@(tpi: debiki.SiteTpi, origNonceBack: String,
oldEmailAddr: String, oldEmailVerified: Boolean,
oldUsername: String, createdOnDate: String,
newIdentityNameOrEmailOrId: String, idpName: String, linkSecret: String)
@css = @{("""
input[type="text"] {
width: 440px;
max-width: 90%;
padding: 5px;
}
""")}
@youHaveOrThereIs = @{
if (oldEmailVerified) "You already have"
else "There is already"
}
@yesClass = @{ if (oldEmailVerified) "btn-primary" else "btn-default" }
@noClass = @{ if (!oldEmailVerified) "btn-primary" else "btn-default" }
@views.html.createsite.main(tpi, css = css) {
Link accounts?
@* Note that the person reading this, controls the email addr,
so it's hens old account — but if email verification not required
at this site, then, the old account could be an attacker's account
(an "Account fixation attack", or an impostor somehow?), or someone who
misspelled hens real email address, when signing up some time ago.
In any case, should be fine to show the old account email and username here.
SECURITY TODO compare origNonceBack with the local storage nonce. [br_authn_nonce]
*@
@youHaveOrThereIs an account here with email address
@oldEmailAddr,
username @oldUsername, created on @createdOnDate.
@* [act_fx_atk] *@
@if(!oldEmailVerified) {
BUT that other account has not verified its email address!
Maybe someone else, not you, created it?
Are you sure it's your account?
If it's not yours, click No below,
and contact the site admins and tell them someone else has created
an account with your email address.
}
Now you're logging in via: @idpName,
as user @newIdentityNameOrEmailOrId,
with the same email address.
Do you want to link your @idpName account @newIdentityNameOrEmailOrId
to the account you already have here with username @oldUsername?
Then you'll be able to login here, via @idpName.
}