password edit now has a confirmation field

registration error punts back to register page

Author: Richard Jones

CHANGES.txt

@@ -4,6 +4,9 @@ are given with the most recent entry first.
 2002-09-?? 0.5.0 ????
  . handling of None for Date/Interval/Password values in export/import
  . handling of journal values in export/import
+ . password edit now has a confirmation field
+ . registration error punts back to register page
+
 
 2002-09-13 0.5.0 beta2
  . all backends now have a .close() method, and it's used everywhere

TODO.txt

@@ -53,10 +53,6 @@ pending web       rewritten documentation (can come after the beta though so
                   customisation doc
 pending web       allow multilink selections to select a "none" element to allow
                   people with broken browsers to select nothing?
-pending web       password edit fields should always appear in pairs - for
-                  confirmation
-pending web       write a _generic.item
-pending dist      include the HTML in docs
 
 bug     web       request.url is incorrect in cgi-bin environments
 bug     web       do something about file.newitem

doc/customizing.txt

@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.34 $
+:Version: $Revision: 1.35 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -951,9 +951,9 @@ _value          the value of the property if any
 
 There are several methods available on these wrapper objects:
 
-=========== =============================================================
+=========== =================================================================
 Method      Description
-=========== =============================================================
+=========== =================================================================
 plain       render a "plain" representation of the property
 field       render a form edit field for the property
 stext       only on String properties - render the value of the
@@ -963,6 +963,9 @@ multiline   only on String properties - render a multiline form edit
             field for the property
 email       only on String properties - render the value of the 
             property as an obscured email address
+confirm     only on Password properties - render a second form edit field for
+            the property, used for confirmation that the user typed the
+            password correctly. Generates a field with name "name:confirm".
 reldate     only on Date properties - render the interval between the
             date and now
 pretty      only on Interval properties - render the interval in a
@@ -971,7 +974,7 @@ menu        only on Link and Multilink properties - render a form select
             list for this property
 reverse     only on Multilink properties - produce a list of the linked
             items in reverse order
-=========== =============================================================
+=========== =================================================================
 
 The request variable
 ~~~~~~~~~~~~~~~~~~~~
@@ -982,9 +985,9 @@ The request variable is packed with information about the current request.
 
 .. taken from roundup.cgi.templating.HTMLRequest docstring
 
-=========== ================================================================
+=========== =================================================================
 Variable    Holds
-=========== ================================================================
+=========== =================================================================
 form        the CGI form as a cgi.FieldStorage
 env         the CGI environment variables
 url         the current URL path for this request
@@ -993,13 +996,13 @@ user        a HTMLUser instance for this user
 classname   the current classname (possibly None)
 template    the current template (suffix, also possibly None)
 form        the current CGI form variables in a FieldStorage
-=========== ================================================================
+=========== =================================================================
 
 **Index page specific variables (indexing arguments)**
 
-=========== ================================================================
+=========== =================================================================
 Variable    Holds
-=========== ================================================================
+=========== =================================================================
 columns     dictionary of the columns to display in an index page
 show        a convenience access to columns - request/show/colname will
             be true if the columns should be displayed, false otherwise
@@ -1008,13 +1011,13 @@ group       index grouping property (direction, column name)
 filter      properties to filter the index on
 filterspec  values to filter the index on
 search_text text to perform a full-text search on for an index
-=========== ================================================================
+=========== =================================================================
 
 There are several methods available on the request variable:
 
-=============== ============================================================
+=============== =============================================================
 Method          Description
-=============== ============================================================
+=============== =============================================================
 description     render a description of the request - handle for the page
                 title
 indexargs_form  render the current index args as form elements
@@ -1024,7 +1027,7 @@ base_javascript render some javascript that is used by other components of
 batch           run the current index args through a filter and return a
                 list of items (see `hyperdb item wrapper`_, and
                 `batching`_)
-=============== ============================================================
+=============== =============================================================
 
 The form variable
 :::::::::::::::::
@@ -1067,11 +1070,11 @@ The util variable
 
 Note: this is implemented by the roundup.cgi.templating.TemplatingUtils class.
 
-=============== ============================================================
+=============== =============================================================
 Method          Description
-=============== ============================================================
+=============== =============================================================
 Batch           return a batch object using the supplied list
-=============== ============================================================
+=============== =============================================================
 
 Batching
 ::::::::

roundup/cgi/client.py

@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.32 2002-09-13 00:08:44 richard Exp $
+# $Id: client.py,v 1.33 2002-09-15 22:41:15 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -596,6 +596,7 @@ def registerAction(self):
             self.db.commit()
         except ValueError, message:
             self.error_message.append(message)
+            return
 
         # log the new user in
         self.user = cl.get(self.userid, 'username')
@@ -1134,6 +1135,14 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
             if not value:
                 # ignore empty password values
                 continue
+            if not form.has_key('%s:confirm'%key):
+                raise ValueError, 'Password and confirmation text do not match'
+            confirm = form['%s:confirm'%key]
+            if isinstance(confirm, type([])):
+                raise ValueError, 'You have submitted more than one value'\
+                    ' for the %s property'%key
+            if value != confirm.value:
+                raise ValueError, 'Password and confirmation text do not match'
             value = password.Password(value)
         elif isinstance(proptype, hyperdb.Date):
             if value:

roundup/cgi/templating.py

@@ -767,10 +767,18 @@ def plain(self):
         return _('*encrypted*')
 
     def field(self, size = 30):
-        ''' Render a form edit field for the property
+        ''' Render a form edit field for the property.
         '''
         return '<input type="password" name="%s" size="%s">'%(self._name, size)
 
+    def confirm(self, size = 30):
+        ''' Render a second form edit field for the property, used for 
+            confirmation that the user typed the password correctly. Generates
+            a field with name "name:confirm".
+        '''
+        return '<input type="password" name="%s:confirm" size="%s">'%(
+            self._name, size)
+
 class NumberHTMLProperty(HTMLProperty):
     def plain(self):
         ''' Render a "plain" representation of the property

roundup/templates/classic/html/user.item

@@ -21,6 +21,10 @@ You are not allowed to view this page.
   <th>Login Password</th>
   <td tal:content="structure context/password/field">password</td>
  </tr>
+ <tr>
+  <th>Confirm Password</th>
+  <td tal:content="structure context/password/confirm">password</td>
+ </tr>
  <tr tal:condition="python:request.user.hasPermission('Web Roles')">
   <th>Roles</th>
   <td tal:condition="context/id"

roundup/templates/classic/html/user.register

@@ -8,6 +8,10 @@ You are not allowed to view this page.
 
 <tal:block tal:condition="editok">
 <form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data">
+<input type="hidden" name=":template" value="register">
+<input type="hidden" name=":required" value="username">
+<input type="hidden" name=":required" value="password">
+<input type="hidden" name=":required" value="address">
 
 <table class="form">
  <tr>
@@ -22,6 +26,10 @@ You are not allowed to view this page.
   <th>Login Password</th>
   <td tal:content="structure context/password/field">password</td>
  </tr>
+ <tr>
+  <th>Confirm Password</th>
+  <td tal:content="structure context/password/confirm">password</td>
+ </tr>
  <tr tal:condition="python:request.user.hasPermission('Web Roles')">
   <th>Roles</th>
   <td tal:condition="exists:item"