summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-08-20 03:11:59 +0200
committerlpsolit%gmail.com <>2006-08-20 03:11:59 +0200
commit59285f71c6ed0d4db7d4b0455902130a2d7c83bd (patch)
tree49e2e47a53bb4ac31c10d3225b5e0a66edc5c126 /template/en/default
parent9dfdfd787ff4c0afac28b66e67082712ec2a3d92 (diff)
downloadbugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.gz
bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.xz
Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/account/cancel-token.txt.tmpl11
-rw-r--r--template/en/default/account/create.html.tmpl34
-rw-r--r--template/en/default/account/created.html.tmpl22
-rw-r--r--template/en/default/account/email/confirm-new.html.tmpl64
-rw-r--r--template/en/default/account/email/request-new.txt.tmpl44
-rw-r--r--template/en/default/email/password.txt.tmpl35
-rw-r--r--template/en/default/global/messages.html.tmpl9
-rw-r--r--template/en/default/global/user-error.html.tmpl13
8 files changed, 161 insertions, 71 deletions
diff --git a/template/en/default/account/cancel-token.txt.tmpl b/template/en/default/account/cancel-token.txt.tmpl
index 5124759ed..f9d310534 100644
--- a/template/en/default/account/cancel-token.txt.tmpl
+++ b/template/en/default/account/cancel-token.txt.tmpl
@@ -42,7 +42,9 @@ to [% maintainer %] if you suspect foul play.
Cancelled Because: [% PROCESS cancelactionmessage %]
[% BLOCK subject %]
- [% IF tokentype == 'password' %]
+ [% IF tokentype == 'new_account' %]
+ User account creation request cancelled
+ [% ELSIF tokentype == 'password' %]
Password change request cancelled
[% ELSIF tokentype == 'emailnew' OR tokentype == 'emailold' %]
Email change request cancelled
@@ -72,6 +74,10 @@ Cancelled Because: [% PROCESS cancelactionmessage %]
[% ELSIF cancelaction == 'password_change_cancelled' %]
You have requested cancellation.
+ [% ELSIF cancelaction == 'account_creation_cancelled' %]
+ The creation of the user account [% emailaddress %]
+ has been cancelled.
+
[% ELSIF cancelaction == 'user_logged_in' %]
You have logged in.
@@ -84,6 +90,9 @@ Cancelled Because: [% PROCESS cancelactionmessage %]
[% ELSIF cancelaction == 'wrong_token_for_confirming_email_change' %]
You have tried to use the token to confirm the email address change.
+ [% ELSIF cancelaction == 'wrong_token_for_creating_account' %]
+ You have tried to use the token to create a user account.
+
[% ELSE %]
[%# Give sensible error if the cancel-token function is used incorrectly.
#%]
diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl
index 052a2b7fe..2e8739b79 100644
--- a/template/en/default/account/create.html.tmpl
+++ b/template/en/default/account/create.html.tmpl
@@ -29,47 +29,37 @@
[% PROCESS global/variables.none.tmpl %]
[% title = BLOCK %]
-Create a new [% terms.Bugzilla %] account
+ Create a new [% terms.Bugzilla %] account
[% END %]
-[% PROCESS global/header.html.tmpl %]
+
+[% PROCESS global/header.html.tmpl
+ title = title
+ onload = "document.forms['account_creation_form'].login.focus();" %]
<p>
- To create a [% terms.Bugzilla %] account, all you need to do is
- enter a legitimate e-mail address. The account will be created, and
- its password will be mailed to you. <b>You will not be able to log
- in until you receive the password.</b> If it doesn't arrive within a
+ To create a [% terms.Bugzilla %] account, all you need to do is to enter
+ a legitimate e-mail address. You will receive an email at this address
+ to confirm the creation of your account. <b>You will not be able to log
+ in until you receive the email.</b> If it doesn't arrive within a
reasonable amount of time, you can contact the maintainer of
this [% terms.Bugzilla %] installation
at <a href="mailto:[% Param("maintainer") %]">[% Param("maintainer") %]</a>.
</p>
-<p>
- Optionally you may enter your real name as well.
