Bug 325315: The page to reset a forgotten password should be distinct from the login page

r=dkl a=glob

5 files changed, 119 insertions, 59 deletions

diff --git a/createaccount.cgi b/createaccount.cgi
index a15396384..cd5309f05 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -27,10 +27,15 @@ my $vars = { doc_section => 'using/creating-an-account.html' };
 
 print $cgi->header();
 
-$user->check_account_creation_enabled;
 my $login = $cgi->param('login');
+my $request_new_password = $cgi->param('request_new_password');
 
-if (defined($login)) {
+if ($request_new_password) {
+    $template->process('account/request-new-password.html.tmpl', $vars)
+      || ThrowTemplateError($template->error());
+}
+elsif (defined($login)) {
+    $user->check_account_creation_enabled;
     # Check the hash token to make sure this user actually submitted
     # the create account form.
     my $token = $cgi->param('token');
@@ -41,9 +46,9 @@ if (defined($login)) {
 
     $template->process("account/created.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-    exit;
 }
-
-# Show the standard "would you like to create an account?" form.
-$template->process("account/create.html.tmpl", $vars)
-  || ThrowTemplateError($template->error());
+else {
+    # Show the standard "would you like to create an account?" form.
+    $template->process('account/create.html.tmpl', $vars)
+      || ThrowTemplateError($template->error());
+}
diff --git a/skins/standard/global.css b/skins/standard/global.css
index 6d0e64a86..6e3b41fd7 100644
--- a/skins/standard/global.css
+++ b/skins/standard/global.css
@@ -254,6 +254,23 @@
     }
 /* generic (end) */
 
+#login_form {
+    border: solid;
+    margin: 2em auto;
+    padding: 1em;
+    width: 35em;
+}
+
+#login_form #Bugzilla_login, #login_form #Bugzilla_password,
+#forgot_password #loginname {
+    width: 25em;
+}
+
+#login_form .links {
+    text-align: center;
+    padding: 1em;
+}
+
 /* Links that control whether or not something is visible. */
 a.controller {
     font-size: 115%;
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl
index 790c135bf..508151241 100644
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -58,7 +58,7 @@
 </li>
 <li id="forgot_container[% qs_suffix %]">
   <span class="separator">| </span>
-  <a id="forgot_link[% qs_suffix %]" href="[% script_url FILTER html %]#forgot"
+  <a id="forgot_link[% qs_suffix %]" href="createaccount.cgi?request_new_password=1"
      onclick="return show_forgot_form('[% qs_suffix %]')">Forgot Password</a>
   <form action="token.cgi" method="post" id="forgot_form[% qs_suffix %]"
         class="mini_forgot bz_default_hidden">
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index 0af84542d..85b3be8fb 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -20,12 +20,12 @@
 
 [% USE Bugzilla %]
 
-<p>
-  [% terms.Bugzilla %] needs a legitimate login and password to continue.
-</p>
+<h2 class="center">
+  [% terms.Bugzilla %] needs a legitimate login and password to continue
+</h2>
 
-<form name="login" action="[% urlbase FILTER html %][% target FILTER html %]" method="POST"
-[%- IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]>
+<form id="login_form" name="login" action="[% urlbase FILTER html %][% target FILTER html %]"
+      method="POST" [% IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]>
   <table>
     <tr>
       <th>
@@ -33,44 +33,54 @@
           [% IF Param('emailsuffix') %]
             Login:
           [% ELSE %]
-            Your Email Address:
+            Email&nbsp;Address:
           [% END %]
         </label>
       </th>
       <td>
-        <input size="35" id="Bugzilla_login" name="Bugzilla_login"
+        <input id="Bugzilla_login" name="Bugzilla_login"
                [%- ' type="email"' UNLESS Param('emailsuffix') %] autofocus required>
         [% Param('emailsuffix') FILTER html %]
       </td>
     </tr>
+
     <tr>
       <th><label for="Bugzilla_password">Password:</label></th>
       <td>
-        <input type="password" size="35" id="Bugzilla_password" name="Bugzilla_password" required>
+        <input type="password" id="Bugzilla_password" name="Bugzilla_password" required>
       </td>
     </tr>
 
     [% IF Param('rememberlogin') == 'defaulton' || 
           Param('rememberlogin') == 'defaultoff' %]
       <tr>
-        <th>&nbsp;</th>
-        <td>
+        <th>
           <input type="checkbox" id="Bugzilla_remember" name="Bugzilla_remember" value="on"
                  [%+ "checked" IF Param('rememberlogin') == "defaulton" %]>
-          <label for="Bugzilla_remember">Remember my Login</label>
+        </th>
+        <td>
+          <label for="Bugzilla_remember">Remember my login</label>
         </td>
       </tr>
     [% END %]
 
