token cancellation message are not user-friendly

RESOLVED FIXED in Bugzilla 2.18

Status

()

Bugzilla
Administration
P3
normal
RESOLVED FIXED
16 years ago
6 years ago

People

(Reporter: John Vandenberg, Assigned: Tobias Burnus)

Tracking

(Blocks: 1 bug)

2.15
Bugzilla 2.18
Bug Flags:
approval +

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

16 years ago
Token cancellation messages are overly terse and technical to be effective.

From bug 23067 comment 98:

>+Subject: [% tokentype %] token cancelled
>+
>+A token was cancelled from [% remoteaddress %].  
>+If you did not request this, it could be either an honest 
>+mistake or the result of a malicious hack attempt.  

This is both cryptic and scary; we shouldn't be talking about tokens,
(I don't know if I requested a 'token cancellation' - I'm just trying to change
my email address)
and we shouldn't be talking about "malicious hack attempts" without
qualifying it. e.g. "someone breaking into your Bugzilla account"
is better.
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.18
while we're on that subject, someone on Bugscape just mailed me a token
cancellation email....

       Issue Date: 2003-02-10 21:39:00
       Event Data: 10.169.25.69
Cancelled Because:You are using Bugzilla's cancel-token function incorrectly. You
    passed in the string 'user logged in'. The correct use is to pass
    in a tag, and define that tag in the file cancel-token.txt.tmpl.

    If you are a Bugzilla end-user seeing this message, please forward this
    email to <mailto:justdave@netscape.com>justdave@netscape.com.


Looks like someone forgot to fix it to use the new tag-based translation system...
> Looks like someone forgot to fix it to use the new tag-based translation 
> system...

Yep - they got all the ones in token.cgi but missed the one in CGI.pl. According
to the log, burnus did this work - CCing him.

Gerv
(Assignee)

Comment 3

16 years ago
Created attachment 114543 [details] [diff] [review]
Nicer message and add missing 'user_logged_in'

This makes the token cancelled message more readable and addes the missing
'user_logged_in' to the tags.
(Assignee)

Updated

16 years ago
Attachment #114543 - Flags: review?(gerv)
Comment on attachment 114543 [details] [diff] [review]
Nicer message and add missing 'user_logged_in'

>Index: template/en/default/account/cancel-token.txt.tmpl
>===================================================================
>-mistake or the result of a malicious hack attempt.  
>+mistake or someone breaking into your Bugzilla account.

Surely "attempting to break"?

>+[% BLOCK subject %]
>+  [% IF tokentype == 'password' %]
>+    Password change request cancelled
>+  [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %]

We tend to use OR in templates, for readability. The vague idea is that they
should be modifiable by people who don't know a great deal about programming.
Anyway, consistency is good.

>+
>+  [% ELSIF cancelaction == 'user_logged_in' %]
>+    The user has logged in.

Surely "You have logged in"?

Gerv
(Assignee)

Comment 5

16 years ago
Created attachment 114581 [details] [diff] [review]
v2 Nicer message and add missing 'user_logged_in'

> Surely "attempting to break"?
Changed it.

> >+  [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %]
> We tend to use OR in templates, for readability.
True, only 23 templates use || while 6 use OR ;-)

> >+	The user has logged in.
> Surely "You have logged in"?
I changed this here and in the rest of the file, looks much better now :-)
Attachment #114543 - Attachment is obsolete: true
(Assignee)

Updated

16 years ago
Attachment #114581 - Flags: review?(gerv)
(Assignee)

Updated

16 years ago
Attachment #114543 - Flags: review?(gerv)
Comment on attachment 114581 [details] [diff] [review]
v2 Nicer message and add missing 'user_logged_in'

> True, only 23 templates use || while 6 use OR ;-)

Grr. Obviously this was not as widely communicated as I had thought ;-)

r=gerv.

Gerv
Attachment #114581 - Flags: review?(gerv) → review+

Comment 7

16 years ago
-> patch author
Assignee: justdave → burnus
Flags: approval?
Flags: approval? → approval+
(Assignee)

Comment 8

16 years ago
Checking in CGI.pl;
/cvsroot/mozilla/webtools/bugzilla/CGI.pl,v  <--  CGI.pl
new revision: 1.200; previous revision: 1.199
done
Checking in template/en/default/account/cancel-token.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/cancel-token.txt.tmpl,v
 <--  cancel-token.txt.tmpl
new revision: 1.3; previous revision: 1.2
done
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED

Updated

14 years ago
Blocks: 134805
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.