
bc1443dc16
ginger force-pushed ginger/password-reset from bc1443dc16
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m17s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m29s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 1m54s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 12m10s
Details
to 34e3c030e9
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m21s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m18s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 1m0s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 11m28s
Details
2026-03-07 18:44:52 +00:00 Compare
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m21s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m18s
Required
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 1m0s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 11m28s
Required
Details
This pull request is blocked because it's outdated.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin ginger/password-reset:ginger/password-reset
git switch ginger/password-reset
Sign in to join this conversation.
Reviewers
No reviewers
Jade
Labels
Clear labels   
Blocked

This pull request or issue is currently blocked from being merged/closed

  
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/E2EE

   
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Matrix/T&S

Changes or issues related to trust & safety tooling

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI

Issues related to CI changes

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed
This issue has enough information and is confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Support

Questions or support requests

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/E2EE
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Matrix/T&S
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity!1484
No description provided.