Bug 164038 - token.cgi: Cancel token messages should be moved into the templates. Patch by burnus; r=gerv.

7 files changed, 134 insertions, 49 deletions

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index a2604b0f5..ea1e51606 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -176,8 +176,7 @@ sub GenerateUniqueToken {
 
         ++$tries;
         if ($tries > 100) {
-            &::DisplayError("Something is seriously wrong with the token generation system.");
-            exit;
+            &::ThrowCodeError("token_generation_error");
         }
 
         $token = &::GenerateRandomPassword();
diff --git a/Token.pm b/Token.pm
index a2604b0f5..ea1e51606 100644
--- a/Token.pm
+++ b/Token.pm
@@ -176,8 +176,7 @@ sub GenerateUniqueToken {
 
         ++$tries;
         if ($tries > 100) {
-            &::DisplayError("Something is seriously wrong with the token generation system.");
-            exit;
+            &::ThrowCodeError("token_generation_error");
         }
 
         $token = &::GenerateRandomPassword();
diff --git a/template/en/default/account/cancel-token.txt.tmpl b/template/en/default/account/cancel-token.txt.tmpl
index b37d0da2d..b1545f6d3 100644
--- a/template/en/default/account/cancel-token.txt.tmpl
+++ b/template/en/default/account/cancel-token.txt.tmpl
@@ -17,6 +17,7 @@
   # Rights Reserved.
   #
   # Contributor(s):     John Vandenberg <zeroj@null.net>
+  #                     Tobias Burnus <burnus@net-b.de>
   #%]
 From: bugzilla-admin-daemon
 To: [% emailaddress %]
@@ -34,6 +35,47 @@ to [% maintainer %] if you suspect foul play.
              User: [% emailaddress %]
        Issue Date: [% issuedate %]
        Event Data: [% eventdata %]
-Cancelled Because: [% cancelaction %]
+Cancelled Because:
+[% PROCESS cancelactionmessage %]
 
+[% BLOCK cancelactionmessage %]
+  [% IF    cancelaction == 'account_exists' %]
+    Account [% email %] already exists.
 
+  [% ELSIF cancelaction == 'email_change_cancelled' %]
+    The request to change the email address for the
+    [% old_email %] account to [% new_email %]
+    has been cancelled.
+
+  [% ELSIF cancelaction == 'email_change_cancelled_reinstated' %]
+    The request to change the email address for your account to
+    [% new_email %] has been cancelled. Your old account
+    settings have been reinstated.
+
+  [% ELSIF cancelaction == 'emailold_change_cancelled' %]
+    The request to change the email address for your account
+    to [% new_email %] has been cancelled.
+
+  [% ELSIF cancelaction == 'password_change_canceled' %]
+    The user requested cancellation.
+
+  [% ELSIF cancelaction == 'wrong_token_for_changing_passwd' %]
+    The user tried to use the token to change the password.
+
+  [% ELSIF cancelaction == 'wrong_token_for_cancelling_email_change' %]
+    The user tried to use the token to cancel the email address change.
+
+  [% ELSIF cancelaction == 'wrong_token_for_confirming_email_change' %]
+    The user tried to use the token to confirm the email address change.
+
+  [% ELSE %]
+    [%# Give sensible error if the cancel-token function is used incorrectly.
+      #%]        
+    You are using Bugzilla's cancel-token function incorrectly. You
+    passed in the string '[% cancelaction %]'. The correct use is to pass
+    in a tag, and define that tag in the file cancel-token.txt.tmpl.
+
+    If you are a Bugzilla end-user seeing this message, please forward this
+    email to [% Param('maintainer') %].
+  [% END %]
+[% END %]
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index dbe4a1732..0f767ded8 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -127,6 +127,9 @@
   [% ELSIF error == "request_queue_group_invalid" %]
     The group field <em>[% group FILTER html %]</em> is invalid.
 
+  [% ELSIF error == "token_generation_error" %]
+    Something is seriously wrong with the token generation system.
+
   [% ELSIF error == "template_error" %]
     [% template_error_msg %]
 
@@ -134,7 +137,11 @@
     [% field FILTER html %] was not defined; [% Param('browserbugmessage') %]
 
   [% ELSIF error == "unknown_action" %]
-    Unknown action [% action FILTER html %]!
+    [% IF action %]
+       Unknown action [% action FILTER html %]!
+    [% ELSE %]
+       I could not figure out what you wanted to do.
+    [% END %]
     
   [% ELSIF error == "unknown_component" %]
     [% title = "Unknown Component" %]
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 85c678fdc..482f7e35f 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -56,6 +56,23 @@
     [% title = "Change columns" %]
     Resubmitting your query with new columns...
 