-</p>
-
-<form method="get" action="createaccount.cgi">
+<form id="account_creation_form" method="get" action="createaccount.cgi">
<table>
<tr>
<td align="right">
<b>E-mail address:</b>
</td>
<td>
- <input size="35" name="login">
+ <input size="35" id="login" name="login">
[% Param('emailsuffix') FILTER html %]
</td>
</tr>
-
- <tr>
- <td align="right">
- <b>Real name:</b>
- </td>
- <td>
- <input size="35" name="realname">
- </td>
- </tr>
</table>
<br>
- <input type="submit" id="create" value="Create Account">
+ <input type="submit" id="send" value="Send">
</form>
[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/account/created.html.tmpl b/template/en/default/account/created.html.tmpl
index 2d507b4cf..58064f24c 100644
--- a/template/en/default/account/created.html.tmpl
+++ b/template/en/default/account/created.html.tmpl
@@ -17,26 +17,26 @@
# Rights Reserved.
#
# Contributor(s): Gervase Markham <gerv@gerv.net>
+ # Frédéric Buclin <LpSolit@gmail.com>
#%]
[%# INTERFACE:
# login: string. The user's Bugzilla login email address.
#%]
-[% PROCESS global/header.html.tmpl
- title = "Account Created"
-%]
+[% PROCESS global/variables.none.tmpl %]
-<p>
- A new account,
- <tt>[% login FILTER html %]</tt>,
- has been created and a randomly-generated password has been e-mailed
- to that address.
-</p>
+[% title = BLOCK %]
+ Request for new user account '[% login FILTER html %]' submitted
+[% END %]
+
+[% PROCESS global/header.html.tmpl title = title %]
<p>
- When the e-mail arrives,
- <a href="index.cgi?GoAheadAndLogIn=1">log in here</a>.
+ To confirm the creation of the user account <tt>[% login FILTER html %]</tt>,
+ use the URL given in the email you will receive. If you take no action in the
+ next [% constants.MAX_TOKEN_AGE FILTER html %] days, this request will
+ automatically be canceled.
</p>
[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/account/email/confirm-new.html.tmpl b/template/en/default/account/email/confirm-new.html.tmpl
new file mode 100644
index 000000000..0e9ab98e5
--- /dev/null
+++ b/template/en/default/account/email/confirm-new.html.tmpl
@@ -0,0 +1,64 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+ #%]
+
+[%# INTERFACE:
+ # token: string. The token to be used in the user account creation.
+ # email: email address of the user account.
+ # date: creation date of the token.
+ #%]
+
+[% title = BLOCK %]Create a new user account for '[% email FILTER html %]'[% END %]
+[% PROCESS "global/header.html.tmpl"
+ title = title
+ onload = "document.forms['confirm_account_form'].realname.focus();" %]
+
+[% expiration_ts = date + (constants.MAX_TOKEN_AGE * 86400) %]
+<div>
+ To complete the creation of your user account, you must choose a password in the
+ form below. You can also enter your real name, which is optional.<p>
+ If you don't fill this form before
+ <u>[%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]</u>, the creation
+ of this account will be automatically cancelled.
+</div>
+
+<form id="confirm_account_form" method="post" action="token.cgi">
+ <input type="hidden" name="t" value="[% token FILTER html %]">
+ <input type="hidden" name="a" value="confirm_new_account">
+ <table>
+ <tr>
+ <th align="right">Email Address:</th>
+ <td>[% email FILTER html %]</td>
+ </tr>
+ <tr>
+ <th align="right"><label for="realname">Real Name</label>:</th>
+ <td><input type="text" id="realname" name="realname" value=""></td>
+ </tr>
+ <tr>
+ <th align="right"><label for="passwd1">Type your password</label>:</th>
+ <td><input type="password" id="passwd1" name="passwd1" value=""></td>
+ </tr>
+ <tr>
+ <th align="right"><label for="passwd1">Re-type your password</label>:</th>
+ <td><input type="password" id="passwd2" name="passwd2" value=""></td>
+ </tr>
+ <tr>
+ <th align="right">&nbsp;</th>
+ <td><input type="submit" id="confirm" value="Send"></td>
+ </tr>
+ </table>
+</form>
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/account/email/request-new.txt.tmpl b/template/en/default/account/email/request-new.txt.tmpl
new file mode 100644
index 000000000..85fdec157
--- /dev/null
+++ b/template/en/default/account/email/request-new.txt.tmpl
@@ -0,0 +1,44 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+ #%]
+
+[%# INTERFACE:
+ # token: random string used to authenticate the transaction.
