diff options
-rw-r--r-- | install/ui/ipa.js | 398 | ||||
-rw-r--r-- | install/ui/test/data/ipa_init.json | 10 | ||||
-rw-r--r-- | ipalib/plugins/internal.py | 10 |
3 files changed, 314 insertions, 104 deletions
diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 648fcfc31..6e8620982 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -4,6 +4,7 @@ * Adam Young <ayoung@redhat.com> * Endi Dewata <edewata@redhat.com> * John Dennis <jdennis@redhat.com> + * Petr Vobornik <pvoborni@redhat.com> * * Copyright (C) 2010 Red Hat * see file 'COPYING' for use and warranty information @@ -402,6 +403,62 @@ IPA.login_password = function(username, password) { return result; }; +IPA.reset_password = function(username, old_password, new_password) { + + //possible results: 'ok', 'invalid-password', 'policy-error' + + var status, result, reason, invalid, failure, data, request; + + status = 'invalid'; + result = { + status: status, + message: IPA.get_message('password.reset_failure', + "Password reset was not successful.") + }; + + function success_handler(data, text_status, xhr) { + + result.status = xhr.getResponseHeader("X-IPA-Pwchange-Result") || status; + + if (result.status === 'policy-error') { + result.message = xhr.getResponseHeader("X-IPA-Pwchange-Policy-Error"); + } else if (result.status === 'invalid-password') { + result.message = IPA.get_message('password.invalid_password', + "The password or username you entered is incorrect."); + } + + return result; + } + + function error_handler(xhr, text_status, error_thrown) { + return result; + } + + data = { + user: username, + old_password: old_password, + new_password: new_password + }; + + request = { + url: '/ipa/session/change_password', + data: data, + contentType: 'application/x-www-form-urlencoded', + processData: true, + dataType: 'html', + async: false, + type: 'POST', + success: success_handler, + error: error_handler + }; + + IPA.display_activity_icon(); + $.ajax(request); + IPA.hide_activity_icon(); + + return result; +}; + /** * Call an IPA command over JSON-RPC. * @@ -1386,19 +1443,42 @@ IPA.unauthorized_dialog = function(spec) { spec.sections = [ { + name: 'login', + label: 'Login', fields: [ { name: 'username', - required: true, label: IPA.get_message('login.username', "Username") }, { name: 'password', type: 'password', - required: true, label: IPA.get_message('login.password', "Password") } ] + }, + { + name: 'reset', + label: 'Reset', + fields: [ + { + name: 'username_r', + read_only: true, + label: IPA.get_message('login.username', "Username") + }, + { + name: 'new_password', + type: 'password', + required: true, + label: IPA.get_message('password.new_password)', "New Password") + }, + { + name: 'verify_password', + type: 'password', + required: true, + label: IPA.get_message('password.verify_password', "Verify Password") + } + ] } ]; @@ -1406,93 +1486,104 @@ IPA.unauthorized_dialog = function(spec) { var that = IPA.error_dialog(spec); - that.title = spec.title || IPA.get_message('ajax.401.title', - 'Kerberos ticket no longer valid.'); + that.title = spec.title || IPA.get_message('login.login', "Login"); that.message = spec.message || IPA.get_message('ajax.401.message', - "Your kerberos ticket is no longer valid. "+ - "Please run kinit and then click 'Retry'. "+ - "If this is your first time running the IPA Web UI "+ - "<a href='/ipa/config/unauthorized.html'>"+ - "follow these directions</a> to configure your browser."); + "Your session has expired. Please re-login."); + + that.form_auth_msg = spec.form_auth_msg || IPA.get_message('login.form_auth', + "To login with username and password, enter them in the fields below then click Login."); + + that.krb_auth_msg = spec.krb_auth_msg || IPA.get_message('login.krb_auth_msg', + " To login with Kerberos, please make sure you" + + " have valid tickets (obtainable via kinit) and " + + "<a href='/ipa/config/unauthorized.html'>configured</a>" + + " the browser correctly, then click Login. "); that.form_auth_failed = "<p><strong>Please re-enter your username or password</strong></p>" + "<p>The password or username you entered is incorrect. " + "Please try again (make sure your caps lock is off).</p>" + "<p>If the problem persists, contact your administrator.</p>"; - that.password_expired = "<p><strong>Password expired</strong></p>" + - "<p>Please run kinit to reset the password and then try to login again.