Skip to content

bugzilla
bugzilla
Commit 89859e7d authored by gerv%gerv.net's avatar gerv%gerv.net
Browse files
Options

Bug 164038 - token.cgi: Cancel token messages should be moved into the…

Bug 164038 - token.cgi: Cancel token messages should be moved into the templates. Patch by burnus; r=gerv.
parent 60df4e0a
Show whitespace changes
Inline Side-by-side
Showing with 132 additions and 47 deletions
Bugzilla/Token.pm
View file @ 89859e7d
...@@ -176,8 +176,7 @@ sub GenerateUniqueToken { ...@@ -176,8 +176,7 @@ sub GenerateUniqueToken {
++$tries; ++$tries;
if ($tries > 100) { if ($tries > 100) {
&::DisplayError("Something is seriously wrong with the token generation system."); &::ThrowCodeError("token_generation_error");
exit;
} }
$token = &::GenerateRandomPassword(); $token = &::GenerateRandomPassword();
......
Token.pm
View file @ 89859e7d
...@@ -176,8 +176,7 @@ sub GenerateUniqueToken { ...@@ -176,8 +176,7 @@ sub GenerateUniqueToken {
++$tries; ++$tries;
if ($tries > 100) { if ($tries > 100) {
&::DisplayError("Something is seriously wrong with the token generation system."); &::ThrowCodeError("token_generation_error");
exit;
} }
$token = &::GenerateRandomPassword(); $token = &::GenerateRandomPassword();
......
template/en/default/account/cancel-token.txt.tmpl
View file @ 89859e7d
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
# Rights Reserved. # Rights Reserved.
# #
# Contributor(s): John Vandenberg <zeroj@null.net> # Contributor(s): John Vandenberg <zeroj@null.net>
# Tobias Burnus <burnus@net-b.de>
#%] #%]
From: bugzilla-admin-daemon From: bugzilla-admin-daemon
To: [% emailaddress %] To: [% emailaddress %]
...@@ -34,6 +35,47 @@ to [% maintainer %] if you suspect foul play. ...@@ -34,6 +35,47 @@ to [% maintainer %] if you suspect foul play.
User: [% emailaddress %] User: [% emailaddress %]
Issue Date: [% issuedate %] Issue Date: [% issuedate %]
Event Data: [% eventdata %] Event Data: [% eventdata %]
Cancelled Because: [% cancelaction %] Cancelled Because:
[% PROCESS cancelactionmessage %]
[% BLOCK cancelactionmessage %]
[% IF cancelaction == 'account_exists' %]
Account [% email %] already exists.
[% ELSIF cancelaction == 'email_change_cancelled' %]
The request to change the email address for the
[% old_email %] account to [% new_email %]
has been cancelled.
[% ELSIF cancelaction == 'email_change_cancelled_reinstated' %]
The request to change the email address for your account to
[% new_email %] has been cancelled. Your old account
settings have been reinstated.
[% ELSIF cancelaction == 'emailold_change_cancelled' %]
The request to change the email address for your account
to [% new_email %] has been cancelled.
[% ELSIF cancelaction == 'password_change_canceled' %]
The user requested cancellation.
[% ELSIF cancelaction == 'wrong_token_for_changing_passwd' %]
The user tried to use the token to change the password.
[% ELSIF cancelaction == 'wrong_token_for_cancelling_email_change' %]
The user tried to use the token to cancel the email address change.
[% ELSIF cancelaction == 'wrong_token_for_confirming_email_change' %]
The user tried to use the token to confirm the email address change.
[% ELSE %]
[%# Give sensible error if the cancel-token function is used incorrectly.
#%]
You are using Bugzilla's cancel-token function incorrectly. You
passed in the string '[% cancelaction %]'. The correct use is to pass
in a tag, and define that tag in the file cancel-token.txt.tmpl.
If you are a Bugzilla end-user seeing this message, please forward this
email to [% Param('maintainer') %].
[% END %]
[% END %]
template/en/default/global/code-error.html.tmpl
View file @ 89859e7d
...@@ -127,6 +127,9 @@ ...@@ -127,6 +127,9 @@
[% ELSIF error == "request_queue_group_invalid" %] [% ELSIF error == "request_queue_group_invalid" %]
The group field <em>[% group FILTER html %]</em> is invalid. The group field <em>[% group FILTER html %]</em> is invalid.
[% ELSIF error == "token_generation_error" %]
Something is seriously wrong with the token generation system.
[% ELSIF error == "template_error" %] [% ELSIF error == "template_error" %]
[% template_error_msg %] [% template_error_msg %]
...@@ -134,7 +137,11 @@ ...@@ -134,7 +137,11 @@
[% field FILTER html %] was not defined; [% Param('browserbugmessage') %] [% field FILTER html %] was not defined; [% Param('browserbugmessage') %]
[% ELSIF error == "unknown_action" %] [% ELSIF error == "unknown_action" %]
[% IF action %]
Unknown action [% action FILTER html %]! Unknown action [% action FILTER html %]!
[% ELSE %]
I could not figure out what you wanted to do.
[% END %]
[% ELSIF error == "unknown_component" %] [% ELSIF error == "unknown_component" %]
[% title = "Unknown Component" %] [% title = "Unknown Component" %]
......
template/en/default/global/messages.html.tmpl
View file @ 89859e7d
...@@ -56,6 +56,23 @@ ...@@ -56,6 +56,23 @@
[% title = "Change columns" %] [% title = "Change columns" %]
Resubmitting your query with new columns... Resubmitting your query with new columns...
[% ELSIF message_tag == "emailold_change_cancelled" %]
[% title = "Cancel Request to Change Email Address" %]
The request to change the email address for your account to
[% new_email FILTER html %] has been cancelled.
[% ELSIF message_tag == "email_change_cancelled" %]
[% title = "Cancel Request to Change Email Address" %]
The request to change the email address for the
[% old_email FILTER html %] account to
[% new_email FILTER html %] has been cancelled.
[% ELSIF message_tag == "email_change_cancelled_reinstated" %]
[% title = "Cancel Request to Change Email Address" %]
The request to change the email address for the
[% old_email %] account to [% new_email %] has been cancelled.
Your old account settings have been reinstated.
[% ELSIF message_tag == "logged_out" %] [% ELSIF message_tag == "logged_out" %]
[% title = "Logged Out" %] [% title = "Logged Out" %]
[% url = "query.cgi?GoAheadAndLogIn=1" %] [% url = "query.cgi?GoAheadAndLogIn=1" %]
......
template/en/default/global/user-error.html.tmpl
View file @ 89859e7d
...@@ -48,7 +48,16 @@ ...@@ -48,7 +48,16 @@
[% ELSIF error == "account_exists" %] [% ELSIF error == "account_exists" %]
[% title = "Account Already Exists" %] [% title = "Account Already Exists" %]
That account already exists. There is already an account with
[% IF email %]
the login name [% email FILTER html %].
[% ELSE %]
that login name.
[% END %]
[% ELSIF error == "account_inexistent" %]
[% title = "Account Does Not Exist" %]
There is no Bugzilla account with that login name.
[% ELSIF error == "alias_has_comma_or_space" %] [% ELSIF error == "alias_has_comma_or_space" %]
[% title = "Invalid Characters In Alias" %] [% title = "Invalid Characters In Alias" %]
...@@ -134,6 +143,10 @@ ...@@ -134,6 +143,10 @@
really make sense to mark a bug as a duplicate of itself, really make sense to mark a bug as a duplicate of itself,
does it? does it?
[% ELSIF error == "email_confirmation_failed" %]
[% title = "Email Address Email Address Confirmation Failed" %]
Email address confirmation failed.
[% ELSIF error == "file_not_specified" %] [% ELSIF error == "file_not_specified" %]
[% title = "No File Specified" %] [% title = "No File Specified" %]
You did not specify a file to attach. You did not specify a file to attach.
