Mercurial > p > roundup > code

changeset 8535:4184173d364f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: make web page follow login_empty_passwords setting. remove the required attribute from password input in the the html templates if login_empty_passwords is enabled in config.ini. Also document in upgrading.txt.
author John Rouillard <rouilj@ieee.org>
date Wed, 18 Mar 2026 17:49:16 -0400
parents 1f8492d68aca
children 5800afdebded
files CHANGES.txt doc/upgrading.txt share/roundup/templates/classic/html/page.html share/roundup/templates/devel/html/page.html share/roundup/templates/jinja2/html/layout/navigation.html share/roundup/templates/minimal/html/page.html share/roundup/templates/responsive/html/page.html
diffstat 7 files changed, 61 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES.txt	Wed Mar 18 17:24:14 2026 -0400
+++ b/CHANGES.txt	Wed Mar 18 17:49:16 2026 -0400
@@ -54,6 +54,9 @@
   retrieved from the REST interface would cause errors when sent
   using POST or PUT verbs. Also guard against password being set to
   None. (John Rouillard)
+- change the html templates so that the password is not required if
+  the ``login_empty_passwords`` setting is enabled in ``config.ini``.
+  Directions for your tracker are in upgrading.txt. (John Rouillard)
 
 Features:
 
--- a/doc/upgrading.txt	Wed Mar 18 17:24:14 2026 -0400
+++ b/doc/upgrading.txt	Wed Mar 18 17:49:16 2026 -0400
@@ -237,6 +237,49 @@
   
 in the ``html/page.html`` file in your tracker.
 
+Allow users without a password to log in (optional)
+---------------------------------------------------
+
+You can configure a tracker to allow a login without a password.
+However the default html templates require the password field to
+be filled in. This prevents a login with an empty password.
+
+If you don't want to allow a login without a password, you can
+skip this section.
+
+This change automatically removes the required attribute if the
+``config.ini`` ``login_empty_passwords`` setting is enabled
+(true). The default is disabled with the value ``no``).
+
+This change is the default for the tracker templates in 2.6 and
+newer.
+
+To add this to your tracker, change the ``page.html`` (for TAL
+based trackers) or ``layout/navigation.html (for jinja2 trackers).
+
+For TAL trackers, replace the ``required`` parameter by finding
+the following password input in the tracker's ``html/page.html``
+file::
+
+  <input size="10" spellcheck="false" type="password" required name="__login_password"><br>
+
+and modifying it to look like::
+
+  <input size="10" spellcheck="false" type="password"
+         tal:attributes="required python: 'required'
+               if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing"
+         name="__login_password"><br>
+
+The equivalent change for jinja2's
+``html/layout/navigation.html`` based template starts with::
+
+  <input class="form-control form-control-sm" spellcheck="false" type="password" required name="__login_password" placeholder='password'>
+
+and changes to::
+
+  <input class="form-control form-control-sm" spellcheck="false" type="password" name="__login_password" placeholder='password' {{ "required" if not db.config.WEB_LOGIN_EMPTY_PASSWORDS }}>
+
+
 .. index:: Upgrading; 2.4.0 to 2.5.0
 
 Migrating from 2.4.0 to 2.5.0
--- a/share/roundup/templates/classic/html/page.html	Wed Mar 18 17:24:14 2026 -0400
+++ b/share/roundup/templates/classic/html/page.html	Wed Mar 18 17:49:16 2026 -0400
@@ -132,7 +132,10 @@
    <p class="userblock">
     <b i18n:translate="">Login</b><br>
     <input size="10" required name="__login_name"><br>
-    <input size="10" spellcheck="false" type="password" required name="__login_password"><br>
+    <input size="10" spellcheck="false" type="password"
+	   tal:attributes="required python: 'required'
+		 if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing"
+	   name="__login_password"><br>
     <input type="hidden" name="@action" value="Login">
     <input type="checkbox" name="remember" id="remember">
     <label for="remember" i18n:translate="">Remember me?</label><br>
--- a/share/roundup/templates/devel/html/page.html	Wed Mar 18 17:24:14 2026 -0400
+++ b/share/roundup/templates/devel/html/page.html	Wed Mar 18 17:49:16 2026 -0400
@@ -163,7 +163,9 @@
         <li>
          <tal:span i18n:translate="">Login</tal:span><br/>
          <input size="10" required name="__login_name"/><br/>
-         <input size="10" spellcheck="false" type="password" required name="__login_password"/><br/>
+         <input size="10" spellcheck="false" type="password" required name="__login_password"
+		tal:attributes="required python: 'required'
+		 if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing"/><br/>
 	 <input name="@csrf" type="hidden"
 		tal:attributes="value python:utils.anti_csrf_nonce()">
          <input type="hidden" name="@action" value="Login"/>
--- a/share/roundup/templates/jinja2/html/layout/navigation.html	Wed Mar 18 17:24:14 2026 -0400
+++ b/share/roundup/templates/jinja2/html/layout/navigation.html	Wed Mar 18 17:49:16 2026 -0400
@@ -113,7 +113,7 @@
         <input class="form-control form-control-sm" type='text' required name="__login_name" placeholder='username'>
       </li>
       <li class="nav-item">
-        <input class="form-control form-control-sm" spellcheck="false" type="password" required name="__login_password" placeholder='password'>
+        <input class="form-control form-control-sm" spellcheck="false" type="password" name="__login_password" placeholder='password' {{ "required" if not db.config.WEB_LOGIN_EMPTY_PASSWORDS }}>
       </li>
       <li class="nav-item">
         <label class="form-control form-control-sm" class='checkbox'>
--- a/share/roundup/templates/minimal/html/page.html	Wed Mar 18 17:24:14 2026 -0400
+++ b/share/roundup/templates/minimal/html/page.html	Wed Mar 18 17:49:16 2026 -0400
@@ -130,7 +130,10 @@
    <p class="userblock">
     <b i18n:translate="">Login</b><br>
     <input size="10" required name="__login_name"><br>
-    <input size="10" type="password" spellcheck="false" required name="__login_password"><br>
+    <input size="10" type="password" spellcheck="false"
+	   tal:attributes="required python: 'required'
+		 if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing"
+	   name="__login_password"><br>
     <input name="@csrf" type="hidden"
            tal:attributes="value python:utils.anti_csrf_nonce()">
     <input type="hidden" name="@action" value="Login">
--- a/share/roundup/templates/responsive/html/page.html	Wed Mar 18 17:24:14 2026 -0400
+++ b/share/roundup/templates/responsive/html/page.html	Wed Mar 18 17:49:16 2026 -0400
@@ -178,7 +178,9 @@
                 <fieldset>
                   <legend><i class='icon-user'></i>Login form</legend>
                   <input name="__login_name" type='text' placeholder='Username' i18n:attributes="placeholder" required>
-                  <input spellcheck="false" type="password" name="__login_password" placeholder='Password' i18n:attributes="placeholder" required>
+                  <input spellcheck="false" type="password" name="__login_password" placeholder='Password' i18n:attributes="placeholder"
+			 tal:attributes="required python: 'required'
+		 if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing">
 		  <input name="@csrf" type="hidden"
 			 tal:attributes="value python:utils.anti_csrf_nonce()">
                   <input type="hidden" name="@action" value="Login"/>
Roundup Issue Tracker: http://roundup-tracker.org/