</p>" + - "<p>If the problem persists, contact your administrator.</p>"; + that.password_expired = "Your password has expired. Please enter a new password."; that.create = function() { - that.krb_message_contatiner = $('<div\>').appendTo(that.container); + that.session_expired_form(); + that.create_reset_form(); + }; + + that.session_expired_form = function() { + that.session_form = $('<div\>', { + keyup: that.on_login_keyup + }).appendTo(that.container); + + that.login_error_box = $('<div/>', { + 'class': 'error-box', + style: 'display:none', + html: that.form_auth_failed + }).appendTo(that.session_form); $('<p/>', { html: that.message - }).appendTo(that.krb_message_contatiner); + }).appendTo(that.session_form); - var text = IPA.get_message('login.use', "Or you can use "); - var fb_title = $('<p/>', { - text: text - }).appendTo(that.krb_message_contatiner); + $('<p/>', { + html: that.krb_auth_msg + }).appendTo(that.session_form); - text = IPA.get_message('login.form_auth', "form-based authentication"); - that.form_auth_link = $('<a/>', { - text: text, - href: '#', - click: function() { - that.show_form(); - return false; - }, - keydown: function(event) { - if (event.keyCode === 13) { //enter - that.show_form(); - return false; - } - } - }).appendTo(fb_title); + $('<p/>', { + html: that.form_auth_msg + }).appendTo(that.session_form); - fb_title.append('.'); + $('<div>', { + 'class': 'auth-dialog' + }).appendTo(that.session_form); - that.create_form(); - }; - that.create_form = function() { + var section = that.widgets.get_widget('login'); + var div = $('<div/>', { + name: 'login', + 'class': 'dialog-section' + }).appendTo(that.session_form); + section.create(div); - that.form = $('<div>', { - 'class': 'auth-dialog', - style: 'display: none;', - keyup: that.on_form_keyup - }).appendTo(that.container); + that.username_widget = that.widgets.get_widget('login.username'); + that.password_widget = that.widgets.get_widget('login.password'); - var text = IPA.get_message('login.login', "Login"); - $('<h3/>', { - text: text - }).appendTo(that.form); + that.username_widget.value_changed.attach(that.on_username_change); + }; - that.error_box = $('<div/>', { - 'class': 'error-box', - style: 'display:none', - html: that.form_auth_failed - }).appendTo(that.form); + that.create_reset_form = function() { + + that.reset_form = $('<div\>', { + keyup: that.on_reset_keyup, + style: 'display:none' + }).appendTo(that.container); + that.reset_error_box = $('<div/>', { + 'class': 'error-box' + }).appendTo(that.reset_form); - var widgets = that.widgets.get_widgets(); - for (var i=0; i<widgets.length; i++) { - var widget = widgets[i]; + $('<p/>', { + html: that.password_expired + }).appendTo(that.reset_form); - var div = $('<div/>', { - name: widget.name, - 'class': 'dialog-section' - }).appendTo(that.form); + var section = that.widgets.get_widget('reset'); + var div = $('<div/>', { + name: 'reset', + 'class': 'dialog-section' + }).appendTo(that.reset_form); + section.create(div); - widget.create(div); - } + that.username_r_widget = that.widgets.get_widget('reset.username_r'); + that.new_password_widget = that.widgets.get_widget('reset.new_password'); + that.verify_password_widget = that.widgets.get_widget('reset.verify_password'); }; - that.create_login_buttons = function() { + that.create_buttons = function() { + + that.buttons.empty(); var visible = that.visible_buttons.indexOf('login') > -1; var label = IPA.get_message('login.login', "Login"); @@ -1505,24 +1596,75 @@ IPA.unauthorized_dialog = function(spec) { } }); - visible = that.visible_buttons.indexOf('back') > -1; - label = IPA.get_message('buttons.back', "Back"); + visible = that.visible_buttons.indexOf('reset') > -1; + label = IPA.get_message('buttons.reset_password_and_login', "Reset Password and Login"); + that.create_button({ + name: 'reset', + label: label, + visible: visible, + click: function() { + that.on_reset(); + } + }); + + visible = that.visible_buttons.indexOf('cancel') > -1; + label = IPA.get_message('buttons.cancel', "Cancel"); that.create_button({ - name: 'back', + name: 'cancel', label: label, visible: visible, click: function() { - that.on_back(); + that.on_cancel(); } }); }; that.open = function() { that.dialog_open(); - that.form_auth_link.focus(); + that.show_session_form(); + }; + + that.on_username_change = function() { + + var password_field = that.fields.get_field('password'); + var user_specified = !IPA.is_empty(that.username_widget.save()); + password_field.set_required(user_specified); + if (!user_specified) that.password_widget.clear(); }; - that.on_form_keyup = function(event) { + that.enable_fields = function(field_names) { + + var field, fields, i, enable; + fields = that.fields.get_fields(); + for (i=0; i<fields.length; i++) { + field = fields[i]; + enable = field_names.indexOf(field.name) > -1; + field.set_enabled(enable); + } + }; + + that.show_session_form = function() { + + that.enable_fields(['username', 'password']); + that.session_form.css('display', 'block'); + that.reset_form.css('display', 'none'); + that.display_buttons(['login']); + that.username_widget.focus_input(); + }; + + that.show_reset_form = function() { + + that.enable_fields(['new_password', 'verify_password']); + that.session_form.css('display', 'none'); + that.reset_form.css('display', 'block'); + that.display_buttons(['reset', 'cancel']); + + var username = that.username_widget.save(); + that.username_r_widget.update(username); + that.new_password_widget.focus_input(); + }; + + that.on_login_keyup = function(event) { if (that.switching) { that.switching = false; @@ -1532,62 +1674,126 @@ IPA.unauthorized_dialog = function(spec) { if (event.keyCode === 13) { // enter that.on_login(); event.preventDefault(); - } else if (event.keyCode === 27) { // escape - that.on_back(); - event.preventDefault(); } }; - that.show_form = function() { - - that.switching = true; + that.on_cancel = function() { - that.krb_message_contatiner.css('display', 'none'); - that.form.css('display', 'block'); - that.display_buttons(['login', 'back']); + that.username_widget.clear(); + that.password_widget.clear(); + that.username_r_widget.clear(); + that.new_password_widget.clear(); + that.verify_password_widget.clear(); - var user_field = that.fields.get_field('username'); - user_field.widget.focus_input(); + that.show_session_form(); }; - that.on_back = function() { + that.on_login = function() { - that.krb_message_contatiner.css('display', 'block'); - that.form.css('display', 'none'); - that.display_buttons(['retry']); - that.form_auth_link.focus(); - }; + var username = that.username_widget.save(); + var password = that.password_widget.save(); - that.on_login = function() { + //if user doesn't specify username and password try kerberos auth + if (IPA.is_empty(username) && IPA.is_empty(password)) { + that.on_retry(); + return; + } if (!that.validate()) return; - var record = {}; - that.save(record); - IPA.display_activity_icon(); - var result = IPA.login_password(record.username[0], record.password[0]); + var result = IPA.login_password(username[0], password[0]); IPA.hide_activity_icon(); if (result === 'success') { that.on_login_success(); } else if (result === 'expired') { - that.error_box.html(that.password_expired); - that.error_box.css('display', 'block'); - }else { - that.error_box.html(that.form_auth_failed); - that.error_box.css('display', 'block'); + that.reset_error_box.css('display', 'none'); + that.show_reset_form(); + } else { + that.login_error_box.html(that.form_auth_failed); + that.login_error_box.css('display', 'block'); } }; that.on_login_success = function() { - that.error_box.css('display', 'none'); + that.login_error_box.css('display', 'none'); + + that.username_widget.clear(); + that.password_widget.clear(); + that.on_retry(); }; - that.create_login_buttons(); + that.on_reset_keyup = function(event) { + + if (that.switching) { + that.switching = false; + return; + } + + if (event.keyCode === 13) { // enter + that.on_reset(); + event.preventDefault(); + } else if (event.keyCode === 27) { // escape + that.on_cancel(); + event.preventDefault(); + } + }; + + that.on_reset = function() { + if (!that.validate()) return; + + var username = that.username_widget.save(); + var password = that.password_widget.save(); + var new_password = that.new_password_widget.save(); + var verify_password = that.verify_password_widget.save(); + + if (new_password[0] !