135820 - token cancellation message are not user-friendly

Status: RESOLVED FIXED

(Bugzilla :: Administration, task, P3)

Description

[John Vandenberg]

Token cancellation messages are overly terse and technical to be effective.

From bug 23067 comment 98:

>+Subject: [% tokentype %] token cancelled
>+
>+A token was cancelled from [% remoteaddress %].  
>+If you did not request this, it could be either an honest 
>+mistake or the result of a malicious hack attempt.  

This is both cryptic and scary; we shouldn't be talking about tokens,
(I don't know if I requested a 'token cancellation' - I'm just trying to change
my email address)
and we shouldn't be talking about "malicious hack attempts" without
qualifying it. e.g. "someone breaking into your Bugzilla account"
is better.

Comment 1

[Dave Miller [:justdave]]

while we're on that subject, someone on Bugscape just mailed me a token
cancellation email....

       Issue Date: 2003-02-10 21:39:00
       Event Data: 10.169.25.69
Cancelled Because:You are using Bugzilla's cancel-token function incorrectly. You
    passed in the string 'user logged in'. The correct use is to pass
    in a tag, and define that tag in the file cancel-token.txt.tmpl.

    If you are a Bugzilla end-user seeing this message, please forward this
    email to <mailto:justdave@netscape.com>justdave@netscape.com.


Looks like someone forgot to fix it to use the new tag-based translation system...

Comment 2

[Gervase Markham [:gerv]]

> Looks like someone forgot to fix it to use the new tag-based translation 
> system...

Yep - they got all the ones in token.cgi but missed the one in CGI.pl. According
to the log, burnus did this work - CCing him.

Gerv

Comment 3

[Tobias Burnus]

Attachment: Nicer message and add missing 'user_logged_in'

This makes the token cancelled message more readable and addes the missing
'user_logged_in' to the tags.

Comment 4

[Gervase Markham [:gerv]]

Comment on attachment 114543 [details] [diff] [review]
Nicer message and add missing 'user_logged_in'

>Index: template/en/default/account/cancel-token.txt.tmpl
>===================================================================
>-mistake or the result of a malicious hack attempt.  
>+mistake or someone breaking into your Bugzilla account.

Surely "attempting to break"?

>+[% BLOCK subject %]
>+  [% IF tokentype == 'password' %]
>+    Password change request cancelled
>+  [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %]

We tend to use OR in templates, for readability. The vague idea is that they
should be modifiable by people who don't know a great deal about programming.
Anyway, consistency is good.

>+
>+  [% ELSIF cancelaction == 'user_logged_in' %]
>+    The user has logged in.

Surely "You have logged in"?

Gerv

Comment 5

[Tobias Burnus]

Attachment: v2 Nicer message and add missing 'user_logged_in'

> Surely "attempting to break"?
Changed it.

> >+  [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %]
> We tend to use OR in templates, for readability.
True, only 23 templates use || while 6 use OR ;-)

> >+	The user has logged in.
> Surely "You have logged in"?
I changed this here and in the rest of the file, looks much better now :-)

Comment 6

[Gervase Markham [:gerv]]

Comment on attachment 114581 [details] [diff] [review]
v2 Nicer message and add missing 'user_logged_in'

> True, only 23 templates use || while 6 use OR ;-)

Grr. Obviously this was not as widely communicated as I had thought ;-)

r=gerv.

Gerv

Comment 7

[Jacob Steenhagen]

-> patch author

Comment 8

[Tobias Burnus]

Checking in CGI.pl;
/cvsroot/mozilla/webtools/bugzilla/CGI.pl,v  <--  CGI.pl
new revision: 1.200; previous revision: 1.199
done
Checking in template/en/default/account/cancel-token.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/cancel-token.txt.tmpl,v
 <--  cancel-token.txt.tmpl
new revision: 1.3; previous revision: 1.2
done