diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2012-04-16 12:22:34 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-16 21:54:27 -0400 |
| commit | bd84fb445845bffc03109f3c69201c45da46fd48 (patch) | |
| tree | be6aa4e8feb990d2583f99044aaed954d3275e1b | |
| parent | d05a5c646087877abe3819116cfc84ef9b053567 (diff) | |
| download | freeipa-bd84fb445845bffc03109f3c69201c45da46fd48.tar.gz freeipa-bd84fb445845bffc03109f3c69201c45da46fd48.tar.xz freeipa-bd84fb445845bffc03109f3c69201c45da46fd48.zip | |
User is notified that password needs to be reset in forms-based login
Forms-based login procedure detects if 401 unauthorized response contains
'X-IPA-Rejection-Reason' http header with 'password-expired' value. If so
it displays an error message that user needs to reset his password.
https://fedorahosted.org/freeipa/ticket/2608
| -rw-r--r-- | install/ui/ipa.js | 36 | ||||
| -rw-r--r-- | install/ui/login.html | 9 | ||||
| -rw-r--r-- | install/ui/login.js | 39 |
3 files changed, 67 insertions, 17 deletions
diff --git a/install/ui/ipa.js b/install/ui/ipa.js index eeac03053..ed380d9cb 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -359,10 +359,23 @@ IPA.logout = function() { IPA.login_password = function(username, password) { - var success = false; + var result = 'invalid'; function success_handler(data, text_status, xhr) { - success = true; + result = 'success'; + } + + function error_handler(xhr, text_status, error_thrown) { + + if (xhr.status === 401) { + var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason"); + + //change result from invalid only if we have a header which we + //understand + if (reason === 'password-expired') { + result = 'expired'; + } + } } var data = { @@ -378,14 +391,15 @@ IPA.login_password = function(username, password) { dataType: 'html', async: false, type: 'POST', - success: success_handler + success: success_handler, + error: error_handler }; IPA.display_activity_icon(); $.ajax(request); IPA.hide_activity_icon(); - return success; + return result; }; /** @@ -1340,6 +1354,10 @@ IPA.unauthorized_dialog = function(spec) { "Please try again (make sure your caps lock is off).</p>" + "<p>If the problem persists, contact your administrator.</p>"; + that.password_expired = "<p><strong>Password expired</strong></p>" + + "<p>Please run kinit to reset the password and then try to login again.</p>" + + "<p>If the problem persists, contact your administrator.</p>"; + that.create = function() { that.krb_message_contatiner = $('<div\>').appendTo(that.container); @@ -1482,13 +1500,17 @@ IPA.unauthorized_dialog = function(spec) { IPA.display_activity_icon(); - var success = IPA.login_password(record.username[0], record.password[0]); + var result = IPA.login_password(record.username[0], record.password[0]); IPA.hide_activity_icon(); - if (success) { + if (result === 'success') { that.on_login_success(); - } else { + } else if (result === 'expired') { + that.error_box.html(that.password_expired); + that.error_box.css('display', 'block'); + }else { + that.error_box.html(that.form_auth_failed); that.error_box.css('display', 'block'); } }; diff --git a/install/ui/login.html b/install/ui/login.html index d88ee0eeb..9902466a7 100644 --- a/install/ui/login.html +++ b/install/ui/login.html @@ -21,12 +21,19 @@ <div id="formwindow"> <h2>Login</h2> - <div id="error-box" style="display:none"> + + <div id="invalid" class="error-box" style="display:none"> <p><strong>Please re-enter your username or password</strong></p> <p>The password or username you entered is incorrect. Please try again (make sure your caps lock is off).</p> <p>If the problem persists, contact your administrator.</p> </div> + <div id="expired" class="error-box" style="display:none"> + <p><strong>Password expired</strong></p> + <p>Please run kinit to reset the password and then try to login again.</p> + <p>If the problem persists, contact your administrator.</p> + </div> + <form id="login"> <ul> <li> diff --git a/install/ui/login.js b/install/ui/login.js index 68b16bce1..cd4e72d95 100644 --- a/install/ui/login.js +++ b/install/ui/login.js @@ -22,10 +22,23 @@ var LP = {}; //Login Page LP.login = function(username, password) { - var success = false; + var result = 'invalid'; function success_handler(data, text_status, xhr) { - success = true; + result = 'success'; + } + + function error_handler(xhr, text_status, error_thrown) { + + if (xhr.status === 401) { + var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason"); + + //change result from invalid only if we have a header which we + //understand + if (reason === 'password-expired') { + result = 'expired'; + } + } } var data = { @@ -36,14 +49,18 @@ LP.login = function(username, password) { var request = { url: '/ipa/session/login_password', data: data, + contentType: 'application/x-www-form-urlencoded', + processData: true, + dataType: 'html', async: false, - type: "POST", - success: success_handler + type: 'POST', + success: success_handler, + error: error_handler }; $.ajax(request); - return success; + return result; }; LP.on_submit = function() { @@ -51,10 +68,14 @@ LP.on_submit = function() { var username = $('input[name=username]', LP.form).val(); var password = $('input[name=password]', LP.form).val(); - var success = LP.login(username, password); + var result = LP.login(username, password); - if (!success) { - $('#error-box').css('display', 'block'); + if (result === 'invalid') { + $('#expired').css('display', 'none'); + $('#invalid').css('display', 'block'); + } else if (result === 'expired') { + $('#invalid').css('display', 'none'); + $('#expired').css('display', 'block'); } else { window.location = '/ipa/ui'; } @@ -73,4 +94,4 @@ LP.init = function() { /* main (document onready event handler) */ $(function() { LP.init(); -});
\ No newline at end of file +}); |