. password edit now has a confirmation field

 . registration error punts back to register page

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1168 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index db67d4486c017305f4dac326d08102f4aa585e79..adbc1e27508bd883e75acb7d10dedf0ac7f7990a 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,6 +4,9 @@ are given with the most recent entry first.
 2002-09-?? 0.5.0 ????
  . handling of None for Date/Interval/Password values in export/import
  . handling of journal values in export/import
+ . password edit now has a confirmation field
+ . registration error punts back to register page
+
 
 2002-09-13 0.5.0 beta2
  . all backends now have a .close() method, and it's used everywhere

diff --git a/TODO.txt b/TODO.txt
index 9f5eaeef6e75747873abdf8a46879c66f113a017..917c33d0120bc860e16339c4d9448ca907801459 100644 (file)
--- a/TODO.txt
+++ b/TODO.txt
@@ -53,10 +53,6 @@ pending web       rewritten documentation (can come after the beta though so
                   customisation doc
 pending web       allow multilink selections to select a "none" element to allow
                   people with broken browsers to select nothing?
-pending web       password edit fields should always appear in pairs - for
-                  confirmation
-pending web       write a _generic.item
-pending dist      include the HTML in docs
 
 bug     web       request.url is incorrect in cgi-bin environments
 bug     web       do something about file.newitem

diff --git a/doc/customizing.txt b/doc/customizing.txt
index 96d3229170a5bad4b33e557f008f916a610cee04..e6c8b1e1a8977670dc723cb2673e3a089e9b1f2e 100644 (file)
--- a/doc/customizing.txt
+++ b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.34 $
+:Version: $Revision: 1.35 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -951,9 +951,9 @@ _value          the value of the property if any
 
 There are several methods available on these wrapper objects:
 
-=========== =============================================================
+=========== =================================================================
 Method      Description
-=========== =============================================================
+=========== =================================================================
 plain       render a "plain" representation of the property
 field       render a form edit field for the property
 stext       only on String properties - render the value of the
@@ -963,6 +963,9 @@ multiline   only on String properties - render a multiline form edit
             field for the property
 email       only on String properties - render the value of the 
             property as an obscured email address
+confirm     only on Password properties - render a second form edit field for
+            the property, used for confirmation that the user typed the
+            password correctly. Generates a field with name "name:confirm".
 reldate     only on Date properties - render the interval between the
             date and now
 pretty      only on Interval properties - render the interval in a
@@ -971,7 +974,7 @@ menu        only on Link and Multilink properties - render a form select
             list for this property
 reverse     only on Multilink properties - produce a list of the linked
             items in reverse order
-=========== =============================================================
+=========== =================================================================
 