...@@ -259,6 +272,10 @@ ...@@ -259,6 +272,10 @@
[% title = "Invalid Username Or Password" %] [% title = "Invalid Username Or Password" %]
The username or password you entered is not valid. The username or password you entered is not valid.
[% ELSIF error == "login_needed_for_password_change" %]
[% title = "Login Name Required" %]
You must enter a login name when requesting to change your password.
[% ELSIF error == "milestone_required" %] [% ELSIF error == "milestone_required" %]
[% title = "Milestone Required" %] [% title = "Milestone Required" %]
You must determine a target milestone for bug [% bug_id %] You must determine a target milestone for bug [% bug_id %]
...@@ -366,6 +383,15 @@ ...@@ -366,6 +383,15 @@
100 users. Enter more of the name to bring the number of matches 100 users. Enter more of the name to bring the number of matches
down to a reasonable amount. down to a reasonable amount.
[% ELSIF error == "require_new_password" %]
[% title = "New Password Needed" %]
You cannot change your password without submitting a new one.
[% ELSIF error == "token_inexistent" %]
[% title = "Token Does Not Exist" %]
The token you submitted does not exist, has expired, or has
been cancelled.
[% ELSIF error == "unknown_keyword" %] [% ELSIF error == "unknown_keyword" %]
[% title = "Unknown Keyword" %] [% title = "Unknown Keyword" %]
<code>[% keyword FILTER html %]</code> is not a known keyword. <code>[% keyword FILTER html %]</code> is not a known keyword.
...@@ -375,6 +401,18 @@ ...@@ -375,6 +401,18 @@
[% title = "Unknown Tab" %] [% title = "Unknown Tab" %]
<code>[% current_tab_name FILTER html %]</code> is not a legal tab name. <code>[% current_tab_name FILTER html %]</code> is not a legal tab name.
[% ELSIF error == "wrong_token_for_cancelling_email_change" %]
[% title = "Wrong Token" %]
That token cannot be used to cancel an email address change.
[% ELSIF error == "wrong_token_for_changing_passwd" %]
[% title = "Wrong Token" %]
That token cannot be used to change your password.
[% ELSIF error == "wrong_token_for_confirming_email_change" %]
[% title = "Wrong Token" %]
That token cannot be used to change your email address.
[% ELSIF error == "zero_length_file" %] [% ELSIF error == "zero_length_file" %]
[% title = "File Is Empty" %] [% title = "File Is Empty" %]
The file you are trying to attach is empty! The file you are trying to attach is empty!
......
token.cgi
View file @ 89859e7d
...@@ -48,9 +48,7 @@ use Token; ...@@ -48,9 +48,7 @@ use Token;
# Throw an error if the form does not contain an "action" field specifying # Throw an error if the form does not contain an "action" field specifying
# what the user wants to do. # what the user wants to do.
$::FORM{'a'} $::FORM{'a'} || ThrowCodeError("unknown_action");
|| DisplayError("I could not figure out what you wanted to do.")
&& exit;
# Assign the action to a global variable. # Assign the action to a global variable.
$::action = $::FORM{'a'}; $::action = $::FORM{'a'};
...@@ -65,8 +63,7 @@ if ($::FORM{'t'}) { ...@@ -65,8 +63,7 @@ if ($::FORM{'t'}) {
# Make sure the token contains only valid characters in the right amount. # Make sure the token contains only valid characters in the right amount.
my $validationerror = ValidatePassword($::token); my $validationerror = ValidatePassword($::token);
if ($validationerror) { if ($validationerror) {
DisplayError('The token you entered is invalid.'); ThrowUserError("token_invalid");
exit;
} }
...@@ -74,29 +71,22 @@ if ($::FORM{'t'}) { ...@@ -74,29 +71,22 @@ if ($::FORM{'t'}) {
# Make sure the token exists in the database. # Make sure the token exists in the database.
SendSQL( "SELECT tokentype FROM tokens WHERE token = $::quotedtoken" ); SendSQL( "SELECT tokentype FROM tokens WHERE token = $::quotedtoken" );
(my $tokentype = FetchSQLData()) (my $tokentype = FetchSQLData()) || ThrowUserError("token_inexistent");
|| DisplayError("The token you submitted does not exist, has expired, or has been cancelled.")
