added graphical hint if password does not match policy
This commit is contained in:
Roland Gruber
parent
fba01c0ada
commit
662bd53e91
|
|
@ -2,6 +2,7 @@ June 2014 4.6
|
|||
- Unix groups: allow to disable membership management
|
||||
- Extended LAM's internal password policies
|
||||
- Lamdaemon: move home directory on server if changed
|
||||
- Password policy check during typing
|
||||
- LAM Pro:
|
||||
-> Password self reset and user self registration support to set a header text
|
||||
-> Sudo roles: support latest schema
|
||||
|
|
|
|||
|
|
@ -420,6 +420,8 @@ class htmlInputField extends htmlElement {
|
|||
protected $onKeyPress = null;
|
||||
/** password field */
|
||||
protected $isPassword = false;
|
||||
/** check password strength */
|
||||
protected $checkPasswordStrength = false;
|
||||
/** enabled or disabled */
|
||||
protected $isEnabled = true;
|
||||
/** indicates that the value should be saved in obfuscated form */
|
||||
|
|
@ -588,6 +590,19 @@ class htmlInputField extends htmlElement {
|
|||
</script>
|
||||
';
|
||||
}
|
||||
if ($this->checkPasswordStrength) {
|
||||
$ajaxPath = "../templates/misc/ajax.php";
|
||||
if (is_file("../../templates/misc/ajax.php")) {
|
||||
$ajaxPath = "../../templates/misc/ajax.php";
|
||||
}
|
||||
elseif (is_file("../../../templates/misc/ajax.php")) {
|
||||
$ajaxPath = "../../../templates/misc/ajax.php";
|
||||
}
|
||||
echo '<script type="text/javascript">
|
||||
checkPasswordStrength("' . $this->fieldName . '", "' . $ajaxPath . '");
|
||||
</script>
|
||||
';
|
||||
}
|
||||
if ($this->transient) {
|
||||
return array();
|
||||
}
|
||||
|
|
@ -621,9 +636,11 @@ class htmlInputField extends htmlElement {
|
|||
* Specifies if this is a password field.
|
||||
*
|
||||
* @param boolean $isPassword password field
|
||||
* @param boolean $checkStrength check if matches password policy (default: false)
|
||||
*/
|
||||
public function setIsPassword($isPassword) {
|
||||
public function setIsPassword($isPassword, $checkStrength = false) {
|
||||
$this->isPassword = $isPassword;
|
||||
$this->checkPasswordStrength = $checkStrength;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1042,7 +1042,7 @@ class accountContainer {
|
|||
// password fields
|
||||
$container->addElement(new htmlOutputText(_('Password')));
|
||||
$pwdInput1 = new htmlInputField('newPassword1');
|
||||
$pwdInput1->setIsPassword(true);
|
||||
$pwdInput1->setIsPassword(true, true);
|
||||
$container->addElement($pwdInput1);
|
||||
$container->addElement(new htmlHelpLink('404'), true);
|
||||
$container->addElement(new htmlOutputText(_('Repeat password')));
|
||||
|
|
|
|||
|
|
@ -2528,7 +2528,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$pwdTable = new htmlTable();
|
||||
$pwdTable->colspan = 3;
|
||||
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password');
|
||||
$pwd1->setIsPassword(true);
|
||||
$pwd1->setIsPassword(true, true);
|
||||
$pwdTable->addElement($pwd1, true);
|
||||
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'posixAccount_password2');
|
||||
$pwd2->setIsPassword(true);
|
||||
|
|
|
|||
|
|
@ -2263,7 +2263,7 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
$pwdTable = new htmlTable();
|
||||
$pwdTable->colspan = 3;
|
||||
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'sambaSamAccount_password');
|
||||
$pwd1->setIsPassword(true);
|
||||
$pwd1->setIsPassword(true, true);
|
||||
$pwdTable->addElement($pwd1, true);
|
||||
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'sambaSamAccount_password2');
|
||||
$pwd2->setIsPassword(true);
|
||||
|
|
|
|||
|
|
@ -1709,7 +1709,7 @@ class windowsUser extends baseModule implements passwordService {
|
|||
$pwdTable = new htmlTable();
|
||||
$pwdTable->colspan = 3;
|
||||
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('unicodePwd', _('New password')), 'windowsUser_unicodePwd');
|
||||
$pwd1->setIsPassword(true);
|
||||
$pwd1->setIsPassword(true, true);
|
||||
$pwdTable->addElement($pwd1, true);
|
||||
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'windowsUser_unicodePwd2');
|
||||
$pwd2->setIsPassword(true);
|
||||
|
|
|
|||
|
|
@ -526,3 +526,49 @@ function checkFieldsHaveSameValues(fieldID, fieldIDReference) {
|
|||
jQuery(field).keyup(check);
|
||||
jQuery(fieldRef).keyup(check);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the value of the given password field matches LAM's password policy.
|
||||
* Field is marked red if fail and green if ok.
|
||||
*
|
||||
* @param fieldID ID of field to check
|
||||
*/
|
||||
function checkPasswordStrength(fieldID, ajaxURL) {
|
||||
var field = jQuery('#' + fieldID);
|
||||
var check =
|
||||
function() {
|
||||
var value = field.val();
|
||||
var pwdJSON = {
|
||||
"password": value
|
||||
};
|
||||
// make AJAX call
|
||||
jQuery.post(ajaxURL + "?function=passwordStrengthCheck", {jsonInput: pwdJSON}, function(data) {checkPasswordStrengthHandleReply(data, fieldID);}, 'json');
|
||||
};
|
||||
jQuery(field).keyup(check);
|
||||
}
|
||||
|
||||
/**
|
||||
* Manages the server reply to a password strength check request.
|
||||
*
|
||||
* @param data JSON reply
|
||||
* @param fieldID input field ID
|
||||
*/
|
||||
function checkPasswordStrengthHandleReply(data, fieldID) {
|
||||
var field = jQuery('#' + fieldID);
|
||||
if (data.result == true) {
|
||||
field.removeClass('markFail');
|
||||
field.addClass('markOk');
|
||||
field.prop('title', '');
|
||||
}
|
||||
else if (field.val() == '') {
|
||||
field.removeClass('markFail');
|
||||
field.removeClass('markOk');
|
||||
}
|
||||
else {
|
||||
field.addClass('markFail');
|
||||
field.removeClass('markOk');
|
||||
field.prop('title', data.result);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2011 - 2013 Roland Gruber
|
||||
Copyright (C) 2011 - 2014 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -38,7 +38,7 @@ if (isset($_GET['selfservice'])) {
|
|||
}
|
||||
|
||||
// return standard JSON response if session expired
|
||||
if (startSecureSession(false) === false) {
|
||||
if (startSecureSession(false, true) === false) {
|
||||
echo json_encode(array(
|
||||
'sessionExpired' => "true"
|
||||
));
|
||||
|
|
@ -81,6 +81,9 @@ class lamAjax {
|
|||
if ($function == 'passwordChange') {
|
||||
lamAjax::managePasswordChange($jsonInput);
|
||||
}
|
||||
elseif ($function == 'passwordStrengthCheck') {
|
||||
lamAjax::checkPasswordStrength($jsonInput);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -93,6 +96,17 @@ class lamAjax {
|
|||
echo json_encode($return);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a password is accepted by LAM's password policy.
|
||||
*
|
||||
* @param array $input input parameters
|
||||
*/
|
||||
public static function checkPasswordStrength($input) {
|
||||
$password = $input['password'];
|
||||
$result = checkPasswordStrength($password, null, null);
|
||||
echo json_encode(array("result" => $result));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue