From 739325834bd8252d94558d9662bc877c5f0d83af Mon Sep 17 00:00:00 2001 From: joey Date: Thu, 17 May 2007 08:06:05 +0000 Subject: * Fix some bugs in password handling: - If the password is empty in preferences, don't clear the existing password. - Actually check the confirm password field, even if it's left empty. --- IkiWiki/Plugin/passwordauth.pm | 27 +++++++++++++++++---------- debian/changelog | 6 +++++- doc/bugs/password_deletion.mdwn | 7 +++++++ doc/plugins/passwordauth/discussion.mdwn | 6 +----- 4 files changed, 30 insertions(+), 16 deletions(-) create mode 100644 doc/bugs/password_deletion.mdwn diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm index 1520cea83..b61e6c86e 100644 --- a/IkiWiki/Plugin/passwordauth.pm +++ b/IkiWiki/Plugin/passwordauth.pm @@ -30,6 +30,17 @@ sub formbuilder_setup (@) { #{{{ $form->field(name => "email", size => 50); $form->title("register"); $form->text(""); + + $form->field(name => "confirm_password", + validate => sub { + shift eq $form->field("password"); + }, + ); + $form->field(name => "password", + validate => sub { + shift eq $form->field("confirm_password"); + }, + ); } if ($form->submitted) { @@ -46,12 +57,6 @@ sub formbuilder_setup (@) { #{{{ } if ($submittype eq "Create Account") { - $form->field( - name => "confirm_password", - validate => sub { - shift eq $form->field("password"); - }, - ); $form->field( name => "account_creation_password", validate => sub { @@ -120,13 +125,15 @@ sub formbuilder_setup (@) { #{{{ value => $session->param("name"), force => 1, fieldset => "login"); $form->field(name => "password", type => "password", - fieldset => "login"); + fieldset => "login", + validate => sub { + shift eq $form->field("confirm_password"); + }), $form->field(name => "confirm_password", type => "password", fieldset => "login", validate => sub { shift eq $form->field("password"); - }); - + }), } } @@ -197,7 +204,7 @@ sub formbuilder (@) { #{{{ if ($form->submitted eq "Save Preferences" && $form->validate) { my $user_name=$form->field('name'); foreach my $field (qw(password)) { - if (defined $form->field($field)) { + if (defined $form->field($field) && length $form->field($field)) { IkiWiki::userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field"); } diff --git a/debian/changelog b/debian/changelog index 52c16393f..83cb6b40f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -32,8 +32,12 @@ ikiwiki (2.1) UNRELEASED; urgency=low there. * Patch from hb to fix the pagestats plugin, which was broken by a past change to the backlinks() function. + * Fix some bugs in password handling: + - If the password is empty in preferences, don't clear the existing + password. + - Actually check the confirm password field, even if it's left empty. - -- Joey Hess Sat, 12 May 2007 13:55:19 -0400 + -- Joey Hess Thu, 17 May 2007 04:02:04 -0400 ikiwiki (2.00) unstable; urgency=low diff --git a/doc/bugs/password_deletion.mdwn b/doc/bugs/password_deletion.mdwn new file mode 100644 index 000000000..ff2cd2c61 --- /dev/null +++ b/doc/bugs/password_deletion.mdwn @@ -0,0 +1,7 @@ +I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen). + +I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved. I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented. + +-- [[KarlMW]] + +[[fixed|done]] --[[Joey]] diff --git a/doc/plugins/passwordauth/discussion.mdwn b/doc/plugins/passwordauth/discussion.mdwn index b4bab4280..4636e918c 100644 --- a/doc/plugins/passwordauth/discussion.mdwn +++ b/doc/plugins/passwordauth/discussion.mdwn @@ -1,5 +1 @@ -I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen). - -I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved. I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented. - --- [[KarlMW]] \ No newline at end of file +moved to [[bugs/password_deletion]] --[[Joey]] -- cgit v1.2.3