summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
Diffstat (limited to 'template')
-rw-r--r--template/en/default/account/prefs/mfa.html.tmpl72
-rw-r--r--template/en/default/admin/params/auth.html.tmpl28
-rw-r--r--template/en/default/admin/users/userdata.html.tmpl2
-rw-r--r--template/en/default/global/user-error.html.tmpl2
-rw-r--r--template/en/default/mfa/dummy/verify.html.tmpl28
-rw-r--r--template/en/default/mfa/duo/verify.html.tmpl95
-rw-r--r--template/en/default/mfa/totp/enroll.html.tmpl2
7 files changed, 209 insertions, 20 deletions
diff --git a/template/en/default/account/prefs/mfa.html.tmpl b/template/en/default/account/prefs/mfa.html.tmpl
index df272f7d3..2d80520a1 100644
--- a/template/en/default/account/prefs/mfa.html.tmpl
+++ b/template/en/default/account/prefs/mfa.html.tmpl
@@ -40,11 +40,12 @@
Two-factor authentication is currently <b>enabled</b> using
<b>[% SWITCH user.mfa %]
[% CASE "TOTP" %]TOTP
+ [% CASE "Duo" %]Duo Security
[% END %]</b>.
</p>
<input type="hidden" name="mfa_action" id="mfa-action" value="disable">
- <div id="mfa-buttons">
+ <div class="mfa-buttons">
<div>
<button type="button" id="mfa-disable">Disable Two-factor Authentication</button>
[% INCLUDE "mfa/protected.html.tmpl" %]
@@ -92,15 +93,26 @@
<div id="mfa-auth-container" style="display:none">
<p>
- <label class="mfa-totp">Current Password:</label>
+ <label>Current Password:</label>
<input type="password" name="password" id="mfa-password" required>
</p>
+ [%# disable/recovery - totp %]
[% IF user.mfa == "TOTP" %]
- <label class="mfa-totp">Code:</label>
+
+ <label>Code:</label>
<input type="text" name="code"
placeholder="123456" maxlength="9" pattern="\d{6,9}" size="10"
- autocomplete="off" required autofocus>
+ autocomplete="off" required>
+
+ [%# disable/recovery - duo %]
+ [% ELSIF user.mfa == "Duo" %]
+
+ <p>
+ <img src="images/duo.png" id="duo-logo" width="32" height="32">
+ Verification with Duo Security will be performed before your account is updated.
+ </p>
+
[% END %]
</div>
@@ -111,23 +123,39 @@
<input type="hidden" name="mfa_action" id="mfa-action" value="enable">
<input type="hidden" name="mfa" id="mfa">
- <div id="mfa-select">
+ <div id="mfa-select" class="mfa-buttons">
<p>
Select the two-factor system you want to use:
</p>
- <button type="button" id="mfa-select-totp">Time-based One-Time Password (TOTP)</button>
- </div>
- [%# TOTP %]
- <div id="mfa-enable-totp" class="mfa-provider" style="display:none">
+ <button type="button" id="mfa-select-totp">Time-based One-Time Password (TOTP)</button><br>
+ <blockquote>
+ Requires a smartphone and a TOTP app (such as
+ <a href="https://support.google.com/accounts/answer/1066447" target="_blank">Google Authenticator</a>
+ or <a href="https://fedorahosted.org/freeotp/" target="_blank">Red Hat FreeOTP</a>).
+ </blockquote>
+
+ [% IF Param("duo_host") && user.in_group("mozilla-employee-confidential") %]
+ <button type="button" id="mfa-select-duo">Duo Security</button><br>
+ <blockquote>
+ Requires a smartphone and a <a href="https://www.duosecurity.com/" target="_blank">Duo Security</a>
+ account (recommended for Mozilla employees).
+ </blockquote>
+ [% END %]
+ </div>
+ <div id="mfa-enable-shared" style="display:none">
<p>
Your current password is required to enable two-factor authentication.