&& exit;
# Make sure the token is the correct type for the action being taken. # Make sure the token is the correct type for the action being taken.
if ( grep($::action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) { if ( grep($::action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) {
DisplayError("That token cannot be used to change your password."); Token::Cancel($::token, "wrong_token_for_changing_passwd");
Token::Cancel($::token, "user tried to use token to change password"); ThrowUserError("wrong_token_for_changing_passwd");
exit;
} }
if ( ($::action eq 'cxlem') if ( ($::action eq 'cxlem')
&& (($tokentype ne 'emailold') && ($tokentype ne 'emailnew')) ) { && (($tokentype ne 'emailold') && ($tokentype ne 'emailnew')) ) {
DisplayError("That token cannot be used to cancel an email address change."); Token::Cancel($::token, "wrong_token_for_cancelling_email_change");
Token::Cancel($::token, ThrowUserError("wrong_token_for_cancelling_email_change");
"user tried to use token to cancel email address change");
exit;
} }
if ( grep($::action eq $_ , qw(cfmem chgem)) if ( grep($::action eq $_ , qw(cfmem chgem))
&& ($tokentype ne 'emailnew') ) { && ($tokentype ne 'emailnew') ) {
DisplayError("That token cannot be used to change your email address."); Token::Cancel($::token, "wrong_token_for_confirming_email_change");
Token::Cancel($::token, ThrowUserError("wrong_token_for_confirming_email_change");
"user tried to use token to confirm email address change");
exit;
} }
} }
...@@ -104,8 +94,7 @@ if ($::FORM{'t'}) { ...@@ -104,8 +94,7 @@ if ($::FORM{'t'}) {
# their login name and it exists in the database. # their login name and it exists in the database.
if ( $::action eq 'reqpw' ) { if ( $::action eq 'reqpw' ) {
defined $::FORM{'loginname'} defined $::FORM{'loginname'}
|| DisplayError("You must enter a login name when requesting to change your password.") || ThrowUserError("login_needed_for_password_change");
&& exit;
# Make sure the login name looks like an email address. This function # Make sure the login name looks like an email address. This function
# displays its own error and stops execution if the login name looks wrong. # displays its own error and stops execution if the login name looks wrong.
...@@ -114,8 +103,7 @@ if ( $::action eq 'reqpw' ) { ...@@ -114,8 +103,7 @@ if ( $::action eq 'reqpw' ) {
my $quotedloginname = SqlQuote($::FORM{'loginname'}); my $quotedloginname = SqlQuote($::FORM{'loginname'});
SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname"); SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname");
FetchSQLData() FetchSQLData()
|| DisplayError("There is no Bugzilla account with that login name.") || ThrowUserError("account_inexistent");
&& exit;
} }
# If the user is changing their password, make sure they submitted a new # If the user is changing their password, make sure they submitted a new
...@@ -123,8 +111,7 @@ if ( $::action eq 'reqpw' ) { ...@@ -123,8 +111,7 @@ if ( $::action eq 'reqpw' ) {
if ( $::action eq 'chgpw' ) { if ( $::action eq 'chgpw' ) {
defined $::FORM{'password'} defined $::FORM{'password'}
&& defined $::FORM{'matchpassword'} && defined $::FORM{'matchpassword'}
|| DisplayError("You cannot change your password without submitting a new one.") || ThrowUserError("require_new_password");
&& exit;
my $passworderror = ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'}); my $passworderror = ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'});
if ( $passworderror ) { if ( $passworderror ) {
...@@ -159,7 +146,7 @@ if ($::action eq 'reqpw') { ...@@ -159,7 +146,7 @@ if ($::action eq 'reqpw') {
# If the action that the user wants to take (specified in the "a" form field) # If the action that the user wants to take (specified in the "a" form field)
# is none of the above listed actions, display an error telling the user # is none of the above listed actions, display an error telling the user
