diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2014-05-23 15:54:53 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2014-06-26 12:37:39 +0200 |
commit | f9adc5a5f3ed84ae23c4261f7316ad2e84952d68 (patch) | |
tree | 51e7d22c2ba89a7690e9e5a4365c44b941744073 | |
parent | 2df654223259ca336843f37a229838e125c874d6 (diff) | |
download | freeipa-f9adc5a5f3ed84ae23c4261f7316ad2e84952d68.tar.gz freeipa-f9adc5a5f3ed84ae23c4261f7316ad2e84952d68.tar.xz freeipa-f9adc5a5f3ed84ae23c4261f7316ad2e84952d68.zip |
webui: support password change with OTP in login screen
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
-rw-r--r-- | install/ui/src/freeipa/ipa.js | 6 | ||||
-rw-r--r-- | install/ui/src/freeipa/widgets/LoginScreen.js | 51 |
2 files changed, 49 insertions, 8 deletions
diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js index 8a1ebaed7..66d92b6e0 100644 --- a/install/ui/src/freeipa/ipa.js +++ b/install/ui/src/freeipa/ipa.js @@ -516,7 +516,7 @@ IPA.login_password = function(username, password) { * @return {string} result.status * @return {string} result.message */ -IPA.reset_password = function(username, old_password, new_password) { +IPA.reset_password = function(username, old_password, new_password, otp) { //possible results: 'ok', 'invalid-password', 'policy-error' @@ -553,6 +553,10 @@ IPA.reset_password = function(username, old_password, new_password) { new_password: new_password }; + if (otp) { + data.otp = otp; + } + request = { url: '/ipa/session/change_password', data: data, diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 349a3da1d..701c88cf1 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -78,6 +78,8 @@ define(['dojo/_base/declare', password_expired: "Your password has expired. Please enter a new password.", + password_change_complete: "Password change complete", + denied: "Sorry you are not allowed to access this service.", caps_warning_msg: "Warning: CAPS LOCK key is on", @@ -417,23 +419,36 @@ define(['dojo/_base/declare', if (!this.validate()) return; var psw_f = this.get_field('password'); + var psw_f2 = this.get_field('current_password'); + var otp_f = this.get_field('otp'); var new_f = this.get_field('new_password'); var ver_f = this.get_field('verify_password'); var username_f = this.get_field('username'); + var psw = psw_f2.get_value()[0] || psw_f.get_value()[0]; + var otp = otp_f.get_value()[0]; + var result = IPA.reset_password( username_f.get_value()[0], - psw_f.get_value()[0], - new_f.get_value()[0]); + psw, + new_f.get_value()[0], + otp); if (result.status === 'ok') { - psw_f.set_value(new_f.get_value()); - this.login(); + val_summary.add_success('login', this.password_change_complete); + psw_f.set_value(''); + psw_f2.set_value(''); + // do not login if otp is used because it will fail (reuse of OTP) + if (!otp) { + psw_f.set_value(new_f.get_value()); + this.login(); + } this.set('view', 'login'); } else { val_summary.add_error('login', result.message); } + otp_f.set_value(''); new_f.set_value(''); ver_f.set_value(''); }, @@ -456,7 +471,12 @@ define(['dojo/_base/declare', } if (this.password_enabled()) { this.use_fields(['username', 'password']); - this.get_widget('username').focus_input(); + var username_f = this.get_field('username'); + if (username_f.get_value()[0]) { + this.get_widget('password').focus_input(); + } else { + this.get_widget('username').focus_input(); + } } else { this.use_fields([]); this.login_btn_node.focus(); @@ -469,14 +489,14 @@ define(['dojo/_base/declare', if (this.buttons_node) { construct.place(this.reset_btn_node, this.buttons_node); } - this.use_fields(['username_r', 'new_password', 'verify_password']); + this.use_fields(['username_r', 'current_password', 'otp', 'new_password', 'verify_password']); var val_summary = this.get_widget('validation'); var u_f = this.fields.get('username'); var u_r_f = this.fields.get('username_r'); u_r_f.set_value(u_f.get_value()); - this.get_widget('new_password').focus_input(); + this.get_widget('current_password').focus_input(); }, use_fields: function(names) { @@ -536,6 +556,9 @@ define(['dojo/_base/declare', this.kerberos_msg = this.kerberos_msg.replace('${host}', window.location.hostname); + this.password_change_complete = text.get(spec.password_change_complete || + '@i18n:password.password_change_complete', this.password_change_complete); + this.krb_auth_failed = text.get(spec.krb_auth_failed, this.krb_auth_failed); } }); @@ -563,6 +586,20 @@ define(['dojo/_base/declare', undo: false }, { + name: 'current_password', + $type: 'password', + label: text.get('@i18n:login.current_password', "Current Password"), + show_errors: false, + undo: false + }, + { + name: 'otp', + $type: 'password', + label: text.get('@i18n:login.current_password', "OTP"), + show_errors: false, + undo: false + }, + { name: 'new_password', $type: 'password', required: true, |