     <tr>
-      <th>&nbsp;</th>
-      <td>
+      <th>
         <input type="checkbox" id="Bugzilla_restrictlogin" name="Bugzilla_restrictlogin"
                checked="checked">
+      </th>
+      <td>
         <label for="Bugzilla_restrictlogin">Restrict this session to this IP address
         (using this option improves security)</label>
       </td>
     </tr>
+
+    <tr>
+      <th>&nbsp;</th>
+      <td>
+        <input type="submit" name="GoAheadAndLogIn" value="Log In" id="log_in">
+      </td>
+    </tr>
   </table>
 
   [% PROCESS "global/hidden-fields.html.tmpl"
@@ -78,49 +88,42 @@
 
   <input type="hidden" name="Bugzilla_login_token"
          value="[% get_login_request_token() FILTER html %]">
-  <input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in">
 
-  <p>
-    (Note: you should make sure cookies are enabled for this site. 
-    Otherwise, you will be required to log in frequently.)
-  </p>
-</form>
-
-[% Hook.process('additional_methods') %]
+  [% Hook.process('additional_methods') %]
 
-[%# Allow the user to create a new account, or request a token to change
-  # their password, assuming that our auth method allows that.
-  #%]
+  <div class="links">
+    [% can_create_account = 0 %]
+    [% IF Param("createemailregexp") && user.authorizer.user_can_create_account %]
+      <span><a href="createaccount.cgi">Create a New Account</a></span>
+      [% can_create_account = 1 %]
+    [% END %]
 
-  [% IF Param("createemailregexp") && user.authorizer.user_can_create_account %]
-    <hr>
+    [% IF user.authorizer.can_change_password %]
+      [% "|" IF can_create_account %]
+      <span><a href="createaccount.cgi?request_new_password=1">Forgot Password</a></span>
+    [% END %]
+  </div>
 
+  <hr>
+  <div class="info">
     <p>
-      If you don't have a [% terms.Bugzilla %] account, you can
-      <a href="createaccount.cgi">create a new account</a>.
-      [% IF Param("requirelogin") %]
-        A user account is required because this Bugzilla
-        installation is only accessible to authenticated users.
-      [% ELSIF target.match("_bug\.cgi$") %]
-        A user account is required to file a new [% terms.bug %] or to comment
-        into existing ones so that you can be contacted if more information is
-        needed.
-      [% END %]
+      Note: you should make sure cookies are enabled for this site. 
+      Otherwise, you will be required to log in frequently.
     </p>
-  [% END %]
-
-  [% IF user.authorizer.can_change_password %]
-    <hr>
-
-    <form id="forgot" method="get" action="token.cgi">
-      <input type="hidden" name="a" value="reqpw">
-      If you have an account, but have forgotten your password,
-      enter your login name below and submit a request
-      to change your password.<br>
-      <input size="35" name="loginname" required>
-      <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]">
-      <input type="submit" id="request" value="Reset Password">
-    </form>
-  [% END %]
+
+    [% IF can_create_account %]
+      <p>
+        [% IF Param("requirelogin") %]
+          A user account is required because this Bugzilla
+          installation is only accessible to authenticated users.
+        [% ELSIF target.match("_bug\.cgi$") %]
+          A user account is required to file a new [% terms.bug %] or to comment
+          into existing ones so that you can be contacted if more information is
+          needed.
+        [% END %]
+      </p>
+    [% END %]
+  </div>
+</form>
 
 [% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/account/request-new-password.html.tmpl b/template/en/default/account/request-new-password.html.tmpl
new file mode 100644
index 000000000..a94b3a114
--- /dev/null
+++ b/template/en/default/account/request-new-password.html.tmpl
@@ -0,0 +1,35 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% PROCESS global/header.html.tmpl title = "Reset Password" %]
+
+[% IF user.authorizer.can_change_password %]
+  <p>
+    If you have an account, but have forgotten your password, enter your
+    [% IF Param('emailsuffix') %]
+      login name
+    [% ELSE %]
+      email address
+    [% END %]
+    below and submit a request to change your password. An email with details
+    on how to reset your password will be sent.
+  </p>
+
+  <form id="forgot_password" method="get" action="token.cgi">
+    <input type="hidden" name="a" value="reqpw">
+    <input id="loginname" [% IF !Param('emailsuffix') %]type="email"[% END %]
+           name="loginname" autofocus required>
+    <input type="hidden" id="token" name="token"
+           value="[% issue_hash_token(['reqpw']) FILTER html %]">
+    <input type="submit" id="request" value="Reset Password">
+  </form>
+[% ELSE %]
+  <p>Sorry, but you cannot reset your password.</p>
+[% END %]
+
+[% PROCESS global/footer.html.tmpl %]