Bug 164038 - token.cgi: Cancel token messages should be moved into the…

Bug 164038 - token.cgi: Cancel token messages should be moved into the templates. Patch by burnus; r=gerv.

Bug 164038 - token.cgi: Cancel token messages should be moved into the…
89859e7d · gerv%gerv.net · 60df4e0a · 89859e7d · 89859e7d · 89859e7d
Commit 89859e7d authored Sep 30, 2002 by gerv%gerv.net
7 changed files
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -176,8 +176,7 @@ sub GenerateUniqueToken {

        ++$tries;
        if ($tries > 100) {
-            &::DisplayError("Something is seriously wrong with the token generation system.");
-            exit;
+            &::ThrowCodeError("token_generation_error");
        }

        $token = &::GenerateRandomPassword();

--- a/Token.pm
+++ b/Token.pm
@@ -176,8 +176,7 @@ sub GenerateUniqueToken {

        ++$tries;
        if ($tries > 100) {
-            &::DisplayError("Something is seriously wrong with the token generation system.");
-            exit;
+            &::ThrowCodeError("token_generation_error");
        }

        $token = &::GenerateRandomPassword();

--- a/template/en/default/account/cancel-token.txt.tmpl
+++ b/template/en/default/account/cancel-token.txt.tmpl
@@ -17,6 +17,7 @@
  # Rights Reserved.
  #
  # Contributor(s):     John Vandenberg <zeroj@null.net>
+  #                     Tobias Burnus <burnus@net-b.de>
  #%]
 From: bugzilla-admin-daemon
 To: [% emailaddress %]
@@ -34,6 +35,47 @@ to [% maintainer %] if you suspect foul play.
             User: [% emailaddress %]
       Issue Date: [% issuedate %]
       Event Data: [% eventdata %]
-Cancelled Because: [% cancelaction %]
+Cancelled Because:
+[% PROCESS cancelactionmessage %]

+[% BLOCK cancelactionmessage %]
+  [% IF    cancelaction == 'account_exists' %]
+    Account [% email %] already exists.

+  [% ELSIF cancelaction == 'email_change_cancelled' %]
+    The request to change the email address for the
+    [% old_email %] account to [% new_email %]
+    has been cancelled.
+
+  [% ELSIF cancelaction == 'email_change_cancelled_reinstated' %]
+    The request to change the email address for your account to
+    [% new_email %] has been cancelled. Your old account
+    settings have been reinstated.
+
+  [% ELSIF cancelaction == 'emailold_change_cancelled' %]
+    The request to change the email address for your account
+    to [% new_email %] has been cancelled.
+
+  [% ELSIF cancelaction == 'password_change_canceled' %]
+    The user requested cancellation.
+
+  [% ELSIF cancelaction == 'wrong_token_for_changing_passwd' %]
+    The user tried to use the token to change the password.
+
+  [% ELSIF cancelaction == 'wrong_token_for_cancelling_email_change' %]
+    The user tried to use the token to cancel the email address change.
+
+  [% ELSIF cancelaction == 'wrong_token_for_confirming_email_change' %]
+    The user tried to use the token to confirm the email address change.
+
+  [% ELSE %]
+    [%# Give sensible error if the cancel-token function is used incorrectly.
+      #%]        
+    You are using Bugzilla's cancel-token function incorrectly. You
+    passed in the string '[% cancelaction %]'. The correct use is to pass
+    in a tag, and define that tag in the file cancel-token.txt.tmpl.
+
+    If you are a Bugzilla end-user seeing this message, please forward this
+    email to [% Param('maintainer') %].
+  [% END %]
+[% END %]
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -127,6 +127,9 @@
  [% ELSIF error == "request_queue_group_invalid" %]
    The group field <em>[% group FILTER html %]</em> is invalid.

+  [% ELSIF error == "token_generation_error" %]
+    Something is seriously wrong with the token generation system.
+
  [% ELSIF error == "template_error" %]
    [% template_error_msg %]

@@ -134,7 +137,11 @@
    [% field FILTER html %] was not defined; [% Param('browserbugmessage') %]

  [% ELSIF error == "unknown_action" %]
-    Unknown action [% action FILTER html %]!
+    [% IF action %]
+       Unknown action [% action FILTER html %]!
+    [% ELSE %]
+       I could not figure out what you wanted to do.
+    [% END %]
    
  [% ELSIF error == "unknown_component" %]
    [% title = "Unknown Component" %]

--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -56,6 +56,23 @@
    [% title = "Change columns" %]
    Resubmitting your query with new columns...

+  [% ELSIF message_tag == "emailold_change_cancelled" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for your account to
+    [% new_email FILTER html %] has been cancelled.
+
+  [% ELSIF message_tag == "email_change_cancelled" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for the
+    [% old_email FILTER html %] account to
+    [% new_email FILTER html %] has been cancelled.
+
+  [% ELSIF message_tag == "email_change_cancelled_reinstated" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for the
+    [% old_email %] account to [% new_email %] has been cancelled.
+    Your old account settings have been reinstated.
+
  [% ELSIF message_tag == "logged_out" %]
    [% title = "Logged Out" %]
    [% url = "query.cgi?GoAheadAndLogIn=1" %]

--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -48,8 +48,17 @@
            
  [% ELSIF error == "account_exists" %]
    [% title = "Account Already Exists" %]
-    That account already exists.
+    There is already an account with
+    [% IF email %]
+      the login name [% email FILTER html %].
+    [% ELSE %]
+      that login name.
+    [% END %]
                  
+  [% ELSIF error == "account_inexistent" %]
+    [% title = "Account Does Not Exist" %]
+    There is no Bugzilla account with that login name.
+
  [% ELSIF error == "alias_has_comma_or_space" %]
    [% title = "Invalid Characters In Alias" %]
    The alias you entered, <em>[% alias FILTER html %]</em>,
@@ -134,6 +143,10 @@
    really make sense to mark a bug as a duplicate of itself, 
    does it?  
    
+  [% ELSIF error == "email_confirmation_failed" %]
+    [% title = "Email Address Email Address Confirmation Failed" %]
+    Email address confirmation failed.
+
  [% ELSIF error == "file_not_specified" %]
    [% title = "No File Specified" %]
    You did not specify a file to attach.
@@ -259,6 +272,10 @@
    [% title = "Invalid Username Or Password" %]
    The username or password you entered is not valid.
                    
+  [% ELSIF error == "login_needed_for_password_change" %]
+    [% title = "Login Name Required" %]
+    You must enter a login name when requesting to change your password.
+
  [% ELSIF error == "milestone_required" %]
    [% title = "Milestone Required" %]
    You must determine a target milestone for bug [% bug_id %]
@@ -366,6 +383,15 @@
      100 users.  Enter more of the name to bring the number of matches 
      down to a reasonable amount.
  
+  [% ELSIF error == "require_new_password" %]
+     [% title = "New Password Needed" %]
+     You cannot change your password without submitting a new one.
+
+  [% ELSIF error == "token_inexistent" %]
+     [% title = "Token Does Not Exist" %]
+     The token you submitted does not exist, has expired, or has
+     been cancelled.
+
  [% ELSIF error == "unknown_keyword" %]
    [% title = "Unknown Keyword" %]
    <code>[% keyword FILTER html %]</code> is not a known keyword. 
@@ -375,6 +401,18 @@
    [% title = "Unknown Tab" %]
    <code>[% current_tab_name FILTER html %]</code> is not a legal tab name.    
    
+  [% ELSIF error == "wrong_token_for_cancelling_email_change" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to cancel an email address change.
+
+  [% ELSIF error == "wrong_token_for_changing_passwd" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to change your password.
+
+  [% ELSIF error == "wrong_token_for_confirming_email_change" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to change your email address.
+
  [% ELSIF error == "zero_length_file" %]
    [% title = "File Is Empty" %]
    The file you are trying to attach is empty!    

--- a/token.cgi
+++ b/token.cgi
@@ -48,9 +48,7 @@ use Token;

 # Throw an error if the form does not contain an "action" field specifying
 # what the user wants to do.
-$::FORM{'a'}
-  || DisplayError("I could not figure out what you wanted to do.")
-  && exit;
+$::FORM{'a'} || ThrowCodeError("unknown_action");

 # Assign the action to a global variable.
 $::action = $::FORM{'a'};
@@ -65,8 +63,7 @@ if ($::FORM{'t'}) {
  # Make sure the token contains only valid characters in the right amount.
  my $validationerror = ValidatePassword($::token);
  if ($validationerror) {
-      DisplayError('The token you entered is invalid.');
-      exit;
+      ThrowUserError("token_invalid");
  }


@@ -74,29 +71,22 @@ if ($::FORM{'t'}) {

  # Make sure the token exists in the database.
  SendSQL( "SELECT tokentype FROM tokens WHERE token = $::quotedtoken" );
-  (my $tokentype = FetchSQLData())
-    || DisplayError("The token you submitted does not exist, has expired, or has been cancelled.")
-    && exit;
+  (my $tokentype = FetchSQLData()) || ThrowUserError("token_inexistent");

  # Make sure the token is the correct type for the action being taken.
  if ( grep($::action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) {
-    DisplayError("That token cannot be used to change your password.");
-    Token::Cancel($::token, "user tried to use token to change password");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_changing_passwd");
+    ThrowUserError("wrong_token_for_changing_passwd");
  }
  if ( ($::action eq 'cxlem') 
      && (($tokentype ne 'emailold') && ($tokentype ne 'emailnew')) ) {
-    DisplayError("That token cannot be used to cancel an email address change.");
-    Token::Cancel($::token, 
-                  "user tried to use token to cancel email address change");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_cancelling_email_change");
+    ThrowUserError("wrong_token_for_cancelling_email_change");
  }
  if ( grep($::action eq $_ , qw(cfmem chgem)) 
      && ($tokentype ne 'emailnew') ) {
-    DisplayError("That token cannot be used to change your email address.");
-    Token::Cancel($::token, 
-                  "user tried to use token to confirm email address change");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_confirming_email_change");
+    ThrowUserError("wrong_token_for_confirming_email_change");
  }
 }

@@ -104,8 +94,7 @@ if ($::FORM{'t'}) {
 # their login name and it exists in the database.
 if ( $::action eq 'reqpw' ) {
    defined $::FORM{'loginname'}
-      || DisplayError("You must enter a login name when requesting to change your password.")
-      && exit;
+      || ThrowUserError("login_needed_for_password_change");

    # Make sure the login name looks like an email address.  This function
    # displays its own error and stops execution if the login name looks wrong.
@@ -114,8 +103,7 @@ if ( $::action eq 'reqpw' ) {
    my $quotedloginname = SqlQuote($::FORM{'loginname'});
    SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname");
    FetchSQLData()
-      || DisplayError("There is no Bugzilla account with that login name.")
-      && exit;
+      || ThrowUserError("account_inexistent");
 }

 # If the user is changing their password, make sure they submitted a new
@@ -123,8 +111,7 @@ if ( $::action eq 'reqpw' ) {
 if ( $::action eq 'chgpw' ) {
    defined $::FORM{'password'}
      && defined $::FORM{'matchpassword'}
-      || DisplayError("You cannot change your password without submitting a new one.")
-      && exit;
+      || ThrowUserError("require_new_password");

     my $passworderror = ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'});
     if ( $passworderror ) {
@@ -159,7 +146,7 @@ if ($::action eq 'reqpw') {
    # If the action that the user wants to take (specified in the "a" form field)
    # is none of the above listed actions, display an error telling the user 
    # that we do not understand what they would like to do.
-    DisplayError("I could not figure out what you wanted to do.");
+    ThrowCodeError("unknown_action");
 }

 exit;
@@ -187,9 +174,8 @@ sub confirmChangePassword {
 }

 sub cancelChangePassword {    
-    Token::Cancel($::token, "user requested cancellation");
-
    $vars->{'message'} = "password_change_canceled";
+    Token::Cancel($::token, $vars->{'message'});

    print "Content-Type: text/html\n\n";
    $template->process("global/message.html.tmpl", $vars)
@@ -244,15 +230,14 @@ sub changeEmail {

    # Check the user entered the correct old email address
    if($::FORM{'email'} ne $old_email) {
-        DisplayError("Email Address confirmation failed");
-        exit;
+        ThrowUserError("email_confirmation_failed");
    }
    # The new email address should be available as this was 
    # confirmed initially so cancel token if it is not still available
    if (! ValidateNewUser($new_email,$old_email)) {
-        DisplayError("Account $new_email already exists.");
-        Token::Cancel($::token,"Account $new_email already exists.");
-        exit;
+        $vars->{'email'} = $new_email;
+        Token::Cancel($::token,"account_exists");
+        ThrowUserError("account_exists");
    } 

    # Update the user's login name in the profiles table and delete the token
@@ -286,8 +271,7 @@ sub cancelChangeEmail {
    my ($old_email, $new_email) = split(/:/,$eventdata);

    if($tokentype eq "emailold") {
-        $vars->{'message'} = "The request to change the email address " .
-            "for your account to $new_email has been cancelled.";
+        $vars->{'message'} = "emailold_change_cancelled";

        SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
        my $actualemail = FetchSQLData();
@@ -302,14 +286,15 @@ sub cancelChangeEmail {
                 WHERE    userid = $userid");
            SendSQL("UNLOCK TABLES");
            DeriveGroup($userid);
-            $vars->{'message'} .= 
-                "  Your old account settings have been reinstated.";
+            $vars->{'message'} = "email_change_cancelled_reinstated";
        } 
    } 
    else {
-        $vars->{'message'} = "The request to change the email address " .
-            "for the $old_email account to $new_email has been cancelled.";
-    }
+        $vars->{'message'} = 'email_change_cancelled'
+     }
+
+    $vars->{'old_email'} = $old_email;
+    $vars->{'new_email'} = $new_email;
    Token::Cancel($::token, $vars->{'message'});

    SendSQL("LOCK TABLES tokens WRITE");
@@ -321,8 +306,6 @@ sub cancelChangeEmail {
    # Return HTTP response headers.
    print "Content-Type: text/html\n\n";

-    $vars->{'title'} = "Cancel Request to Change Email Address";
-
    $template->process("global/message.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
 }