Closed
Bug 349337
Opened 19 years ago
Closed 13 years ago
The time between two successive token requests should be a constant
Categories
(Bugzilla :: Bugzilla-General, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: LpSolit, Assigned: koosha.khajeh)
References
Details
Attachments
(1 file, 2 obsolete files)
|
3.03 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
Currently, the time between two successive token requests for a forgotten password or a new user account creation is hardcoded and set to 10 minutes. This should be a constant. One advantage is that the error message could say "you have to wait for 10 minutes before requesting a token again" instead of "wait a while and try again".
|
||
Updated•19 years ago
|
Severity: trivial → enhancement
|
|
Reporter | |
Updated•17 years ago
|
Whiteboard: [Good Intro Bug]
This patch implements the enhancement by introducing a new config variable in localconfig: $token_retry_wait. This is set to 10 by default. This value is reflected in error messages. In addition, values greater than 59 make error messages display the waiting time in a combination of hour and minute. To try different possible error messages, set the variable to: 1, 59, 60, 61, and 62.
Attachment #614160 -
Flags: review?(LpSolit)
|
|
Reporter | |
Comment 2•13 years ago
|
||
Comment on attachment 614160 [details] [diff] [review]
This patch implements the enhancement
Constants go into Bugzilla/Constants.pm. Localconfig only contains some very specific info. Also, the goal of this bug is to keep things simple. No need to worry about times larger than 60 minutes.
Attachment #614160 -
Flags: review?(LpSolit) → review-
OK. This one uses the Constants.pm to define the constant. I've also changed the respective template to show only the time in minutes although I think that handling values greater than 59 would be a good idea.
Attachment #614160 -
Attachment is obsolete: true
Attachment #614183 -
Flags: review?(LpSolit)
|
|
Reporter | |
Comment 4•13 years ago
|
||
Comment on attachment 614183 [details] [diff] [review]
This one uses the Constants.pm
This looks much better now. :) Still a few things, though.
>=== modified file 'Bugzilla/Constants.pm'
>+ TOKEN_RETRY_WAIT
Move this constant close to MAX_TOKEN_AGE as they are related. Also, rename this constant to ACCOUNT_CHANGE_INTERVAL or something like that. TOKEN_RETRY_WAIT is too cryptic.
>+# The time between two successive token requests in minute. This is used
>+# when a user wants to have an email received containing a link to reset his
>+# forgotten password or to create a new user account and retries after a short
>+# time. If the user wants to try his request again, he will have to wait
>+# the minutes set by this constant.
Make the comment much shorter. Something like:
# Interval in minutes before a user can request a new token to create/edit his account.
>=== modified file 'Bugzilla/Token.pm'
> # But to prevent using this way to mailbomb an email address, make sure
>- # the last request is at least 10 minutes old before sending a new email.
>+ # the last request is at least the minutes old set by TOKEN_RETRY_WAIT.
... the last request is old enough before sending a new email (default: 10 minutes).
>- ThrowUserError('too_soon_for_new_token', {'type' => 'account'}) if $pending_requests;
>+ ThrowUserError('too_soon_for_new_token', {'type' => 'account', 'mins' => TOKEN_RETRY_WAIT}) if $pending_requests;
No need to pass constants to the hashref. Templates can already access them using constants.FOO_BAR.
>- ThrowUserError('too_soon_for_new_token', {'type' => 'password'}) if $too_soon;
>+ ThrowUserError('too_soon_for_new_token', {'type' => 'password', 'mins' => TOKEN_RETRY_WAIT}) if $too_soon;
Same here.
>=== modified file 'template/en/default/global/user-error.html.tmpl'
>+ Please wait
>+ [% IF mins > 1 %]
>+ [% mins %] minutes
>+ [% ELSIF mins > 0 %]
>+ [% mins %] minute
>+ [% END %]
Nobody will set it to 0 or 1 minute, because it would defeat the goal of the token check. So no need for this distinction. Remember that it's an internal constant, not a parameter admins will edit from the UI.
Attachment #614183 -
Flags: review?(LpSolit) → review-
Attachment #614478 -
Flags: review?(LpSolit)
|
|
Reporter | |
Comment 6•13 years ago
|
||
Comment on attachment 614478 [details] [diff] [review]
V3
Perfect! Thanks for the patch! :) r=LpSolit
Attachment #614478 -
Flags: review?(LpSolit) → review+
|
|
Reporter | |
Updated•13 years ago
|
Assignee: general → koosha.khajeh
Status: NEW → ASSIGNED
Flags: approval+
Whiteboard: [Good Intro Bug]
Target Milestone: --- → Bugzilla 4.4
|
|
Reporter | |
Updated•13 years ago
|
Attachment #614183 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 7•13 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/Constants.pm
modified Bugzilla/Token.pm
modified template/en/default/global/user-error.html.tmpl
Committed revision 8187.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•