diff options
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/account/prefs/mfa.html.tmpl | 72 | ||||
-rw-r--r-- | template/en/default/admin/params/auth.html.tmpl | 28 | ||||
-rw-r--r-- | template/en/default/admin/users/userdata.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/mfa/dummy/verify.html.tmpl | 28 | ||||
-rw-r--r-- | template/en/default/mfa/duo/verify.html.tmpl | 95 | ||||
-rw-r--r-- | template/en/default/mfa/totp/enroll.html.tmpl | 2 |
7 files changed, 209 insertions, 20 deletions
diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl index df272f7d3..2d80520a1 100644 --- a/template/en/default/account/prefs/mfa.html.tmpl +++ b/template/en/default/account/prefs/mfa.html.tmpl @@ -40,11 +40,12 @@ Two-factor authentication is currently <b>enabled</b> using <b>[% SWITCH user.mfa %] [% CASE "TOTP" %]TOTP + [% CASE "Duo" %]Duo Security [% END %]</b>. </p> <input type="hidden" name="mfa_action" id="mfa-action" value="disable"> - <div id="mfa-buttons"> + <div class="mfa-buttons"> <div> <button type="button" id="mfa-disable">Disable Two-factor Authentication</button> [% INCLUDE "mfa/protected.html.tmpl" %] @@ -92,15 +93,26 @@ <div id="mfa-auth-container" style="display:none"> <p> - <label class="mfa-totp">Current Password:</label> + <label>Current Password:</label> <input type="password" name="password" id="mfa-password" required> </p> + [%# disable/recovery - totp %] [% IF user.mfa == "TOTP" %] - <label class="mfa-totp">Code:</label> + + <label>Code:</label> <input type="text" name="code" placeholder="123456" maxlength="9" pattern="\d{6,9}" size="10" - autocomplete="off" required autofocus> + autocomplete="off" required> + + [%# disable/recovery - duo %] + [% ELSIF user.mfa == "Duo" %] + + <p> + <img src="images/duo.png" id="duo-logo" width="32" height="32"> + Verification with Duo Security will be performed before your account is updated. + </p> + [% END %] </div> @@ -111,23 +123,39 @@ <input type="hidden" name="mfa_action" id="mfa-action" value="enable"> <input type="hidden" name="mfa" id="mfa"> - <div id="mfa-select"> + <div id="mfa-select" class="mfa-buttons"> <p> Select the two-factor system you want to use: </p> - <button type="button" id="mfa-select-totp">Time-based One-Time Password (TOTP)</button> - </div> - [%# TOTP %] - <div id="mfa-enable-totp" class="mfa-provider" style="display:none"> + <button type="button" id="mfa-select-totp">Time-based One-Time Password (TOTP)</button><br> + <blockquote> + Requires a smartphone and a TOTP app (such as + <a href="https://support.google.com/accounts/answer/1066447" target="_blank">Google Authenticator</a> + or <a href="https://fedorahosted.org/freeotp/" target="_blank">Red Hat FreeOTP</a>). + </blockquote> + + [% IF Param("duo_host") && user.in_group("mozilla-employee-confidential") %] + <button type="button" id="mfa-select-duo">Duo Security</button><br> + <blockquote> + Requires a smartphone and a <a href="https://www.duosecurity.com/" target="_blank">Duo Security</a> + account (recommended for Mozilla employees). + </blockquote> + [% END %] + </div> + <div id="mfa-enable-shared" style="display:none"> <p> Your current password is required to enable two-factor authentication. </p> <p> - <label class="mfa-totp">Current Password:</label> + <label>Current Password:</label> <input type="password" name="password" id="mfa-password" required> </p> + </div> + + [%# enable - TOTP %] + <div id="mfa-enable-totp" style="display:none"> <div id="mfa-totp-throbber"> Generating new QR code.. <img src="skins/standard/throbber.gif" width="16" height="11"> @@ -139,10 +167,10 @@ Scan this QR code with your <a href="#" id="mfa-totp-apps">TOTP App</a>, then enter the six digit code the app generates.