fix(core): Make password-reset urls valid only for single-use (#7622)

packages/editor-ui/src/plugins/i18n/locales/en.json

@@ -93,7 +93,7 @@
 	"auth.changePassword.passwordUpdatedMessage": "You can now sign in with your new password",
 	"auth.changePassword.passwordsMustMatchError": "Passwords must match",
 	"auth.changePassword.reenterNewPassword": "Re-enter new password",
-	"auth.changePassword.tokenValidationError": "Issue validating invite token",
+	"auth.changePassword.tokenValidationError": "Invalid password-reset token",
 	"auth.defaultPasswordRequirements": "8+ characters, at least 1 number and 1 capital letter",
 	"auth.validation.missingParameters": "Missing token or user id",
 	"auth.email": "Email",

packages/editor-ui/src/views/ChangePasswordView.vue

@@ -103,10 +103,8 @@ export default defineComponent({
 
 			await this.usersStore.validatePasswordToken({ token });
 		} catch (e) {
-			this.showMessage({
-				title: this.$locale.baseText('auth.changePassword.tokenValidationError'),
-				type: 'error',
-			});
+			this.showError(e, this.$locale.baseText('auth.changePassword.tokenValidationError'));
+			void this.$router.replace({ name: VIEWS.SIGNIN });
 		}
 	},
 	methods: {

packages/editor-ui/src/views/SignupView.vue

@@ -121,7 +121,7 @@ export default defineComponent({
 		async onSubmit(values: { [key: string]: string | boolean }) {
 			if (!this.inviterId || !this.inviteeId) {
 				this.showError(
-					new Error(this.$locale.baseText('auth.changePassword.tokenValidationError')),
+					new Error(this.$locale.baseText('auth.signup.tokenValidationError')),
 					this.$locale.baseText('auth.signup.setupYourAccountError'),
 				);
 				return;