Closed
Bug 349337
Opened 18 years ago
Closed 12 years ago
The time between two successive token requests should be a constant
Categories
(Bugzilla :: Bugzilla-General, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: LpSolit, Assigned: koosha.khajeh)
References
Details
Attachments
(1 file, 2 obsolete files)
3.03 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
Currently, the time between two successive token requests for a forgotten password or a new user account creation is hardcoded and set to 10 minutes. This should be a constant. One advantage is that the error message could say "you have to wait for 10 minutes before requesting a token again" instead of "wait a while and try again".
Updated•18 years ago
|
Severity: trivial → enhancement
Reporter | ||
Updated•16 years ago
|
Whiteboard: [Good Intro Bug]
This patch implements the enhancement by introducing a new config variable in localconfig: $token_retry_wait. This is set to 10 by default. This value is reflected in error messages. In addition, values greater than 59 make error messages display the waiting time in a combination of hour and minute. To try different possible error messages, set the variable to: 1, 59, 60, 61, and 62.
Attachment #614160 -
Flags: review?(LpSolit)
Reporter | ||
Comment 2•12 years ago
|
||
Comment on attachment 614160 [details] [diff] [review] This patch implements the enhancement Constants go into Bugzilla/Constants.pm. Localconfig only contains some very specific info. Also, the goal of this bug is to keep things simple. No need to worry about times larger than 60 minutes.
Attachment #614160 -
Flags: review?(LpSolit) → review-
OK. This one uses the Constants.pm to define the constant. I've also changed the respective template to show only the time in minutes although I think that handling values greater than 59 would be a good idea.
Attachment #614160 -
Attachment is obsolete: true
Attachment #614183 -
Flags: review?(LpSolit)
Reporter | ||
Comment 4•12 years ago
|
||
Comment on attachment 614183 [details] [diff] [review] This one uses the Constants.pm This looks much better now. :) Still a few things, though. >=== modified file 'Bugzilla/Constants.pm' >+ TOKEN_RETRY_WAIT Move this constant close to MAX_TOKEN_AGE as they are related. Also, rename this constant to ACCOUNT_CHANGE_INTERVAL or something like that. TOKEN_RETRY_WAIT is too cryptic. >+# The time between two successive token requests in minute. This is used >+# when a user wants to have an email received containing a link to reset his >+# forgotten password or to create a new user account and retries after a short >+# time. If the user wants to try his request again, he will have to wait >+# the minutes set by this constant. Make the comment much shorter. Something like: # Interval in minutes before a user can request a new token to create/edit his account. >=== modified file 'Bugzilla/Token.pm' > # But to prevent using this way to mailbomb an email address, make sure >- # the last request is at least 10 minutes old before sending a new email. >+ # the last request is at least the minutes old set by TOKEN_RETRY_WAIT. ... the last request is old enough before sending a new email (default: 10 minutes). >- ThrowUserError('too_soon_for_new_token', {'type' => 'account'}) if $pending_requests; >+ ThrowUserError('too_soon_for_new_token', {'type' => 'account', 'mins' => TOKEN_RETRY_WAIT}) if $pending_requests; No need to pass constants to the hashref. Templates can already access them using constants.FOO_BAR. >- ThrowUserError('too_soon_for_new_token', {'type' => 'password'}) if $too_soon; >+ ThrowUserError('too_soon_for_new_token', {'type' => 'password', 'mins' => TOKEN_RETRY_WAIT}) if $too_soon; Same here. >=== modified file 'template/en/default/global/user-error.html.tmpl' >+ Please wait >+ [% IF mins > 1 %] >+ [% mins %] minutes >+ [% ELSIF mins > 0 %] >+ [% mins %] minute >+ [% END %] Nobody will set it to 0 or 1 minute, because it would defeat the goal of the token check. So no need for this distinction. Remember that it's an internal constant, not a parameter admins will edit from the UI.
Attachment #614183 -
Flags: review?(LpSolit) → review-
Attachment #614478 -
Flags: review?(LpSolit)
Reporter | ||
Comment 6•12 years ago
|
||
Comment on attachment 614478 [details] [diff] [review] V3 Perfect! Thanks for the patch! :) r=LpSolit
Attachment #614478 -
Flags: review?(LpSolit) → review+
Reporter | ||
Updated•12 years ago
|
Assignee: general → koosha.khajeh
Status: NEW → ASSIGNED
Flags: approval+
Whiteboard: [Good Intro Bug]
Target Milestone: --- → Bugzilla 4.4
Reporter | ||
Updated•12 years ago
|
Attachment #614183 -
Attachment is obsolete: true
Reporter | ||
Comment 7•12 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/Constants.pm modified Bugzilla/Token.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8187.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•