</p>
<p>
- <label class="mfa-totp">Current Password:</label>
+ <label>Current Password:</label>
<input type="password" name="password" id="mfa-password" required>
</p>
+ </div>
+
+ [%# enable - TOTP %]
+ <div id="mfa-enable-totp" style="display:none">
<div id="mfa-totp-throbber">
Generating new QR code.. <img src="skins/standard/throbber.gif" width="16" height="11">
@@ -139,10 +167,10 @@
Scan this QR code with your <a href="#" id="mfa-totp-apps">TOTP App</a>,
then enter the six digit code the app generates.<br>
<br>
- <label class="mfa-totp">Code:</label>
+ <label>Code:</label>
<input type="text" name="code" id="mfa-totp-enable-code"
placeholder="123456" maxlength="6" pattern="\d{6}" size="10"
- autocomplete="off" required autofocus>
+ autocomplete="off">
</div>
</div>
@@ -174,6 +202,26 @@
</div>
+ [%# enable - duo %]
+ <div id="mfa-enable-duo" style="display:none">
+
+ <p>
+ <label>Duo Username:</label>
+ <input type="text" name="username" id="mfa-duo-user">
+ </p>
+
+ <p>
+ <img src="images/duo.png" id="duo-logo" width="32" height="32">
+ Verification with Duo Security will be performed before your account is updated.<br>
+
+ [% IF user.in_group("mozilla-employee-confidential") %]
+ You must <a href="https://login.mozilla.com/duo_enrollments/" target="_blank">
+ sign up for Duo Security via login.mozilla.com</a> before you can use Duo 2FA.
+ [% END %]
+ </p>
+
+ </div>
+
[% END %]
<div id="mfa-confirm" style="display:none">
diff --git a/template/en/default/admin/params/auth.html.tmpl b/template/en/default/admin/params/auth.html.tmpl
index fea4239b3..a6cb8d3b1 100644
--- a/template/en/default/admin/params/auth.html.tmpl
+++ b/template/en/default/admin/params/auth.html.tmpl
@@ -142,16 +142,34 @@
"<li>letters_numbers - Passwords must contain at least one UPPER and one " _
"lower case letter and a number.</li>" _
"<li>letters_numbers_specialchars - Passwords must contain at least one " _
- "UPPER or one lower case letter, a number and a special character.</li></ul>"
- },
+ "UPPER or one lower case letter, a number and a special character.</li></ul>",
password_check_on_login =>
"If set, $terms.Bugzilla will check that the password meets the current " _
"complexity rules and minimum length requirements when the user logs " _
"into the $terms.Bugzilla web interface. If it doesn't, the user would " _
- "not be able to log in, and recieve a message to reset their password."
+ "not be able to log in, and recieve a message to reset their password.",
- auth_delegation =>
+ auth_delegation =>
"If set, $terms.Bugzilla will allow third party applications " _
- "to request API keys for users."
+ "to request API keys for users.",
+
+ duo_host =>
+ "The 'API hostname' for Duo 2FA. This value is provided by your " _
+ "Duo Security administrator. Set this to a blank value to disable" _
+ "Duo 2FA.",
+
+ duo_akey =>
+ "The 'integration secret key' for Duo 2FA. This is automatically " _
+ "generated by checksetup.pl.",
+
+ duo_ikey =>
+ "The 'integration key' for Duo 2FA. This value is provided by your " _
+ "Duo Security administrator.",
+
+ duo_skey =>
+ "The 'secret key' for Duo 2FA. This value is provided by your " _
+ "Duo Security administrator.",
+
+ },
%]
diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl
index 72fe4349c..a455ef84b 100644
--- a/template/en/default/admin/users/userdata.html.tmpl
+++ b/template/en/default/admin/users/userdata.html.tmpl
@@ -133,6 +133,8 @@
[% SWITCH otheruser.mfa %]
[% CASE "TOTP" %]
<option value="TOTP" selected>Enabled - TOTP</option>
+ [% CASE "Duo" %]
+ <option value="Duo" selected>Enabled - Duo Security</option>
[% END %]
</select>
[% ELSE %]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 7a3a536cd..66573ecb1 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1212,7 +1212,7 @@
<br>
Please log in using your username and password.
- [% ELSIF error == "mfa_totp_bad_code" %]
+ [% ELSIF error == "mfa_bad_code" %]
Invalid verification code.