== verify_password[0]) { + var message = IPA.get_message('password.password_must_match', + "Passwords must match"); + that.reset_error_box.html(message); + that.reset_error_box.css('display', 'block'); + return; + } else { + that.reset_error_box.css('display', 'none'); + } + + IPA.display_activity_icon(); + + var result = IPA.reset_password(username[0], + password[0], + new_password[0]); + + IPA.hide_activity_icon(); + + if (result.status === 'ok') { + that.on_reset_success(); + } else { + that.reset_error_box.html(result.message); + that.reset_error_box.css('display', 'block'); + } + }; + + that.on_reset_success = function() { + + that.login_error_box.css('display', 'none'); + that.reset_error_box.css('display', 'none'); + + that.password_widget.update(that.new_password_widget.save()); + + that.new_password_widget.clear(); + that.verify_password_widget.clear(); + + that.show_session_form(); + + //re-login + that.on_login(); + }; + + that.create_buttons(); return that; }; diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 09d5a545e..9bb36bb74 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -9,8 +9,7 @@ "messages": { "ajax": { "401": { - "message": "Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI <a href='/ipa/config/unauthorized.html'>follow these directions</a> to configure your browser.", - "title": "Kerberos ticket no longer valid." + "message": "Your session has expired. Please re-login." } }, "actions": { @@ -67,6 +66,7 @@ "refresh": "Refresh", "remove": "Delete", "reset": "Reset", + "reset_password_and_login": "Reset Password and Login", "restore": "Restore", "retry": "Retry", "revoke": "Revoke", @@ -129,13 +129,13 @@ }, "false": "False", "login": { - "form_auth": "form-based authentication", + "form_auth": "To login with username and password, enter them in the fields below then click Login.", "header": "Logged In As", + "krb_auth_msg": "To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and <a href='/ipa/config/unauthorized.html'>configured</a> the browser correctly, then click Login.", "login": "Login", "logout": "Logout", "logout_error": "Logout error", "password": "Password", - "use": "Or you can use ", "username": "Username" }, "objects": { @@ -426,10 +426,12 @@ "password": { "current_password": "Current Password", "current_password_required": "Current password is required", + "invalid_password": "The password or username you entered is incorrect.", "new_password": "New Password", "new_password_required": "New password is required", "password_change_complete": "Password change complete", "password_must_match": "Passwords must match", + "reset_failure": "Password reset was not successful.", "reset_password": "Reset Password", "verify_password": "Verify Password" }, diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index d860baf47..82ef30036 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -144,8 +144,7 @@ class i18n_messages(Command): messages = { "ajax": { "401": { - "message": _("Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI <a href='/ipa/config/unauthorized.html'>follow these directions</a> to configure your browser."), - "title": _("Kerberos ticket no longer valid."), + "message": _("Your session has expired. Please re-login."), }, }, "actions": { @@ -202,6 +201,7 @@ class i18n_messages(Command): "refresh": _("Refresh"), "remove": _("Delete"), "reset": _("Reset"), + "reset_password_and_login": _("Reset Password and Login"), "restore": _("Restore"), "retry": _("Retry"), "revoke": _("Revoke"), @@ -264,13 +264,13 @@ class i18n_messages(Command): }, "false": _("False"), "login": { - "form_auth": _("form-based authentication"), + "form_auth": _("To login with username and password, enter them in the fields below then click Login."), "header": _("Logged In As"), + "krb_auth_msg": _("To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and <a href='/ipa/config/unauthorized.html'>configured</a> the browser correctly, then click Login."), "login": _("Login"), "logout": _("Logout"), "logout_error": _("Logout error"), "password": _("Password"), - "use": _("Or you can use "), "username": _("Username"), }, "objects": { @@ -565,10 +565,12 @@ class i18n_messages(Command): "password": { "current_password": _("Current Password"), "current_password_required": _("Current password is required"), + "invalid_password": _("The password or username you entered is incorrect."), "new_password": _("New Password"), "new_password_required": _("New password is required"), "password_change_complete": _("Password change complete"), "password_must_match": _("Passwords must match"), + "reset_failure": _("Password reset was not successful."), "reset_password": _("Reset Password"), "verify_password": _("Verify Password"), }, |