# that we do not understand what they would like to do. # that we do not understand what they would like to do.
DisplayError("I could not figure out what you wanted to do."); ThrowCodeError("unknown_action");
} }
exit; exit;
...@@ -187,9 +174,8 @@ sub confirmChangePassword { ...@@ -187,9 +174,8 @@ sub confirmChangePassword {
} }
sub cancelChangePassword { sub cancelChangePassword {
Token::Cancel($::token, "user requested cancellation");
$vars->{'message'} = "password_change_canceled"; $vars->{'message'} = "password_change_canceled";
Token::Cancel($::token, $vars->{'message'});
print "Content-Type: text/html\n\n"; print "Content-Type: text/html\n\n";
$template->process("global/message.html.tmpl", $vars) $template->process("global/message.html.tmpl", $vars)
...@@ -244,15 +230,14 @@ sub changeEmail { ...@@ -244,15 +230,14 @@ sub changeEmail {
# Check the user entered the correct old email address # Check the user entered the correct old email address
if($::FORM{'email'} ne $old_email) { if($::FORM{'email'} ne $old_email) {
DisplayError("Email Address confirmation failed"); ThrowUserError("email_confirmation_failed");
exit;
} }
# The new email address should be available as this was # The new email address should be available as this was
# confirmed initially so cancel token if it is not still available # confirmed initially so cancel token if it is not still available
if (! ValidateNewUser($new_email,$old_email)) { if (! ValidateNewUser($new_email,$old_email)) {
DisplayError("Account $new_email already exists."); $vars->{'email'} = $new_email;
Token::Cancel($::token,"Account $new_email already exists."); Token::Cancel($::token,"account_exists");
exit; ThrowUserError("account_exists");
} }
# Update the user's login name in the profiles table and delete the token # Update the user's login name in the profiles table and delete the token
...@@ -286,8 +271,7 @@ sub cancelChangeEmail { ...@@ -286,8 +271,7 @@ sub cancelChangeEmail {
my ($old_email, $new_email) = split(/:/,$eventdata); my ($old_email, $new_email) = split(/:/,$eventdata);
if($tokentype eq "emailold") { if($tokentype eq "emailold") {
$vars->{'message'} = "The request to change the email address " . $vars->{'message'} = "emailold_change_cancelled";
"for your account to $new_email has been cancelled.";
SendSQL("SELECT login_name FROM profiles WHERE userid = $userid"); SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
my $actualemail = FetchSQLData(); my $actualemail = FetchSQLData();
...@@ -302,14 +286,15 @@ sub cancelChangeEmail { ...@@ -302,14 +286,15 @@ sub cancelChangeEmail {
WHERE userid = $userid"); WHERE userid = $userid");
SendSQL("UNLOCK TABLES"); SendSQL("UNLOCK TABLES");
DeriveGroup($userid); DeriveGroup($userid);
$vars->{'message'} .= $vars->{'message'} = "email_change_cancelled_reinstated";
" Your old account settings have been reinstated.";
} }
} }
else { else {
$vars->{'message'} = "The request to change the email address " . $vars->{'message'} = 'email_change_cancelled'
"for the $old_email account to $new_email has been cancelled.";
} }
$vars->{'old_email'} = $old_email;
$vars->{'new_email'} = $new_email;
Token::Cancel($::token, $vars->{'message'}); Token::Cancel($::token, $vars->{'message'});
SendSQL("LOCK TABLES tokens WRITE"); SendSQL("LOCK TABLES tokens WRITE");
...@@ -321,8 +306,6 @@ sub cancelChangeEmail { ...@@ -321,8 +306,6 @@ sub cancelChangeEmail {
# Return HTTP response headers. # Return HTTP response headers.
print "Content-Type: text/html\n\n"; print "Content-Type: text/html\n\n";
$vars->{'title'} = "Cancel Request to Change Email Address";
$template->process("global/message.html.tmpl", $vars) $template->process("global/message.html.tmpl", $vars)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment