summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Vobornik <pvoborni@redhat.com>2012-04-16 12:22:34 +0200
committerRob Crittenden <rcritten@redhat.com>2012-04-16 21:53:56 -0400
commitc64bcafa137474cf31cd99e7cd6c28a00add85ff (patch)
treeb02bf5514d24d35f51d713ad453f1e8e60321dd2
parent7b515bddbcec2499fb765be311b3d093edcf6db2 (diff)
downloadfreeipa-c64bcafa137474cf31cd99e7cd6c28a00add85ff.tar.gz
freeipa-c64bcafa137474cf31cd99e7cd6c28a00add85ff.tar.xz
freeipa-c64bcafa137474cf31cd99e7cd6c28a00add85ff.zip
User is notified that password needs to be reset in forms-based login
Forms-based login procedure detects if 401 unauthorized response contains 'X-IPA-Rejection-Reason' http header with 'password-expired' value. If so it displays an error message that user needs to reset his password. https://fedorahosted.org/freeipa/ticket/2608
-rw-r--r--install/ui/ipa.js36
-rw-r--r--install/ui/login.html9
-rw-r--r--install/ui/login.js39
3 files changed, 67 insertions, 17 deletions
diff --git a/install/ui/ipa.js b/install/ui/ipa.js
index eeac03053..ed380d9cb 100644
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@@ -359,10 +359,23 @@ IPA.logout = function() {
IPA.login_password = function(username, password) {
- var success = false;
+ var result = 'invalid';
function success_handler(data, text_status, xhr) {
- success = true;
+ result = 'success';
+ }
+
+ function error_handler(xhr, text_status, error_thrown) {
+
+ if (xhr.status === 401) {
+ var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason");
+
+ //change result from invalid only if we have a header which we
+ //understand
+ if (reason === 'password-expired') {
+ result = 'expired';
+ }
+ }
}
var data = {
@@ -378,14 +391,15 @@ IPA.login_password = function(username, password) {
dataType: 'html',
async: false,
type: 'POST',
- success: success_handler
+ success: success_handler,
+ error: error_handler
};
IPA.display_activity_icon();
$.ajax(request);
IPA.hide_activity_icon();
- return success;
+ return result;
};
/**
@@ -1340,6 +1354,10 @@ IPA.unauthorized_dialog = function(spec) {
"Please try again (make sure your caps lock is off).</p>" +
"<p>If the problem persists, contact your administrator.</p>";
+ that.password_expired = "<p><strong>Password expired</strong></p>" +
+ "<p>Please run kinit to reset the password and then try to login again.</p>" +
+ "<p>If the problem persists, contact your administrator.</p>";
+
that.create = function() {
that.krb_message_contatiner = $('<div\>').appendTo(that.container);
@@ -1482,13 +1500,17 @@ IPA.unauthorized_dialog = function(spec) {
IPA.display_activity_icon();
- var success = IPA.login_password(record.username[0], record.password[0]);
+ var result = IPA.login_password(record.username[0], record.password[0]);
IPA.hide_activity_icon();
- if (success) {
+ if (result === 'success') {
that.on_login_success();
- } else {
+ } else if (result === 'expired') {
+ that.error_box.html(that.password_expired);
+ that.error_box.css('display', 'block');
+ }else {
+ that.error_box.html(that.form_auth_failed);
that.error_box.css('display', 'block');
}
};
diff --git a/install/ui/login.html b/install/ui/login.html
index d88ee0eeb..9902466a7 100644
--- a/install/ui/login.html
+++ b/install/ui/login.html
@@ -21,12 +21,19 @@
<div id="formwindow">
<h2>Login</h2>
- <div id="error-box" style="display:none">
+
+ <div id="invalid" class="error-box" style="display:none">
<p><strong>Please re-enter your username or password</strong></p>
<p>The password or username you entered is incorrect. Please try again (make sure your caps lock is off).</p>
<p>If the problem persists, contact your administrator.</p>
</div>
+ <div id="expired" class="error-box" style="display:none">
+ <p><strong>Password expired</strong></p>
+ <p>Please run kinit to reset the password and then try to login again.</p>
+ <p>If the problem persists, contact your administrator.</p>
+ </div>
+
<form id="login">
<ul>
<li>
diff --git a/install/ui/login.js b/install/ui/login.js
index 68b16bce1..cd4e72d95 100644
--- a/install/ui/login.js
+++ b/install/ui/login.js
@@ -22,10 +22,23 @@ var LP = {}; //Login Page
LP.login = function(username, password) {
- var success = false;
+ var result = 'invalid';
function success_handler(data, text_status, xhr) {
- success = true;
+ result = 'success';
+ }
+
+ function error_handler(xhr, text_status, error_thrown) {
+
+ if (xhr.status === 401) {
+ var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason");
+
+ //change result from invalid only if we have a header which we
+ //understand
+ if (reason === 'password-expired') {
+ result = 'expired';
+ }
+ }
}
var data = {
@@ -36,14 +49,18 @@ LP.login = function(username, password) {
var request = {
url: '/ipa/session/login_password',
data: data,
+ contentType: 'application/x-www-form-urlencoded',
+ processData: true,
+ dataType: 'html',
async: false,
- type: "POST",
- success: success_handler
+ type: 'POST',
+ success: success_handler,
+ error: error_handler
};
$.ajax(request);
- return success;
+ return result;
};
LP.on_submit = function() {
@@ -51,10 +68,14 @@ LP.on_submit = function() {
var username = $('input[name=username]', LP.form).val();
var password = $('input[name=password]', LP.form).val();
- var success = LP.login(username, password);
+ var result = LP.login(username, password);
- if (!success) {
- $('#error-box').css('display', 'block');
+ if (result === 'invalid') {
+ $('#expired').css('display', 'none');
+ $('#invalid').css('display', 'block');
+ } else if (result === 'expired') {
+ $('#invalid').css('display', 'none');
+ $('#expired').css('display', 'block');
} else {
window.location = '/ipa/ui';
}
@@ -73,4 +94,4 @@ LP.init = function() {
/* main (document onready event handler) */
$(function() {
LP.init();
-}); \ No newline at end of file
+});