+  [% ELSIF message_tag == "emailold_change_cancelled" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for your account to
+    [% new_email FILTER html %] has been cancelled.
+
+  [% ELSIF message_tag == "email_change_cancelled" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for the
+    [% old_email FILTER html %] account to
+    [% new_email FILTER html %] has been cancelled.
+
+  [% ELSIF message_tag == "email_change_cancelled_reinstated" %]
+    [% title = "Cancel Request to Change Email Address" %]
+    The request to change the email address for the
+    [% old_email %] account to [% new_email %] has been cancelled.
+    Your old account settings have been reinstated.
+
   [% ELSIF message_tag == "logged_out" %]
     [% title = "Logged Out" %]
     [% url = "query.cgi?GoAheadAndLogIn=1" %]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 593c8bede..10c50cc9e 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -48,8 +48,17 @@
             
   [% ELSIF error == "account_exists" %]
     [% title = "Account Already Exists" %]
-    That account already exists.
+    There is already an account with
+    [% IF email %]
+      the login name [% email FILTER html %].
+    [% ELSE %]
+      that login name.
+    [% END %]
                   
+  [% ELSIF error == "account_inexistent" %]
+    [% title = "Account Does Not Exist" %]
+    There is no Bugzilla account with that login name.
+
   [% ELSIF error == "alias_has_comma_or_space" %]
     [% title = "Invalid Characters In Alias" %]
     The alias you entered, <em>[% alias FILTER html %]</em>,
@@ -134,6 +143,10 @@
     really make sense to mark a bug as a duplicate of itself, 
     does it?  
     
+  [% ELSIF error == "email_confirmation_failed" %]
+    [% title = "Email Address Email Address Confirmation Failed" %]
+    Email address confirmation failed.
+
   [% ELSIF error == "file_not_specified" %]
     [% title = "No File Specified" %]
     You did not specify a file to attach.
@@ -259,6 +272,10 @@
     [% title = "Invalid Username Or Password" %]
     The username or password you entered is not valid.
                     
+  [% ELSIF error == "login_needed_for_password_change" %]
+    [% title = "Login Name Required" %]
+    You must enter a login name when requesting to change your password.
+
   [% ELSIF error == "milestone_required" %]
     [% title = "Milestone Required" %]
     You must determine a target milestone for bug [% bug_id %]
@@ -366,6 +383,15 @@
       100 users.  Enter more of the name to bring the number of matches 
       down to a reasonable amount.
   
+  [% ELSIF error == "require_new_password" %]
+     [% title = "New Password Needed" %]
+     You cannot change your password without submitting a new one.
+
+  [% ELSIF error == "token_inexistent" %]
+     [% title = "Token Does Not Exist" %]
+     The token you submitted does not exist, has expired, or has
+     been cancelled.
+
   [% ELSIF error == "unknown_keyword" %]
     [% title = "Unknown Keyword" %]
     <code>[% keyword FILTER html %]</code> is not a known keyword. 
@@ -375,6 +401,18 @@
     [% title = "Unknown Tab" %]
     <code>[% current_tab_name FILTER html %]</code> is not a legal tab name.    
     
+  [% ELSIF error == "wrong_token_for_cancelling_email_change" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to cancel an email address change.
+
+  [% ELSIF error == "wrong_token_for_changing_passwd" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to change your password.
+
+  [% ELSIF error == "wrong_token_for_confirming_email_change" %]
+    [% title = "Wrong Token" %]
+    That token cannot be used to change your email address.
+
   [% ELSIF error == "zero_length_file" %]
     [% title = "File Is Empty" %]
     The file you are trying to attach is empty!    
diff --git a/token.cgi b/token.cgi
index 86e51939d..64f5710bd 100755
--- a/token.cgi
+++ b/token.cgi
@@ -48,9 +48,7 @@ use Token;
 
 # Throw an error if the form does not contain an "action" field specifying
 # what the user wants to do.
-$::FORM{'a'}
-  || DisplayError("I could not figure out what you wanted to do.")
-  && exit;
+$::FORM{'a'} || ThrowCodeError("unknown_action");
 
 # Assign the action to a global variable.
 $::action = $::FORM{'a'};
@@ -65,8 +63,7 @@ if ($::FORM{'t'}) {
   # Make sure the token contains only valid characters in the right amount.
   my $validationerror = ValidatePassword($::token);
   if ($validationerror) {
-      DisplayError('The token you entered is invalid.');
-      exit;
+      ThrowUserError("token_invalid");
   }
 
 
@@ -74,29 +71,22 @@ if ($::FORM{'t'}) {
 
   # Make sure the token exists in the database.
   SendSQL( "SELECT tokentype FROM tokens WHERE token = $::quotedtoken" );
-  (my $tokentype = FetchSQLData())
-    || DisplayError("The token you submitted does not exist, has expired, or has been cancelled.")
-    && exit;
+  (my $tokentype = FetchSQLData()) || ThrowUserError("token_inexistent");
 