<br> <br> - <label class="mfa-totp">Code:</label> + <label>Code:</label> <input type="text" name="code" id="mfa-totp-enable-code" placeholder="123456" maxlength="6" pattern="\d{6}" size="10" - autocomplete="off" required autofocus> + autocomplete="off"> </div> </div> @@ -174,6 +202,26 @@ </div> + [%# enable - duo %] + <div id="mfa-enable-duo" style="display:none"> + + <p> + <label>Duo Username:</label> + <input type="text" name="username" id="mfa-duo-user"> + </p> + + <p> + <img src="images/duo.png" id="duo-logo" width="32" height="32"> + Verification with Duo Security will be performed before your account is updated.<br> + + [% IF user.in_group("mozilla-employee-confidential") %] + You must <a href="https://login.mozilla.com/duo_enrollments/" target="_blank"> + sign up for Duo Security via login.mozilla.com</a> before you can use Duo 2FA. + [% END %] + </p> + + </div> + [% END %] <div id="mfa-confirm" style="display:none"> diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl index fea4239b3..a6cb8d3b1 100644 --- a/template/en/default/admin/params/auth.html.tmpl +++ b/template/en/default/admin/params/auth.html.tmpl @@ -142,16 +142,34 @@ "<li>letters_numbers - Passwords must contain at least one UPPER and one " _ "lower case letter and a number.</li>" _ "<li>letters_numbers_specialchars - Passwords must contain at least one " _ - "UPPER or one lower case letter, a number and a special character.</li></ul>" - }, + "UPPER or one lower case letter, a number and a special character.</li></ul>", password_check_on_login => "If set, $terms.Bugzilla will check that the password meets the current " _ "complexity rules and minimum length requirements when the user logs " _ "into the $terms.Bugzilla web interface. If it doesn't, the user would " _ - "not be able to log in, and recieve a message to reset their password." + "not be able to log in, and recieve a message to reset their password.", - auth_delegation => + auth_delegation => "If set, $terms.Bugzilla will allow third party applications " _ - "to request API keys for users." + "to request API keys for users.", + + duo_host => + "The 'API hostname' for Duo 2FA. This value is provided by your " _ + "Duo Security administrator. Set this to a blank value to disable" _ + "Duo 2FA.", + + duo_akey => + "The 'integration secret key' for Duo 2FA. This is automatically " _ + "generated by checksetup.pl.", + + duo_ikey => + "The 'integration key' for Duo 2FA. This value is provided by your " _ + "Duo Security administrator.", + + duo_skey => + "The 'secret key' for Duo 2FA. This value is provided by your " _ + "Duo Security administrator.", + + }, %] diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl index 72fe4349c..a455ef84b 100644 --- a/template/en/default/admin/users/userdata.html.tmpl +++ b/template/en/default/admin/users/userdata.html.tmpl @@ -133,6 +133,8 @@ [% SWITCH otheruser.mfa %] [% CASE "TOTP" %] <option value="TOTP" selected>Enabled - TOTP</option> + [% CASE "Duo" %] + <option value="Duo" selected>Enabled - Duo Security</option> [% END %] </select> [% ELSE %] diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 7a3a536cd..66573ecb1 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1212,7 +1212,7 @@ <br> Please log in using your username and password. - [% ELSIF error == "mfa_totp_bad_code" %] + [% ELSIF error == "mfa_bad_code" %] Invalid verification code. [% ELSIF error == "mfa_totp_bad_enrolment_code" %] diff --git a/template/en/default/mfa/dummy/verify.html.tmpl