summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-06-05 00:54:38 +0200
committermkanat%bugzilla.org <>2009-06-05 00:54:38 +0200
commit31570d1a282a92dd2f9f745414c2c40dbd4bdff1 (patch)
treeff6c0b961ddd676440f41e7920c4e9dec05f3b91
parentf78ab4f463a42bd2a6368f958d831725148bcf9b (diff)
downloadbugzilla-31570d1a282a92dd2f9f745414c2c40dbd4bdff1.tar.gz
bugzilla-31570d1a282a92dd2f9f745414c2c40dbd4bdff1.tar.xz
Bug 493642: Never include hidden_fields in the header/footer login form, and when a REQUIRE_LOGIN page shows a login form, hide the header/footer login form.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
-rw-r--r--Bugzilla.pm18
-rw-r--r--template/en/default/account/auth/login-small.html.tmpl4
-rw-r--r--template/en/default/account/auth/login.html.tmpl2
-rw-r--r--template/en/default/global/common-links.html.tmpl9
4 files changed, 27 insertions, 6 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index 7bd40794a..1916fa508 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -228,6 +228,10 @@ sub sudo_request {
# NOTE: If you want to log the start of an sudo session, do it here.
}
+sub page_requires_login {
+ return $_[0]->request_cache->{page_requires_login};
+}
+
sub login {
my ($class, $type) = @_;
@@ -235,6 +239,13 @@ sub login {
my $authorizer = new Bugzilla::Auth();
$type = LOGIN_REQUIRED if $class->cgi->param('GoAheadAndLogIn');
+
+ # Allow templates to know that we're in a page that always requires
+ # login.
+ if ($type == LOGIN_REQUIRED) {
+ $class->request_cache->{page_requires_login} = 1;
+ }
+
if (!defined $type || $type == LOGIN_NORMAL) {
$type = $class->params->{'requirelogin'} ? LOGIN_REQUIRED : LOGIN_NORMAL;
}
@@ -635,6 +646,13 @@ Logs in a user, returning a C<Bugzilla::User> object, or C<undef> if there is
no logged in user. See L<Bugzilla::Auth|Bugzilla::Auth>, and
L<Bugzilla::User|Bugzilla::User>.
+=item C<page_requires_login>
+
+If the current page always requires the user to log in (for example,
+C<enter_bug.cgi> or any page called with C<?GoAheadAndLogIn=1>) then
+this will return something true. Otherwise it will return false. (This is
+set when you call L</login>.)
+
=item C<logout($option)>
Logs out the current user, which involves invalidating user sessions and
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl
index dd55a72bd..63f6d50d0 100644
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -68,10 +68,6 @@
[% END %]
<input type="submit" name="GoAheadAndLogIn" value="Log in"
id="log_in[% qs_suffix %]">
- <div class="bz_default_hidden">
- [% PROCESS "global/hidden-fields.html.tmpl"
- exclude="^Bugzilla_(login|password|restrictlogin|remember)$" %]
- </div>
<script type="text/javascript">
mini_login_constants = {
"login" : "login",
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index e8f8fa14c..e4adfdcb6 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -116,7 +116,7 @@
enter your login name below and submit a request
to change your password.<br>
<input size="35" name="loginname">
- <input type="submit" id="request" value="Submit Request">
+ <input type="submit" id="request" value="Reset Password">
</form>
[% END %]
diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl
index 8ab2a2b02..b775da3e8 100644
--- a/template/en/default/global/common-links.html.tmpl
+++ b/template/en/default/global/common-links.html.tmpl
@@ -89,7 +89,14 @@
</li>
[% END %]
- [% IF user.authorizer.can_login %]
+ [%# Only display one login form when we're on a LOGIN_REQUIRED page. That
+ # way, we're guaranteed that the user will use the form that has
+ # hidden_fields in it (the center form) instead of this one. Also, it's
+ # less confusing to have one form (as opposed to three) when you're
+ # required to log in.
+ #%]
+ [% USE Bugzilla %]
+ [% IF user.authorizer.can_login && !Bugzilla.page_requires_login %]
[% PROCESS "account/auth/login-small.html.tmpl" %]
[% END %]
[% END %]