Bug 493642: Never include hidden_fields in the header/footer login form, and when...

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 324b3cc145b8a940799d5c1b373e7c8403f282a0..9ce6232236156d30d4d5253bc52d3f4b6e414443 100644 (file)
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -228,6 +228,10 @@ sub sudo_request {
     # NOTE: If you want to log the start of an sudo session, do it here.
 }
 
+sub page_requires_login {
+    return $_[0]->request_cache->{page_requires_login};
+}
+
 sub login {
     my ($class, $type) = @_;
 
@@ -235,6 +239,13 @@ sub login {
 
     my $authorizer = new Bugzilla::Auth();
     $type = LOGIN_REQUIRED if $class->cgi->param('GoAheadAndLogIn');
+
+    # Allow templates to know that we're in a page that always requires
+    # login.
+    if ($type == LOGIN_REQUIRED) {
+        $class->request_cache->{page_requires_login} = 1;
+    }
+
     if (!defined $type || $type == LOGIN_NORMAL) {
         $type = $class->params->{'requirelogin'} ? LOGIN_REQUIRED : LOGIN_NORMAL;
     }
@@ -623,6 +634,13 @@ Logs in a user, returning a C<Bugzilla::User> object, or C<undef> if there is
 no logged in user. See L<Bugzilla::Auth|Bugzilla::Auth>, and
 L<Bugzilla::User|Bugzilla::User>.
 
+=item C<page_requires_login>
+
+If the current page always requires the user to log in (for example,
+C<enter_bug.cgi> or any page called with C<?GoAheadAndLogIn=1>) then
+this will return something true. Otherwise it will return false. (This is
+set when you call L</login>.)
+
 =item C<logout($option)>
 
 Logs out the current user, which involves invalidating user sessions and

diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl
index dd55a72bde888e62ef690839a3522d6016077398..63f6d50d068eade4e10d748c824c5200101ed279 100644 (file)
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -68,10 +68,6 @@
     [% END %]
     <input type="submit" name="GoAheadAndLogIn" value="Log in" 
             id="log_in[% qs_suffix %]">
-    <div class="bz_default_hidden">
-      [% PROCESS "global/hidden-fields.html.tmpl"
-                exclude="^Bugzilla_(login|password|restrictlogin|remember)$" %]
-    </div>
     <script type="text/javascript">
       mini_login_constants = {
           "login" : "login",

diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index e8f8fa14cd45859bb9930d0d722db418d1da4476..e4adfdcb6b2309949640d050fbe3b315cdf46ec2 100644 (file)
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -116,7 +116,7 @@
       enter your login name below and submit a request
       to change your password.<br>
       <input size="35" name="loginname">
-      <input type="submit" id="request" value="Submit Request">
+      <input type="submit" id="request" value="Reset Password">
     </form>
   [% END %]
 

diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl
index fa5b0b03a4f6d6ef4bd5395b249befd0e5c3dea6..c524b4903912bce014c75e7dbb5788a7f15f91f3 100644 (file)
--- a/template/en/default/global/common-links.html.tmpl
+++ b/template/en/default/global/common-links.html.tmpl
@@ -92,7 +92,14 @@
       </li>
     [% END %]
 
-    [% IF user.authorizer.can_login %]        
+    [%# Only display one login form when we're on a LOGIN_REQUIRED page. That
+      # way, we're guaranteed that the user will use the form that has 
+      # hidden_fields in it (the center form) instead of this one. Also, it's
+      # less confusing to have one form (as opposed to  three) when you're 
+      # required to log in.
+      #%]
+    [% USE Bugzilla %]
+    [% IF user.authorizer.can_login && !Bugzilla.page_requires_login %]
       [% PROCESS "account/auth/login-small.html.tmpl" %]
     [% END %]
   [% END %]