* Fix some bugs in password handling:

  - If the password is empty in preferences, don't clear the existing
    password.
  - Actually check the confirm password field, even if it's left empty.

diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 1520cea837c5a5b014bcab4b4763930ac0059cdb..b61e6c86e1b118c5baeb852de95a187dc39de854 100644 (file)
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -30,6 +30,17 @@ sub formbuilder_setup (@) { #{{{
                        $form->field(name => "email", size => 50);
                        $form->title("register");
                        $form->text("");
+               
+                       $form->field(name => "confirm_password",
+                               validate => sub {
+                                       shift eq $form->field("password");
+                               },
+                       );
+                       $form->field(name => "password",
+                               validate => sub {
+                                       shift eq $form->field("confirm_password");
+                               },
+                       );
                }
 
                if ($form->submitted) {
@@ -46,12 +57,6 @@ sub formbuilder_setup (@) { #{{{
                        }
        
                        if ($submittype eq "Create Account") {
-                               $form->field(
-                                       name => "confirm_password",
-                                       validate => sub {
-                                               shift eq $form->field("password");
-                                       },
-                               );
                                $form->field(
                                        name => "account_creation_password",
                                        validate => sub {
@@ -120,13 +125,15 @@ sub formbuilder_setup (@) { #{{{
                        value => $session->param("name"), force => 1,
                        fieldset => "login");
                $form->field(name => "password", type => "password",
-                       fieldset => "login");
+                       fieldset => "login",
+                       validate => sub {
+                               shift eq $form->field("confirm_password");
+                       }),
                $form->field(name => "confirm_password", type => "password",
                        fieldset => "login",
                        validate => sub {
                                shift eq $form->field("password");
-                       });
-               
+                       }),
        }
 }
 
@@ -197,7 +204,7 @@ sub formbuilder (@) { #{{{
                if ($form->submitted eq "Save Preferences" && $form->validate) {
                        my $user_name=$form->field('name');
                        foreach my $field (qw(password)) {
-                               if (defined $form->field($field)) {
+                               if (defined $form->field($field) && length $form->field($field)) {
                                        IkiWiki::userinfo_set($user_name, $field, $form->field($field)) ||
                                                error("failed to set $field");
                                }

diff --git a/debian/changelog b/debian/changelog
index 52c16393fb2b8b9477b86af5d643ac68f7e10e2d..83cb6b40fa252d08bb685dcf5d7deabb6533b2bf 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,8 +32,12 @@ ikiwiki (2.1) UNRELEASED; urgency=low
     there.
   * Patch from hb to fix the pagestats plugin, which was broken by a past
     change to the backlinks() function.
+  * Fix some bugs in password handling:
+    - If the password is empty in preferences, don't clear the existing
+      password.
+    - Actually check the confirm password field, even if it's left empty.
 
- -- Joey Hess <joeyh@debian.org>  Sat, 12 May 2007 13:55:19 -0400
+ -- Joey Hess <joeyh@debian.org>  Thu, 17 May 2007 04:02:04 -0400
 
 ikiwiki (2.00) unstable; urgency=low
 

diff --git a/doc/bugs/password_deletion.mdwn b/doc/bugs/password_deletion.mdwn
new file mode 100644 (file)
index 0000000..ff2cd2c
--- /dev/null
+++ b/doc/bugs/password_deletion.mdwn
@@ -0,0 +1,7 @@
+I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen).
+
+I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved.  I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented.
+
+-- [[KarlMW]]
+
+[[fixed|done]] --[[Joey]]

diff --git a/doc/plugins/passwordauth/discussion.mdwn b/doc/plugins/passwordauth/discussion.mdwn
index b4bab4280b73bb0258ef5e86c18c18fca530899f..4636e918c36756b482a77d22f3c58e77160c0bc0 100644 (file)
--- a/doc/plugins/passwordauth/discussion.mdwn
+++ b/doc/plugins/passwordauth/discussion.mdwn
@@ -1,5 +1 @@
-I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen).
-
-I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved.  I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented.
-
--- [[KarlMW]]
\ No newline at end of file
+moved to [[bugs/password_deletion]] --[[Joey]]