Set backup niggles: 2
Don't tell the user their pasphrase doesn't match if it's correct so far
This commit is contained in:
parent
1c42f4f5a0
commit
1d209c5064
1 changed files with 14 additions and 7 deletions
|
@ -294,14 +294,21 @@ export default React.createClass({
|
|||
_renderPhasePassPhraseConfirm: function() {
|
||||
const AccessibleButton = sdk.getComponent('elements.AccessibleButton');
|
||||
|
||||
let matchText;
|
||||
if (this.state.passPhraseConfirm === this.state.passPhrase) {
|
||||
matchText = _t("That matches!");
|
||||
} else if (!this.state.passPhrase.startsWith(this.state.passPhraseConfirm)) {
|
||||
// only tell them they're wrong if they've actually gone wrong.
|
||||
// Security concious readers will note that if you left riot-web unattended
|
||||
// on this screen, this would make it easy for a malicious person to guess
|
||||
// your passphrase one letter at a time, but they could get this faster by
|
||||
// just opening the browser's developer tools and reading it.
|
||||
// Note that this includes not having typed anything at all.
|
||||
matchText = _t("That doesn't match.");
|
||||
}
|
||||
|
||||
let passPhraseMatch = null;
|
||||
if (this.state.passPhraseConfirm.length > 0) {
|
||||
let matchText;
|
||||
if (this.state.passPhraseConfirm === this.state.passPhrase) {
|
||||
matchText = _t("That matches!");
|
||||
} else {
|
||||
matchText = _t("That doesn't match.");
|
||||
}
|
||||
if (matchText) {
|
||||
passPhraseMatch = <div className="mx_CreateKeyBackupDialog_passPhraseMatch">
|
||||
<div>{matchText}</div>
|
||||
<div>
|
||||
|
|
Loading…
Reference in a new issue