 The request variable
 ~~~~~~~~~~~~~~~~~~~~
@@ -982,9 +985,9 @@ The request variable is packed with information about the current request.
 
 .. taken from roundup.cgi.templating.HTMLRequest docstring
 
-=========== ================================================================
+=========== =================================================================
 Variable    Holds
-=========== ================================================================
+=========== =================================================================
 form        the CGI form as a cgi.FieldStorage
 env         the CGI environment variables
 url         the current URL path for this request
@@ -993,13 +996,13 @@ user        a HTMLUser instance for this user
 classname   the current classname (possibly None)
 template    the current template (suffix, also possibly None)
 form        the current CGI form variables in a FieldStorage
-=========== ================================================================
+=========== =================================================================
 
 **Index page specific variables (indexing arguments)**
 
-=========== ================================================================
+=========== =================================================================
 Variable    Holds
-=========== ================================================================
+=========== =================================================================
 columns     dictionary of the columns to display in an index page
 show        a convenience access to columns - request/show/colname will
             be true if the columns should be displayed, false otherwise
@@ -1008,13 +1011,13 @@ group       index grouping property (direction, column name)
 filter      properties to filter the index on
 filterspec  values to filter the index on
 search_text text to perform a full-text search on for an index
-=========== ================================================================
+=========== =================================================================
 
 There are several methods available on the request variable:
 
-=============== ============================================================
+=============== =============================================================
 Method          Description
-=============== ============================================================
+=============== =============================================================
 description     render a description of the request - handle for the page
                 title
 indexargs_form  render the current index args as form elements
@@ -1024,7 +1027,7 @@ base_javascript render some javascript that is used by other components of
 batch           run the current index args through a filter and return a
                 list of items (see `hyperdb item wrapper`_, and
                 `batching`_)
-=============== ============================================================
+=============== =============================================================
 
 The form variable
 :::::::::::::::::
@@ -1067,11 +1070,11 @@ The util variable
 
 Note: this is implemented by the roundup.cgi.templating.TemplatingUtils class.
 
-=============== ============================================================
+=============== =============================================================
 Method          Description
-=============== ============================================================
+=============== =============================================================
 Batch           return a batch object using the supplied list
-=============== ============================================================
+=============== =============================================================
 
 Batching
 ::::::::

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 4275c8739bb2d4fbcdeb72a0115c0327540a0135..9bb6ab524f7eb3ca200b4c575ec6c7499b40851f 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.32 2002-09-13 00:08:44 richard Exp $
+# $Id: client.py,v 1.33 2002-09-15 22:41:15 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -596,6 +596,7 @@ class Client:
             self.db.commit()
         except ValueError, message:
             self.error_message.append(message)
+            return
 
         # log the new user in
         self.user = cl.get(self.userid, 'username')
@@ -1134,6 +1135,14 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
             if not value:
                 # ignore empty password values
                 continue
+            if not form.has_key('%s:confirm'%key):
+                raise ValueError, 'Password and confirmation text do not match'
+            confirm = form['%s:confirm'%key]
+            if isinstance(confirm, type([])):
+                raise ValueError, 'You have submitted more than one value'\
+                    ' for the %s property'%key
+            if value != confirm.value:
+                raise ValueError, 'Password and confirmation text do not match'
             value = password.Password(value)
         elif isinstance(proptype, hyperdb.Date):
             if value:

diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 2425f6810a2125fdf526c21b482d24c33915927f..baa60c378388b65b9b6c08535f687d2f80d93ed8 100644 (file)
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -767,10 +767,18 @@ class PasswordHTMLProperty(HTMLProperty):
         return _('*encrypted*')
 
     def field(self, size = 30):
-        ''' Render a form edit field for the property
+        ''' Render a form edit field for the property.
         '''
         return '<input type="password" name="%s" size="%s">'%(self._name, size)
 
+    def confirm(self, size = 30):
+        ''' Render a second form edit field for the property, used for 
+            confirmation that the user typed the password correctly. Generates
+            a field with name "name:confirm".
+        '''
+        return '<input type="password" name="%s:confirm" size="%s">'%(
+            self._name, size)
+
 class NumberHTMLProperty(HTMLProperty):
     def plain(self):
         ''' Render a "plain" representation of the property

diff --git a/roundup/templates/classic/html/user.item b/roundup/templates/classic/html/user.item
index bee5ca14beb36aff0b5feab72beb3f5931d33a6e..ac5046e0da3b95acb489f1ad1345e624ef3a693f 100644 (file)
--- a/roundup/templates/classic/html/user.item
+++ b/roundup/templates/classic/html/user.item
@@ -21,6 +21,10 @@ You are not allowed to view this page.
   <th>Login Password</th>
   <td tal:content="structure context/password/field">password</td>
  </tr>
+ <tr>
+  <th>Confirm Password</th>
+  <td tal:content="structure context/password/confirm">password</td>
+ </tr>
  <tr tal:condition="python:request.user.hasPermission('Web Roles')">
   <th>Roles</th>
   <td tal:condition="context/id"

diff --git a/roundup/templates/classic/html/user.register b/roundup/templates/classic/html/user.register
index 5033d43cefa157bbb89c63f6e3b6cbe53e86e4b2..ba9a7d4ce3b95821e19da00048dd63258c5a50d1 100644 (file)
--- a/roundup/templates/classic/html/user.register
+++ b/roundup/templates/classic/html/user.register
@@ -8,6 +8,10 @@ You are not allowed to view this page.
 
 <tal:block tal:condition="editok">
 <form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data">
+<input type="hidden" name=":template" value="register">
+<input type="hidden" name=":required" value="username">
+<input type="hidden" name=":required" value="password">
+<input type="hidden" name=":required" value="address">
 
 <table class="form">
  <tr>
@@ -22,6 +26,10 @@ You are not allowed to view this page.
   <th>Login Password</th>
   <td tal:content="structure context/password/field">password</td>
  </tr>
+ <tr>
+  <th>Confirm Password</th>
+  <td tal:content="structure context/password/confirm">password</td>
+ </tr>
  <tr tal:condition="python:request.user.hasPermission('Web Roles')">
   <th>Roles</th>
   <td tal:condition="exists:item"