b/template/en/default/mfa/dummy/verify.html.tmpl new file mode 100644 index 000000000..9b9501e66 --- /dev/null +++ b/template/en/default/mfa/dummy/verify.html.tmpl @@ -0,0 +1,28 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% + INCLUDE global/header.html.tmpl + title = "Account Verification" +%] + +<h1>Account Verification</h1> + +<p> + <b>[% reason FILTER html %]</b> requires verification, and your configured + two-factor provider is no longer available. +</p> + +<form method="POST" id="duo_form" action="[% postback.action FILTER none %]"> + [% FOREACH field IN postback.fields.keys %] + <input type="hidden" name="[% field FILTER html %]" value="[% postback.fields.item(field) FILTER html %]"> + [% END %] + <input type="submit" value="Verify"> +</form> + +[% INCLUDE global/footer.html.tmpl %] diff --git a/template/en/default/mfa/duo/verify.html.tmpl b/template/en/default/mfa/duo/verify.html.tmpl new file mode 100644 index 000000000..627b82039 --- /dev/null +++ b/template/en/default/mfa/duo/verify.html.tmpl @@ -0,0 +1,95 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% is_enrolment = action == "enable" %] + +[% js = BLOCK %] +$(function() { + + $('#recovery-toggle') + .click(function(event) { + event.preventDefault(); + + if ($('#duo_container').is(':visible')) { + $('#duo_container').hide(); + $('#recovery').show(); + $('#code').attr('required', true).focus(); + $('#recovery-submit').attr('disabled', false); + $(this).text('Verify using Duo Security'); + } + else { + $('#duo_container').show(); + $('#recovery').hide(); + $('#code').attr('required', false); + $('#recovery-submit').attr('disabled', true); + $(this).text('Verify using a recovery code'); + } + }); + +}); +[% END %] + +[% css = BLOCK %] + + #duo_container { + background: #fff url(skins/standard/throbber.gif) 10px 10px no-repeat; + width: 620px; + height: 330px; + border: 1px solid #000; + } + +[% END %] + +[% + INCLUDE global/header.html.tmpl + title = "Account Verification" + javascript_urls = ['js/duo-min.js'] + javascript = js + style = css +%] + +<h1>Account Verification</h1> + +<p> + <b>[% reason FILTER html %]</b> requires verification.<br> + [% UNLESS is_enrolment %] + <a href="#" id="recovery-toggle">Verify using a recovery code</a>. + [% END %] +</p> + +<div id="duo_container"> + <iframe id="duo_iframe" width="620" height="330" frameborder="0"></iframe> +</div> + +<form method="POST" id="duo_form" action="[% postback.action FILTER none %]"> + [% FOREACH field IN postback.fields.keys %] + <input type="hidden" name="[% field FILTER html %]" value="[% postback.fields.item(field) FILTER html %]"> + [% END %] + [% UNLESS is_enrolment %] + <div id="recovery" style="display:none"> + <p> + Provide a two-factor recovery code: + </p> + <input type="text" name="code" id="code" + placeholder="123456789" maxlength="9" pattern="\d{9}" size="10" + autocomplete="off"><br> + <br> + <input type="submit" value="Submit" id="recovery-submit" disabled> + </div> + [% END %] +</form> + +<script> + Duo.init({ + 'host': '[% Param('duo_host') FILTER js %]', + 'sig_request': '[% sig_request FILTER js %]', + 'post_action': '[% postback.action FILTER js %]' + }); +</script> + +[% INCLUDE global/footer.html.tmpl %] diff --git a/template/en/default/mfa/totp/enroll.html.tmpl b/template/en/default/mfa/totp/enroll.html.tmpl index 63fc74698..fda7689a5 100644 --- a/template/en/default/mfa/totp/enroll.html.tmpl +++ b/template/en/default/mfa/totp/enroll.html.tmpl @@ -7,7 +7,6 @@ #%] [% js = BLOCK %] - $(function() { $('#show-text') @@ -25,7 +24,6 @@ $(function() { }); }); - [% END %] [% css = BLOCK %] |