diff options
author | lpsolit%gmail.com <> | 2006-08-20 03:11:59 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-08-20 03:11:59 +0200 |
commit | 59285f71c6ed0d4db7d4b0455902130a2d7c83bd (patch) | |
tree | 49e2e47a53bb4ac31c10d3225b5e0a66edc5c126 /template/en/default | |
parent | 9dfdfd787ff4c0afac28b66e67082712ec2a3d92 (diff) | |
download | bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.gz bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.xz |
Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/account/cancel-token.txt.tmpl | 11 | ||||
-rw-r--r-- | template/en/default/account/create.html.tmpl | 34 | ||||
-rw-r--r-- | template/en/default/account/created.html.tmpl | 22 | ||||
-rw-r--r-- | template/en/default/account/email/confirm-new.html.tmpl | 64 | ||||
-rw-r--r-- | template/en/default/account/email/request-new.txt.tmpl | 44 | ||||
-rw-r--r-- | template/en/default/email/password.txt.tmpl | 35 | ||||
-rw-r--r-- | template/en/default/global/messages.html.tmpl | 9 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 13 |
8 files changed, 161 insertions, 71 deletions
diff --git a/template/en/default/account/cancel-token.txt.tmpl b/template/en/default/account/cancel-token.txt.tmpl index 5124759ed..f9d310534 100644 --- a/template/en/default/account/cancel-token.txt.tmpl +++ b/template/en/default/account/cancel-token.txt.tmpl @@ -42,7 +42,9 @@ to [% maintainer %] if you suspect foul play. Cancelled Because: [% PROCESS cancelactionmessage %] [% BLOCK subject %] - [% IF tokentype == 'password' %] + [% IF tokentype == 'new_account' %] + User account creation request cancelled + [% ELSIF tokentype == 'password' %] Password change request cancelled [% ELSIF tokentype == 'emailnew' OR tokentype == 'emailold' %] Email change request cancelled @@ -72,6 +74,10 @@ Cancelled Because: [% PROCESS cancelactionmessage %] [% ELSIF cancelaction == 'password_change_cancelled' %] You have requested cancellation. + [% ELSIF cancelaction == 'account_creation_cancelled' %] + The creation of the user account [% emailaddress %] + has been cancelled. + [% ELSIF cancelaction == 'user_logged_in' %] You have logged in. @@ -84,6 +90,9 @@ Cancelled Because: [% PROCESS cancelactionmessage %] [% ELSIF cancelaction == 'wrong_token_for_confirming_email_change' %] You have tried to use the token to confirm the email address change. + [% ELSIF cancelaction == 'wrong_token_for_creating_account' %] + You have tried to use the token to create a user account. + [% ELSE %] [%# Give sensible error if the cancel-token function is used incorrectly. #%] diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl index 052a2b7fe..2e8739b79 100644 --- a/template/en/default/account/create.html.tmpl +++ b/template/en/default/account/create.html.tmpl @@ -29,47 +29,37 @@ [% PROCESS global/variables.none.tmpl %] [% title = BLOCK %] -Create a new [% terms.Bugzilla %] account + Create a new [% terms.Bugzilla %] account [% END %] -[% PROCESS global/header.html.tmpl %] + +[% PROCESS global/header.html.tmpl + title = title + onload = "document.forms['account_creation_form'].login.focus();" %] <p> - To create a [% terms.Bugzilla %] account, all you need to do is - enter a legitimate e-mail address. The account will be created, and - its password will be mailed to you. <b>You will not be able to log - in until you receive the password.</b> If it doesn't arrive within a + To create a [% terms.Bugzilla %] account, all you need to do is to enter + a legitimate e-mail address. You will receive an email at this address + to confirm the creation of your account. <b>You will not be able to log + in until you receive the email.</b> If it doesn't arrive within a reasonable amount of time, you can contact the maintainer of this [% terms.Bugzilla %] installation at <a href="mailto:[% Param("maintainer") %]">[% Param("maintainer") %]</a>. </p> -<p> - Optionally you may enter your real name as well. -</p> - -<form method="get" action="createaccount.cgi"> +<form id="account_creation_form" method="get" action="createaccount.cgi"> <table> <tr> <td align="right"> <b>E-mail address:</b> </td> <td> - <input size="35" name="login"> + <input size="35" id="login" name="login"> [% Param('emailsuffix') FILTER html %] </td> </tr> - - <tr> - <td align="right"> - <b>Real name:</b> - </td> - <td> - <input size="35" name="realname"> - </td> - </tr> </table> <br> - <input type="submit" id="create" value="Create Account"> + <input type="submit" id="send" value="Send"> </form> [% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/account/created.html.tmpl b/template/en/default/account/created.html.tmpl index 2d507b4cf..58064f24c 100644 --- a/template/en/default/account/created.html.tmpl +++ b/template/en/default/account/created.html.tmpl @@ -17,26 +17,26 @@ # Rights Reserved. # # Contributor(s): Gervase Markham <gerv@gerv.net> + # Frédéric Buclin <LpSolit@gmail.com> #%] [%# INTERFACE: # login: string. The user's Bugzilla login email address. #%] -[% PROCESS global/header.html.tmpl - title = "Account Created" -%] +[% PROCESS global/variables.none.tmpl %] -<p> - A new account, - <tt>[% login FILTER html %]</tt>, - has been created and a randomly-generated password has been e-mailed - to that address. -</p> +[% title = BLOCK %] + Request for new user account '[% login FILTER html %]' submitted +[% END %] + +[% PROCESS global/header.html.tmpl title = title %] <p> - When the e-mail arrives, - <a href="index.cgi?GoAheadAndLogIn=1">log in here</a>. + To confirm the creation of the user account <tt>[% login FILTER html %]</tt>, + use the URL given in the email you will receive. If you take no action in the + next [% constants.MAX_TOKEN_AGE FILTER html %] days, this request will + automatically be canceled. </p> [% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/account/email/confirm-new.html.tmpl