added graphical hint if password does not match policy

This commit is contained in:
Roland Gruber 2014-05-25 17:29:19 +00:00
parent fba01c0ada
commit 662bd53e91
8 changed files with 87 additions and 9 deletions

View File

@ -2,6 +2,7 @@ June 2014 4.6
- Unix groups: allow to disable membership management
- Extended LAM's internal password policies
- Lamdaemon: move home directory on server if changed
- Password policy check during typing
- LAM Pro:
-> Password self reset and user self registration support to set a header text
-> Sudo roles: support latest schema

View File

@ -420,6 +420,8 @@ class htmlInputField extends htmlElement {
protected $onKeyPress = null;
/** password field */
protected $isPassword = false;
/** check password strength */
protected $checkPasswordStrength = false;
/** enabled or disabled */
protected $isEnabled = true;
/** indicates that the value should be saved in obfuscated form */
@ -588,6 +590,19 @@ class htmlInputField extends htmlElement {
</script>
';
}
if ($this->checkPasswordStrength) {
$ajaxPath = "../templates/misc/ajax.php";
if (is_file("../../templates/misc/ajax.php")) {
$ajaxPath = "../../templates/misc/ajax.php";
}
elseif (is_file("../../../templates/misc/ajax.php")) {
$ajaxPath = "../../../templates/misc/ajax.php";
}
echo '<script type="text/javascript">
checkPasswordStrength("' . $this->fieldName . '", "' . $ajaxPath . '");
</script>
';
}
if ($this->transient) {
return array();
}
@ -621,9 +636,11 @@ class htmlInputField extends htmlElement {
* Specifies if this is a password field.
*
* @param boolean $isPassword password field
* @param boolean $checkStrength check if matches password policy (default: false)
*/
public function setIsPassword($isPassword) {
public function setIsPassword($isPassword, $checkStrength = false) {
$this->isPassword = $isPassword;
$this->checkPasswordStrength = $checkStrength;
}
/**

View File

@ -1042,7 +1042,7 @@ class accountContainer {
// password fields
$container->addElement(new htmlOutputText(_('Password')));
$pwdInput1 = new htmlInputField('newPassword1');
$pwdInput1->setIsPassword(true);
$pwdInput1->setIsPassword(true, true);
$container->addElement($pwdInput1);
$container->addElement(new htmlHelpLink('404'), true);
$container->addElement(new htmlOutputText(_('Repeat password')));

View File

@ -2528,7 +2528,7 @@ class posixAccount extends baseModule implements passwordService {
$pwdTable = new htmlTable();
$pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'posixAccount_password');
$pwd1->setIsPassword(true);
$pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'posixAccount_password2');
$pwd2->setIsPassword(true);

View File

@ -2263,7 +2263,7 @@ class sambaSamAccount extends baseModule implements passwordService {
$pwdTable = new htmlTable();
$pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('password', _('New password')), 'sambaSamAccount_password');
$pwd1->setIsPassword(true);
$pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'sambaSamAccount_password2');
$pwd2->setIsPassword(true);

View File

@ -1709,7 +1709,7 @@ class windowsUser extends baseModule implements passwordService {
$pwdTable = new htmlTable();
$pwdTable->colspan = 3;
$pwd1 = new htmlTableExtendedInputField($this->getSelfServiceLabel('unicodePwd', _('New password')), 'windowsUser_unicodePwd');
$pwd1->setIsPassword(true);
$pwd1->setIsPassword(true, true);
$pwdTable->addElement($pwd1, true);
$pwd2 = new htmlTableExtendedInputField(_('Reenter password'), 'windowsUser_unicodePwd2');
$pwd2->setIsPassword(true);

View File

@ -526,3 +526,49 @@ function checkFieldsHaveSameValues(fieldID, fieldIDReference) {
jQuery(field).keyup(check);
jQuery(fieldRef).keyup(check);
}
/**
* Checks if the value of the given password field matches LAM's password policy.
* Field is marked red if fail and green if ok.
*
* @param fieldID ID of field to check
*/
function checkPasswordStrength(fieldID, ajaxURL) {
var field = jQuery('#' + fieldID);
var check =
function() {
var value = field.val();
var pwdJSON = {
"password": value
};
// make AJAX call
jQuery.post(ajaxURL + "?function=passwordStrengthCheck", {jsonInput: pwdJSON}, function(data) {checkPasswordStrengthHandleReply(data, fieldID);}, 'json');
};
jQuery(field).keyup(check);
}
/**
* Manages the server reply to a password strength check request.
*
* @param data JSON reply
* @param fieldID input field ID
*/
function checkPasswordStrengthHandleReply(data, fieldID) {
var field = jQuery('#' + fieldID);
if (data.result == true) {
field.removeClass('markFail');
field.addClass('markOk');
field.prop('title', '');
}
else if (field.val() == '') {
field.removeClass('markFail');
field.removeClass('markOk');
}
else {
field.addClass('markFail');
field.removeClass('markOk');
field.prop('title', data.result);
}
}

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2011 - 2013 Roland Gruber
Copyright (C) 2011 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -38,7 +38,7 @@ if (isset($_GET['selfservice'])) {
}
// return standard JSON response if session expired
if (startSecureSession(false) === false) {
if (startSecureSession(false, true) === false) {
echo json_encode(array(
'sessionExpired' => "true"
));
@ -81,6 +81,9 @@ class lamAjax {
if ($function == 'passwordChange') {
lamAjax::managePasswordChange($jsonInput);
}
elseif ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
}
/**
@ -93,6 +96,17 @@ class lamAjax {
echo json_encode($return);
}
/**
* Checks if a password is accepted by LAM's password policy.
*
* @param array $input input parameters
*/
public static function checkPasswordStrength($input) {
$password = $input['password'];
$result = checkPasswordStrength($password, null, null);
echo json_encode(array("result" => $result));
}
}