+ # token_ts: creation date of the token.
+ # email: email address of the new account.
+ #%]
+
+[% PROCESS global/variables.none.tmpl %]
+
+[% expiration_ts = token_ts + (constants.MAX_TOKEN_AGE * 86400) %]
+From: bugzilla-admin-daemon
+To: [% email %]
+Subject: [% terms.Bugzilla %]: confirm account creation
+
+[%+ terms.Bugzilla %] has received a request to create a user account
+using your email address ([% email %]).
+
+To confirm that you want to create an account using that email address,
+visit the following link:
+
+[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=request_new_account
+
+If you are not the person who made this request, or you wish to cancel
+this request, visit the following link:
+
+[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=cancel_new_account
+
+If you do nothing, the request will lapse after [%+ constants.MAX_TOKEN_AGE %] days
+(at precisely [%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]).
diff --git a/template/en/default/email/password.txt.tmpl b/template/en/default/email/password.txt.tmpl
deleted file mode 100644
index 5993a90f5..000000000
--- a/template/en/default/email/password.txt.tmpl
+++ /dev/null
@@ -1,35 +0,0 @@
-[%# 1.0@bugzilla.org %]
-[%# The contents of this file are subject to the Mozilla Public
- # License Version 1.1 (the "License"); you may not use this file
- # except in compliance with the License. You may obtain a copy of
- # the License at http://www.mozilla.org/MPL/
- #
- # Software distributed under the License is distributed on an "AS
- # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- # implied. See the License for the specific language governing
- # rights and limitations under the License.
- #
- # The Original Code is the Bugzilla Bug Tracking System.
- #
- # The Initial Developer of the Original Code is Netscape Communications
- # Corporation. Portions created by Netscape are
- # Copyright (C) 1998 Netscape Communications Corporation. All
- # Rights Reserved.
- #
- # Contributor(s): Emmanuel Seyman <eseyman@linagora.com>
- #%]
-
-[% PROCESS global/variables.none.tmpl %]
-
-From: bugzilla-daemon
-To: [% mailaddress %]
-Subject: Your [% terms.Bugzilla %] password.
-
-To use the wonders of [% terms.Bugzilla %], you can use the following:
-
- E-mail address: [% login %]
- Password: [% password %]
-
- To change your password, go to:
- [%+ Param("urlbase") %]userprefs.cgi
-
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 08321ed2c..2e1878b5f 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -38,6 +38,15 @@
[% IF groups.size %]
You may want to edit the group settings now, using the form below.
[% END %]
+ [% IF login_info %]
+ You can now go to the <a href="index.cgi">Log In</a> page to enter
+ this [% terms.Bugzilla %] installation.
+ [% END %]
+
+ [% ELSIF message_tag == "account_creation_cancelled" %]
+ [% title = "User Account Creation Cancelled" %]
+ The creation of the user account [% account FILTER html %] has been
+ cancelled.
[% ELSIF message_tag == "account_updated" %]
[% IF changed_fields.size
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 53fb3ae27..e67c1a81c 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1318,8 +1318,13 @@
[% ELSIF error == "too_soon_for_new_token" %]
[% title = "Too Soon For New Token" %]
- You have requested a password token too recently to request
- another. Please wait a while and try again.
+ You have requested
+ [% IF type == "password" %]
+ a password
+ [% ELSIF type == "account" %]
+ an account
+ [% END %]
+ token too recently to request another. Please wait a while and try again.
[% ELSIF error == "unknown_keyword" %]
[% title = "Unknown Keyword" %]
@@ -1398,6 +1403,10 @@
[% title = "Wrong Token" %]
That token cannot be used to change your email address.
+ [% ELSIF error == "wrong_token_for_creating_account" %]
+ [% title = "Wrong Token" %]
+ That token cannot be used to create a user account.
+
[% ELSIF error == "zero_length_file" %]
[% title = "File Is Empty" %]
The file you are trying to attach is empty!