b/template/en/default/account/email/confirm-new.html.tmpl new file mode 100644 index 000000000..0e9ab98e5 --- /dev/null +++ b/template/en/default/account/email/confirm-new.html.tmpl @@ -0,0 +1,64 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # token: string. The token to be used in the user account creation. + # email: email address of the user account. + # date: creation date of the token. + #%] + +[% title = BLOCK %]Create a new user account for '[% email FILTER html %]'[% END %] +[% PROCESS "global/header.html.tmpl" + title = title + onload = "document.forms['confirm_account_form'].realname.focus();" %] + +[% expiration_ts = date + (constants.MAX_TOKEN_AGE * 86400) %] +<div> + To complete the creation of your user account, you must choose a password in the + form below. You can also enter your real name, which is optional.<p> + If you don't fill this form before + <u>[%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]</u>, the creation + of this account will be automatically cancelled. +</div> + +<form id="confirm_account_form" method="post" action="token.cgi"> + <input type="hidden" name="t" value="[% token FILTER html %]"> + <input type="hidden" name="a" value="confirm_new_account"> + <table> + <tr> + <th align="right">Email Address:</th> + <td>[% email FILTER html %]</td> + </tr> + <tr> + <th align="right"><label for="realname">Real Name</label>:</th> + <td><input type="text" id="realname" name="realname" value=""></td> + </tr> + <tr> + <th align="right"><label for="passwd1">Type your password</label>:</th> + <td><input type="password" id="passwd1" name="passwd1" value=""></td> + </tr> + <tr> + <th align="right"><label for="passwd1">Re-type your password</label>:</th> + <td><input type="password" id="passwd2" name="passwd2" value=""></td> + </tr> + <tr> + <th align="right"> </th> + <td><input type="submit" id="confirm" value="Send"></td> + </tr> + </table> +</form> + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/account/email/request-new.txt.tmpl b/template/en/default/account/email/request-new.txt.tmpl new file mode 100644 index 000000000..85fdec157 --- /dev/null +++ b/template/en/default/account/email/request-new.txt.tmpl @@ -0,0 +1,44 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # token: random string used to authenticate the transaction. + # token_ts: creation date of the token. + # email: email address of the new account. + #%] + +[% PROCESS global/variables.none.tmpl %] + +[% expiration_ts = token_ts + (constants.MAX_TOKEN_AGE * 86400) %] +From: bugzilla-admin-daemon +To: [% email %] +Subject: [% terms.Bugzilla %]: confirm account creation + +[%+ terms.Bugzilla %] has received a request to create a user account +using your email address ([% email %]). + +To confirm that you want to create an account using that email address, +visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=request_new_account + +If you are not the person who made this request, or you wish to cancel +this request, visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=cancel_new_account + +If you do nothing, the request will lapse after [%+ constants.MAX_TOKEN_AGE %] days +(at precisely [%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]). diff --git a/template/en/default/email/password.txt.tmpl b/template/en/default/email/password.txt.tmpl deleted file mode 100644 index 5993a90f5..000000000 --- a/template/en/default/email/password.txt.tmpl +++ /dev/null @@ -1,35 +0,0 @@ -[%# 1.0@bugzilla.org %] -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Netscape Communications - # Corporation. Portions created by Netscape are - # Copyright (C) 1998 Netscape Communications Corporation. All - # Rights Reserved. - # - # Contributor(s): Emmanuel Seyman <eseyman@linagora.com> - #%] - -[% PROCESS global/variables.none.tmpl %] - -From: bugzilla-daemon -To: [% mailaddress %] -Subject: Your [% terms.Bugzilla %] password. - -To use the wonders of [% terms.Bugzilla %], you can use the following: - - E-mail address: [% login %] - Password: [% password %] - - To change your password, go to: - [%+ Param("urlbase") %]userprefs.cgi - diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 08321ed2c..2e1878b5f 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -38,6 +38,15 @@ [% IF groups.size %] You may want to edit the group settings now, using the form below. [% END %] + [% IF login_info %] + You can now go to the <a href="index.cgi">Log In</a> page to enter + this [% terms.Bugzilla %] installation. + [% END %] + + [% ELSIF message_tag == "account_creation_cancelled" %] + [% title = "User Account Creation Cancelled" %] + The creation of the user account [% account FILTER html %] has been + cancelled. [% ELSIF message_tag == "account_updated" %] [% IF changed_fields.size diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 53fb3ae27..e67c1a81c 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1318,8 +1318,13 @@ [% ELSIF error == "too_soon_for_new_token" %] [% title = "Too Soon For New Token" %] - You have requested a password token too recently to request - another. Please wait a while and try again. + You have requested + [% IF type == "password" %] + a password + [% ELSIF type == "account" %] + an account + [% END %] + token too recently to request another. Please wait a while and try again. [% ELSIF error == "unknown_keyword" %] [% title = "Unknown Keyword" %] @@ -1398,6 +1403,10 @@ [% title = "Wrong Token" %] That token cannot be used to change your email address. + [% ELSIF error == "wrong_token_for_creating_account" %] + [% title = "Wrong Token" %] + That token cannot be used to create a user account. + [% ELSIF error == "zero_length_file" %] [% title = "File Is Empty" %] The file you are trying to attach is empty! |