Something is dead wrong in the new hide email feature.
When you register a new user the email field is not visible in the Users home topic.
Instead there is some new confusing email field further down in the topic.
In the
UserForm there is now a H in the tool tip column???
The email field is not visible. When the user edits his homepage - leaving the email field still empty it suddenly appears. This is confusing and suits no purpose.
The email field should always be visible in the top form empty or not empty!
There are so many other fields that users keep empty so there is no point in hiding this one field.
The user will not intuitively know that he can add an email address if he cannot see the empty field in the form.
Some users - even when TWiki is setup for hidden passwords - will want to add a visible email address anyway. You see to see the field to know that you can in fact add it by hitting edit.
The 2nd issue is that even if I set {AntiSpam}{HideUserDetails} the email address does not even get visible in the users home topic. I assume there should be a USERINFO field in the "My Personal Data" field.
As a general view the intuitive way of behavour is that when you register and the admin has set {AntiSpam}{HideUserDetails} to off, the email address from the registration form should be copied to the email field in the UserForm.
Currently it is connected to the use of {PasswordManager}. This was the best could implement when we decided to hide the email addresses just before releasing 4.0.0. We assumed that in Internet TWikis you would generally use .htpasswd for passwords and on Intranets other means of authentication.
KJL
We have in principle TWO different but related requirements.
Registration
- Email address should be copied from registration form to users home page
- Email address should NOT be copied from registration form to users home page. The email address field should be left empty. The field must not be hidden for view. The user should know that he can put any email address - padded to his comfort - or alternative email address - in the field. He will not know if field is hidden.
Showing personal data on users homepage
- Show HIDDEN email address to everyone
- Show HIDDEN email address only to the user himself
In my view BOTH features could/should be linked to {AntiSpam}{HideUserDetails}
That also makes the test cases we need simple which in itself is good. BUT it takes a password manager that supports hiding email addresses to do that because we chose to place email addresses in .htpasswd.
With {AntiSpam}{HideUserDetails} ON
- When you register AND {PasswordManager} is NOT None. Registration: Email address is NOT copied to the UserForm on the user topic.
- When you register AND {PasswordManager} is None. Registration: Email address is copied to the UserForm on the user topic (because we have nowhere else to put it)
With {AntiSpam}{HideUserDetails} OFF
- When you register Email address is copied to the UserForm on the user topic. {PasswordManager} makes no difference in this case.
USERINFO on users Home topic
A USERINFO field will be shown on the users homepage.
- When {AntiSpam}{HideUserDetails} is ON - only the user will see the email address
- When {AntiSpam}{HideUserDetails} is OFF - anyone will see the email address
KJL
I have found the following issues.
- %USERINFO{user="Item2365" format="$emails"}% is not valid syntax in the first place. It should be %USERINFO{"Item2365" format="$emails"}%
- When I correct the syntax for USERINFO in NewUserTemplate the tag is not surviving. It is always being removed completely. No matter how I set any relevant configure parameters. Why is this TWiki variable being filtered out?
- I am still searching in the code for the section that adds the email address only when {PasswordManager}is not set. I have searched through every bit of UI/Register.pm. I am even trying to map what is going on in the code: http://www.lavrsen.dk/twiki/bin/view/Kenneth/TWikiRegistrationSteps. Also to work on Item2368.
KJL
I can see that it is CC that removed the email field from
NewUserTemplate. This means that when the topic is initially created the field is not there. The minute the user edits his topic is will appear because it is in the user form.
It is bad user interface to hide a field from the user as I already argued. Many of my users and also many on TWiki.org wants their email address displayed in public. Or they want an alternative one displayed in public. And then you need to see that there is a field to get the idea that you can add something to it.
So I am re-entering the field on the template. At the same time I will correct the USERINFO syntax. But this is only part of the fix of this bug report.
KJL
The field in the user topic is only relevant if emails cannot be stored by the password manager. In that case the
fallback position is to store the email in the user topic. The H is in the attribute field, indicating a hidden attribute, becuase the user email is still to be regarded as confidential. Email addresses should be hidden, except to a person who can edit the home topic i.e. the user. A user's email address should
only be accessible on a TWiki page via %USERINFO. Please do
not remove the H attribute from the field.
The HideUserDetails option applies to all users, or to none. There is no scope for hiding emails on a user-by-user basis. If a user wishes to add their email address to their personal topic in plain, then they are free to do so.
USERINFO will be filtered if the site has HideUserDetails - as you would expect. I considered adding a "warn" type option, similar to INCLUDE, but felt it would be intrusive (as well as requiring translations after the translations freeze).
From my perspective, the
only change that should be made here is the USERINFO call in the user template. I had thought I had supported both the default field and the user= option; I guess I didn't.
The code you want is in
Client/Password.pm
, the superclass of all pasword managers.
CC
The email field in the user topic is very relevant even when email are hidden.
I think many of us register with one email address and put a disposable one in the form on the user topic. The field should not be hidden. And it actually is not hidden even with the H. It does not seem to work anyway. H or no H. The fiels is visible with or without email address.
If this comes to a new disagreement on spec then we need to bring it up on a Codev topic and if needed in a release meeting.
The user topics and the registration are vital features and vital user interfaces and they should not be changed around without concensus.
KJL
And yes. We still need to find out why the USERINFO is stripped out even when the syntax is valid.
KJL
OK.
Good news.
CC and I have had a good chat. Here is the status
- The email field is no longer hidden. We agreed that we need to better signal what this field is for when we have hidden emails in .htpasswd. I agree this is weak. I want to think it over a little. I have some ideas. For now it works again like in 4.0.0, 4.0.1 and 4.0.2
- The new email field that shows the hidden email (if there is one) now works. We simply carry over the USERINFO field as raw TML. This means that when we have {AntiSpam}{HideUserDetails} ON only the user sees the right email address. Anyone else see their own. Then they can spam themselves (Maybe the USERINFO should show something else in general - that is another discussion).
The urgent parts of this bug report are now resolved.
I want to think over the how to present the user how to use the email form field without writing some hidden secret doc or several sentences. It has to come intuitively in the presentation on the users topic.
Changing state to waiting for release and opening a new bug so this can get in release notes if we release 4.0.3 before this is fully resolved.
KJL
After
CC changed the USERINFO code this feature is not working at all in any sensible way.
Now the new Email field just the static email address that the person has when he/she registers.
And the email address is put in the new users topic even when {AntiSpam}{HideUserDetails} is ON in configure.
We are supposed to have the USERINFO tag in the table. And if this is not possible remove the entire "My Personal Data" again from the NewUserTemplate because duplicating the email field from the form with static data makes no sense at all.
Re-opening.
KJL
tested more. It is even worse.
- {AntiSpam}{HideUserDetails} is ON. Your email address is painted in plain visible text right on your new user topic in the little email table in "My Personal Data".
- {AntiSpam}{HideUserDetails} is OFF. The email table contains nothing. No code. No email address.
The right way it should work is adding the %USERINFO{"%TOPIC%" format="$emails"}% to the table ALWAYS - unexpanded - and then let {AntiSpam}{HideUserDetails} control what is shown in that field.
KJL
HA!
The whole issue was again the expansion of USERINFO.
And depending on the {AntiSpam}{HideUserDetails} it would be expanded to either blank or email address and that made the whole thing look reverted and odd.
Inserting a little NOP the right place and it all works great.
%USERIN%NOP%FO{"%TOPIC%" format="$emails"}%
which I have committed and put the report back to waiting for release.
KJL