[% ELSIF error == "mfa_totp_bad_enrolment_code" %]
diff --git a/template/en/default/mfa/dummy/verify.html.tmpl b/template/en/default/mfa/dummy/verify.html.tmpl
new file mode 100644
index 000000000..9b9501e66
--- /dev/null
+++ b/template/en/default/mfa/dummy/verify.html.tmpl
@@ -0,0 +1,28 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[%
+ INCLUDE global/header.html.tmpl
+ title = "Account Verification"
+%]
+
+<h1>Account Verification</h1>
+
+<p>
+ <b>[% reason FILTER html %]</b> requires verification, and your configured
+ two-factor provider is no longer available.
+</p>
+
+<form method="POST" id="duo_form" action="[% postback.action FILTER none %]">
+ [% FOREACH field IN postback.fields.keys %]
+ <input type="hidden" name="[% field FILTER html %]" value="[% postback.fields.item(field) FILTER html %]">
+ [% END %]
+ <input type="submit" value="Verify">
+</form>
+
+[% INCLUDE global/footer.html.tmpl %]
diff --git a/template/en/default/mfa/duo/verify.html.tmpl b/template/en/default/mfa/duo/verify.html.tmpl
new file mode 100644
index 000000000..627b82039
--- /dev/null
+++ b/template/en/default/mfa/duo/verify.html.tmpl
@@ -0,0 +1,95 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[% is_enrolment = action == "enable" %]
+
+[% js = BLOCK %]
+$(function() {
+
+ $('#recovery-toggle')
+ .click(function(event) {
+ event.preventDefault();
+
+ if ($('#duo_container').is(':visible')) {
+ $('#duo_container').hide();
+ $('#recovery').show();
+ $('#code').attr('required', true).focus();
+ $('#recovery-submit').attr('disabled', false);
+ $(this).text('Verify using Duo Security');
+ }
+ else {
+ $('#duo_container').show();
+ $('#recovery').hide();
+ $('#code').attr('required', false);
+ $('#recovery-submit').attr('disabled', true);
+ $(this).text('Verify using a recovery code');
+ }
+ });
+
+});
+[% END %]
+
+[% css = BLOCK %]
+
+ #duo_container {
+ background: #fff url(skins/standard/throbber.gif) 10px 10px no-repeat;
+ width: 620px;
+ height: 330px;
+ border: 1px solid #000;
+ }
+
+[% END %]
+
+[%
+ INCLUDE global/header.html.tmpl
+ title = "Account Verification"
+ javascript_urls = ['js/duo-min.js']
+ javascript = js
+ style = css
+%]
+
+<h1>Account Verification</h1>
+
+<p>
+ <b>[% reason FILTER html %]</b> requires verification.<br>
+ [% UNLESS is_enrolment %]
+ <a href="#" id="recovery-toggle">Verify using a recovery code</a>.
+ [% END %]
+</p>
+
+<div id="duo_container">
+ <iframe id="duo_iframe" width="620" height="330" frameborder="0"></iframe>
+</div>
+
+<form method="POST" id="duo_form" action="[% postback.action FILTER none %]">
+ [% FOREACH field IN postback.fields.keys %]
+ <input type="hidden" name="[% field FILTER html %]" value="[% postback.fields.item(field) FILTER html %]">
+ [% END %]
+ [% UNLESS is_enrolment %]
+ <div id="recovery" style="display:none">
+ <p>
+ Provide a two-factor recovery code:
+ </p>
+ <input type="text" name="code" id="code"
+ placeholder="123456789" maxlength="9" pattern="\d{9}" size="10"
+ autocomplete="off"><br>
+ <br>
+ <input type="submit" value="Submit" id="recovery-submit" disabled>
+ </div>
+ [% END %]
+</form>
+
+<script>
+ Duo.init({
+ 'host': '[% Param('duo_host') FILTER js %]',
+ 'sig_request': '[% sig_request FILTER js %]',
+ 'post_action': '[% postback.action FILTER js %]'
+ });
+</script>
+
+[% INCLUDE global/footer.html.tmpl %]
diff --git a/template/en/default/mfa/totp/enroll.html.tmpl b/template/en/default/mfa/totp/enroll.html.tmpl
index 63fc74698..fda7689a5 100644
--- a/template/en/default/mfa/totp/enroll.html.tmpl
+++ b/template/en/default/mfa/totp/enroll.html.tmpl
@@ -7,7 +7,6 @@
#%]
[% js = BLOCK %]
-
$(function() {
$('#show-text')
@@ -25,7 +24,6 @@ $(function() {
});
});
-
[% END %]
[% css = BLOCK %]