added graphical hint if password does not match policy

This commit is contained in:
Roland Gruber 2014-05-25 17:29:19 +00:00
parent fba01c0ada
commit 662bd53e91
8 changed files with 87 additions and 9 deletions

View File

@ -2,6 +2,7 @@ June 2014 4.6
- Unix groups: allow to disable membership management - Unix groups: allow to disable membership management
- Extended LAM's internal password policies - Extended LAM's internal password policies
- Lamdaemon: move home directory on server if changed - Lamdaemon: move home directory on server if changed
- Password policy check during typing
- LAM Pro: - LAM Pro:
-> Password self reset and user self registration support to set a header text -> Password self reset and user self registration support to set a header text
-> Sudo roles: support latest schema -> Sudo roles: support latest schema

View File

@ -420,6 +420,8 @@ class htmlInputField extends htmlElement {
protected $onKeyPress = null; protected $onKeyPress = null;
/** password field */ /** password field */
protected $isPassword = false; protected $isPassword = false;
/** check password strength */
protected $checkPasswordStrength = false;
/** enabled or disabled */ /** enabled or disabled */
protected $isEnabled = true; protected $isEnabled = true;
/** indicates that the value should be saved in obfuscated form */ /** indicates that the value should be saved in obfuscated form */
@ -588,6 +590,19 @@ class htmlInputField extends htmlElement {
</script> </script>
'; ';
} }
if ($this->checkPasswordStrength) {
$ajaxPath = "../templates/misc/ajax.php";
if (is_file("../../templates/misc/ajax.php")) {
$ajaxPath = "../../templates/misc/ajax.php";
}
elseif (is_file("../../../templates/misc/ajax.php")) {
$ajaxPath = "../../../templates/misc/ajax.php";
}
echo '<script type="text/javascript">
checkPasswordStrength("' . $this->fieldName . '", "' . $ajaxPath . '");
</script>
';
}
if ($this->transient) { if ($this->transient) {
return array(); return array();
} }
@ -621,9 +636,11 @@ class htmlInputField extends htmlElement {
* Specifies if this is a password field. * Specifies if this is a password field.
* *
* @param boolean $isPassword password field * @param boolean $isPassword password field
* @param boolean $checkStrength check if matches password policy (default: false)
*/ */
public function setIsPassword($isPassword) { public function setIsPassword($isPassword, $checkStrength = false) {
$this->isPassword = $isPassword; $this->isPassword = $isPassword;
$this->checkPasswordStrength = $checkStrength;
} }
/** /**

View File

@ -1042,7 +1042,7 @@ class accountContainer {
// password fields // password fields
$container->addElement(new htmlOutputText(_('Password'))); $container->addElement(new htmlOutputText(_('Password')));
$pwdInput1 = new htmlInputField('newPassword1'); $pwdInput1 = new htmlInputField('newPassword1');
$pwdInput1->setIsPassword(true); $pwdInput1->setIsPassword(true, true);
$container->addElement($pwdInput1); $container->addElement($pwdInput1);
$container->addElement(new htmlHelpLink('404'), true); $container->addElement(new htmlHelpLink('404'), true);
$container->addElement(new htmlOutputText(_('Repeat password'))); $container->addElement(new htmlOutputText(_('Repeat password')));

View File

@ -2528,7 +2528,7 @@ class posixAccount extends baseModule implements passwordService {
$pwdTable = new htmlTable(); $pwdTable = new htmlTable();
$pwdTable->colspan = 3; $pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password'); $pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password');
$pwd1->setIsPassword(true); $pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true); $pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'posixAccount_password2'); $pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'posixAccount_password2');
$pwd2->setIsPassword(true); $pwd2->setIsPassword(true);

View File

@ -2263,7 +2263,7 @@ class sambaSamAccount extends baseModule implements passwordService {
$pwdTable = new htmlTable(); $pwdTable = new htmlTable();
$pwdTable->colspan = 3; $pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'sambaSamAccount_password'); $pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'sambaSamAccount_password');
$pwd1->setIsPassword(true); $pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true); $pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'sambaSamAccount_password2'); $pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'sambaSamAccount_password2');
$pwd2->setIsPassword(true); $pwd2->setIsPassword(true);

View File

@ -1709,7 +1709,7 @@ class windowsUser extends baseModule implements passwordService {
$pwdTable = new htmlTable(); $pwdTable = new htmlTable();
$pwdTable->colspan = 3; $pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('unicodePwd', _('New password')), 'windowsUser_unicodePwd'); $pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('unicodePwd', _('New password')), 'windowsUser_unicodePwd');
$pwd1->setIsPassword(true); $pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true); $pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'windowsUser_unicodePwd2'); $pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'windowsUser_unicodePwd2');
$pwd2->setIsPassword(true); $pwd2->setIsPassword(true);

View File

@ -526,3 +526,49 @@ function checkFieldsHaveSameValues(fieldID, fieldIDReference) {
jQuery(field).keyup(check); jQuery(field).keyup(check);
jQuery(fieldRef).keyup(check); jQuery(fieldRef).keyup(check);
} }
/**
* Checks if the value of the given password field matches LAM's password policy.
* Field is marked red if fail and green if ok.
*
* @param fieldID ID of field to check
*/
function checkPasswordStrength(fieldID, ajaxURL) {
var field = jQuery('#' + fieldID);
var check =
function() {
var value = field.val();
var pwdJSON = {
"password": value
};
// make AJAX call
jQuery.post(ajaxURL + "?function=passwordStrengthCheck", {jsonInput: pwdJSON}, function(data) {checkPasswordStrengthHandleReply(data, fieldID);}, 'json');
};
jQuery(field).keyup(check);
}
/**
* Manages the server reply to a password strength check request.
*
* @param data JSON reply
* @param fieldID input field ID
*/
function checkPasswordStrengthHandleReply(data, fieldID) {
var field = jQuery('#' + fieldID);
if (data.result == true) {
field.removeClass('markFail');
field.addClass('markOk');
field.prop('title', '');
}
else if (field.val() == '') {
field.removeClass('markFail');
field.removeClass('markOk');
}
else {
field.addClass('markFail');
field.removeClass('markOk');
field.prop('title', data.result);
}
}

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2011 - 2013 Roland Gruber Copyright (C) 2011 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -38,7 +38,7 @@ if (isset($_GET['selfservice'])) {
} }
// return standard JSON response if session expired // return standard JSON response if session expired
if (startSecureSession(false) === false) { if (startSecureSession(false, true) === false) {
echo json_encode(array( echo json_encode(array(
'sessionExpired' => "true" 'sessionExpired' => "true"
)); ));
@ -81,6 +81,9 @@ class lamAjax {
if ($function == 'passwordChange') { if ($function == 'passwordChange') {
lamAjax::managePasswordChange($jsonInput); lamAjax::managePasswordChange($jsonInput);
} }
elseif ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
} }
/** /**
@ -93,6 +96,17 @@ class lamAjax {
echo json_encode($return); echo json_encode($return);
} }
/**
* Checks if a password is accepted by LAM's password policy.
*
* @param array $input input parameters
*/
public static function checkPasswordStrength($input) {
$password = $input['password'];
$result = checkPasswordStrength($password, null, null);
echo json_encode(array("result" => $result));
}
} }