   # Make sure the token is the correct type for the action being taken.
   if ( grep($::action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) {
-    DisplayError("That token cannot be used to change your password.");
-    Token::Cancel($::token, "user tried to use token to change password");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_changing_passwd");
+    ThrowUserError("wrong_token_for_changing_passwd");
   }
   if ( ($::action eq 'cxlem') 
       && (($tokentype ne 'emailold') && ($tokentype ne 'emailnew')) ) {
-    DisplayError("That token cannot be used to cancel an email address change.");
-    Token::Cancel($::token, 
-                  "user tried to use token to cancel email address change");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_cancelling_email_change");
+    ThrowUserError("wrong_token_for_cancelling_email_change");
   }
   if ( grep($::action eq $_ , qw(cfmem chgem)) 
       && ($tokentype ne 'emailnew') ) {
-    DisplayError("That token cannot be used to change your email address.");
-    Token::Cancel($::token, 
-                  "user tried to use token to confirm email address change");
-    exit;
+    Token::Cancel($::token, "wrong_token_for_confirming_email_change");
+    ThrowUserError("wrong_token_for_confirming_email_change");
   }
 }
 
@@ -104,8 +94,7 @@ if ($::FORM{'t'}) {
 # their login name and it exists in the database.
 if ( $::action eq 'reqpw' ) {
     defined $::FORM{'loginname'}
-      || DisplayError("You must enter a login name when requesting to change your password.")
-      && exit;
+      || ThrowUserError("login_needed_for_password_change");
 
     # Make sure the login name looks like an email address.  This function
     # displays its own error and stops execution if the login name looks wrong.
@@ -114,8 +103,7 @@ if ( $::action eq 'reqpw' ) {
     my $quotedloginname = SqlQuote($::FORM{'loginname'});
     SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname");
     FetchSQLData()
-      || DisplayError("There is no Bugzilla account with that login name.")
-      && exit;
+      || ThrowUserError("account_inexistent");
 }
 
 # If the user is changing their password, make sure they submitted a new
@@ -123,8 +111,7 @@ if ( $::action eq 'reqpw' ) {
 if ( $::action eq 'chgpw' ) {
     defined $::FORM{'password'}
       && defined $::FORM{'matchpassword'}
-      || DisplayError("You cannot change your password without submitting a new one.")
-      && exit;
+      || ThrowUserError("require_new_password");
 
      my $passworderror = ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'});
      if ( $passworderror ) {
@@ -159,7 +146,7 @@ if ($::action eq 'reqpw') {
     # If the action that the user wants to take (specified in the "a" form field)
     # is none of the above listed actions, display an error telling the user 
     # that we do not understand what they would like to do.
-    DisplayError("I could not figure out what you wanted to do.");
+    ThrowCodeError("unknown_action");
 }
 
 exit;
@@ -187,9 +174,8 @@ sub confirmChangePassword {
 }
 
 sub cancelChangePassword {    
-    Token::Cancel($::token, "user requested cancellation");
-
     $vars->{'message'} = "password_change_canceled";
+    Token::Cancel($::token, $vars->{'message'});
 
     print "Content-Type: text/html\n\n";
     $template->process("global/message.html.tmpl", $vars)
@@ -244,15 +230,14 @@ sub changeEmail {
 
     # Check the user entered the correct old email address
     if($::FORM{'email'} ne $old_email) {
-        DisplayError("Email Address confirmation failed");
-        exit;
+        ThrowUserError("email_confirmation_failed");
     }
     # The new email address should be available as this was 
     # confirmed initially so cancel token if it is not still available
     if (! ValidateNewUser($new_email,$old_email)) {
-        DisplayError("Account $new_email already exists.");
-        Token::Cancel($::token,"Account $new_email already exists.");
-        exit;
+        $vars->{'email'} = $new_email;
+        Token::Cancel($::token,"account_exists");
+        ThrowUserError("account_exists");
     } 
 
     # Update the user's login name in the profiles table and delete the token
@@ -286,8 +271,7 @@ sub cancelChangeEmail {
     my ($old_email, $new_email) = split(/:/,$eventdata);
 
     if($tokentype eq "emailold") {
-        $vars->{'message'} = "The request to change the email address " .
-            "for your account to $new_email has been cancelled.";
+        $vars->{'message'} = "emailold_change_cancelled";
 
         SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
         my $actualemail = FetchSQLData();
@@ -302,14 +286,15 @@ sub cancelChangeEmail {
                  WHERE    userid = $userid");
             SendSQL("UNLOCK TABLES");
             DeriveGroup($userid);
-            $vars->{'message'} .= 
-                "  Your old account settings have been reinstated.";
+            $vars->{'message'} = "email_change_cancelled_reinstated";
         } 
     } 
     else {
-        $vars->{'message'} = "The request to change the email address " .
-            "for the $old_email account to $new_email has been cancelled.";
-    }
+        $vars->{'message'} = 'email_change_cancelled'
+     }
+
+    $vars->{'old_email'} = $old_email;
+    $vars->{'new_email'} = $new_email;
     Token::Cancel($::token, $vars->{'message'});
 
     SendSQL("LOCK TABLES tokens WRITE");
@@ -321,8 +306,6 @@ sub cancelChangeEmail {
     # Return HTTP response headers.
     print "Content-Type: text/html\n\n";
 
-    $vars->{'title'} = "Cancel Request to Change Email Address";
-
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }