1002 improve email content (#1804)

* Change the default emails slightly and rework confirmation email page to make some recommendations clearer
* Works a little more on #1002

CTFd/forms/auth.py

@@ -32,7 +32,7 @@ class LoginForm(BaseForm):
 
 
 class ConfirmForm(BaseForm):
-    submit = SubmitField("Resend")
+    submit = SubmitField("Resend Confirmation Email")
 
 
 class ResetPasswordRequestForm(BaseForm):

CTFd/themes/core/templates/confirm.html

@@ -14,27 +14,38 @@
 			<div class="col-md-6 offset-md-3">
 				{% include "components/errors.html" %}
 
-				<h3 class="text-center">
+				<h5 class="text-center">
 					We've sent a confirmation email to your email address.
-				</h3>
+				</h5>
 
 				<br>
 
-				<h4 class="text-center">
+				<h5 class="text-center">
 					Please click the link in that email to confirm your account.
-				</h4>
+				</h5>
+
+				<br>
+
+				<h5 class="text-center">
+					If the email doesn’t arrive, check your spam folder or
+					contact an administrator to manually verify your account.
+				</h5>
 
 				<hr>
 
 				{% with form = Forms.auth.ConfirmForm() %}
 				<form method="POST" action="{{ url_for('auth.confirm') }}">
-					<h4 class="text-center">
+					<div class="row">
-						Need to resend the confirmation email?
+						<div class="col-md-6">
-					</h4>
+							{{ form.submit(class="btn btn-md btn-primary btn-outlined w-100") }}
-					<div class="col-md-12 text-center">
+						</div>
-						{{ form.submit(class="btn btn-md btn-primary btn-outlined") }}
+						<div class="col-md-6">
+							<a href="{{ url_for('views.settings') }}" class="btn btn-md btn-secondary btn-outlined w-100">
+								Change Email Address
+							</a>
+						</div>
+						{{ form.nonce() }}
 					</div>
-					{{ form.nonce() }}
 				</form>
 				{% endwith %}
 			</div>

CTFd/utils/email/__init__.py

@@ -8,8 +8,11 @@ from CTFd.utils.security.signing import serialize
 
 DEFAULT_VERIFICATION_EMAIL_SUBJECT = "Confirm your account for {ctf_name}"
 DEFAULT_VERIFICATION_EMAIL_BODY = (
-    "Please click the following link to confirm your email "
+    "Welcome to {ctf_name}!\n\n"
-    "address for {ctf_name}: {url}"
+    "Click the following link to confirm and activate your account:\n"
+    "{url}"
+    "\n\n"
+    "If the link is not clickable, try copying and pasting it into your browser."
 )
 DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_SUBJECT = "Successfully registered for {ctf_name}"
 DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_BODY = (
@@ -17,20 +20,22 @@ DEFAULT_SUCCESSFUL_REGISTRATION_EMAIL_BODY = (
 )
 DEFAULT_USER_CREATION_EMAIL_SUBJECT = "Message from {ctf_name}"
 DEFAULT_USER_CREATION_EMAIL_BODY = (
-    "An account has been created for you for {ctf_name} at {url}. \n\n"
+    "A new account has been created for you for {ctf_name} at {url}. \n\n"
     "Username: {name}\n"
     "Password: {password}"
 )
 DEFAULT_PASSWORD_RESET_SUBJECT = "Password Reset Request from {ctf_name}"
 DEFAULT_PASSWORD_RESET_BODY = (
-    "Did you initiate a password reset? "
+    "Did you initiate a password reset on {ctf_name}? "
     "If you didn't initiate this request you can ignore this email. \n\n"
-    "Click the following link to reset your password:\n{url}"
+    "Click the following link to reset your password:\n{url}\n\n"
+    "If the link is not clickable, try copying and pasting it into your browser."
 )
 DEFAULT_PASSWORD_CHANGE_ALERT_SUBJECT = "Password Change Confirmation for {ctf_name}"
 DEFAULT_PASSWORD_CHANGE_ALERT_BODY = (
     "Your password for {ctf_name} has been changed.\n\n"
-    "If you didn't request a password change you can reset your password here: {url}"
+    "If you didn't request a password change you can reset your password here:\n{url}\n\n"
+    "If the link is not clickable, try copying and pasting it into your browser."
 )
 
 

tests/users/test_auth.py

@@ -303,7 +303,7 @@ def test_user_can_confirm_email(mock_smtp):
         client = login_as_user(app, name="user1", password="password")
 
         r = client.get("http://localhost/confirm")
-        assert "Need to resend the confirmation email?" in r.get_data(as_text=True)
+        assert "We've sent a confirmation email" in r.get_data(as_text=True)
 
         # smtp send message function was called
         mock_smtp.return_value.send_message.assert_called()
@@ -365,9 +365,10 @@ def test_user_can_reset_password(mock_smtp):
 
             # Build the email
             msg = (
-                "Did you initiate a password reset? If you didn't initiate this request you can ignore this email. "
+                "Did you initiate a password reset on CTFd? If you didn't initiate this request you can ignore this email. "
                 "\n\nClick the following link to reset your password:\n"
-                "http://localhost/reset_password/InVzZXJAdXNlci5jb20i.TxD0vg.28dY_Gzqb1TH9nrcE_H7W8YFM-U"
+                "http://localhost/reset_password/InVzZXJAdXNlci5jb20i.TxD0vg.28dY_Gzqb1TH9nrcE_H7W8YFM-U\n\n"
+                "If the link is not clickable, try copying and pasting it into your browser."
             )
             ctf_name = get_config("ctf_name")
 

tests/utils/test_email.py

@@ -182,9 +182,10 @@ def test_verify_email(mock_smtp):
 
         # This is currently not actually validated
         msg = (
-            "Please click the following link to confirm"
+            "Welcome to CTFd!\n\n"
-            " your email address for CTFd:"
+            "Click the following link to confirm and activate your account:\n"
-            " http://localhost/confirm/InVzZXJAdXNlci5jb20i.TxD0vg.28dY_Gzqb1TH9nrcE_H7W8YFM-U"
+            "http://localhost/confirm/InVzZXJAdXNlci5jb20i.TxD0vg.28dY_Gzqb1TH9nrcE_H7W8YFM-U\n\n"
+            "If the link is not clickable, try copying and pasting it into your browser."
         )
 
         ctf_name = get_config("ctf_name")