From e6d45b6d6028527079744af20dc9407a2a3867f2 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 25 Aug 2015 13:40:13 +0800
Subject: Bug 1196134 - add ability for admins to force a user to change their
 password on next login

---
 .../en/default/account/reset-password.html.tmpl    | 210 +++++++++++++++++++++
 1 file changed, 210 insertions(+)
 create mode 100644 template/en/default/account/reset-password.html.tmpl

(limited to 'template/en/default/account')

diff --git a/template/en/default/account/reset-password.html.tmpl b/template/en/default/account/reset-password.html.tmpl
new file mode 100644
index 000000000..2b1d297dc
--- /dev/null
+++ b/template/en/default/account/reset-password.html.tmpl
@@ -0,0 +1,210 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% inline_style = BLOCK %]
+
+.field-hr, .field-row {
+  clear: both;
+}
+
+.field-row {
+  height: 2.5em;
+}
+
+.field-name {
+  text-align: right;
+  width: 150px;
+  float: left;
+  padding-top: 2px;
+  font-weight: bold;
+}
+
+.field-value {
+  margin-left: 160px;
+}
+
+#errors, #complexity_rules {
+  margin-left: 160px;
+  max-width: 500px;
+}
+
+#errors {
+  color: #dd4848;
+  position: absolute;
+  margin-left: 500px;
+}
+
+#errors ul {
+  padding: 0;
+  margin: 0;
+}
+
+#complexity_rules {
+  margin-bottom: 50px;
+}
+
+[% END %]
+
+[% inline_js = BLOCK %]
+$(function() {
+
+  $('#old_password, #new_password1, #new_password2')
+    .keyup(function() {
+      var errors = [];
+      var old = $('#old_password').val();
+      var new1 = $('#new_password1').val();
+      var new2 = $('#new_password2').val();
+
+      if (old === '') {
+        errors.push('Missing current password');
+      }
+      if (new1 === '' || new2 === '') {
+        errors.push('Missing new password');
+      }
+      else if (new1 !== new2) {
+        errors.push('New passwords do not match');
+      }
+      else if (new1 === old) {
+        errors.push('Your new password must be different from your old password');
+      }
+      else if (new1.length < [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %]) {
+        errors.push('Your password must be at least [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] long');
+      }
+      else {
+        var complexity_fn;
+        [% SWITCH Param('password_complexity') %]
+          [% CASE 'no_constraints' %]
+            complexity_fn = function() {};
+          [% CASE 'mixed_letters' %]
+            complexity_fn = function(pass, errors) {
+              if (
+                pass.search(/[a-z]/) == -1 ||
+                pass.search(/[A-Z]/) == -1
+              ) {
+                errors.push('New password is not complex enough');
+              }
+            };
+          [% CASE 'letters_numbers' %]
+            complexity_fn = function(pass, errors) {
+              if (
+                pass.search(/[a-z]/) == -1 ||
+                pass.search(/[A-Z]/) == -1 ||
+                pass.search(/[0-9]/) == -1
+              ) {
+                errors.push('New password is not complex enough');
+              }
+            };
+          [% CASE 'letters_numbers_specialchars' %]
+            complexity_fn = function(pass, errors) {
+              if (
+                pass.search(/[a-z]/) == -1 ||
+                pass.search(/[A-Z]/) == -1 ||
+                pass.search(/[0-9]/) == -1 ||
+                pass.search(/\W/) == -1
+              ) {
+                errors.push('New password is not complex enough');
+              }
+            };
+        [% END %]
+        complexity_fn(new1, errors);
+      }
+
+      $('#submit').attr('disabled', errors.length > 0);
+      if ((old !== '' || new1 !== '' || new2 !== '') && errors.length) {
+        $('#errors').html('<ul><li>' + errors.join('</li><li>') + '</li></ul>');
+      }
+      else {
+        $('#errors').html('');
+      }
+    })
+    .keyup();
+
+  $('#forgot_password')
+    .click(function(event) {
+      event.preventDefault();
+      $('#forgot-form').submit();
+    });
+});
+
+[% END %]
+
+[% PROCESS global/header.html.tmpl
+    title      = "Password change required"
+    style      = inline_style
+    javascript = inline_js
+%]
+
+<h1>Password Reset</h1>
+
+<p>
+  [% user.password_change_reason || "You are required to update your password." FILTER html %]
+</p>
+
+<form method="POST" action="reset_password.cgi">
+<input type="hidden" name="token" value="[% token FILTER html %]">
+<input type="hidden" name="do_save" value="1">
+
+<div id="password-reset">
+  <div class="field-hr">&nbsp;</div>
+  <div class="field-row">
+    <div class="field-name">Email</div>
+    <div class="field-value">
+      [% user.login FILTER html %]
+    </div>
+  </div>
+  <div class="field-row">
+    <div class="field-name">Current Password</div>
+    <div class="field-value">
+      <input type="password" name="old_password" id="old_password" size="30">
+    </div>
+  </div>
+  <div class="field-hr">&nbsp;</div>
+  <div id="errors"></div>
+  <div class="field-row">
+    <div class="field-name">New Password</div>
+    <div class="field-value">
+      <input type="password" name="new_password1" id="new_password1" size="30">
+    </div>
+  </div>
+  <div class="field-row">
+    <div class="field-name">New Password</div>
+    <div class="field-value">
+      <input type="password" name="new_password2" id="new_password2" size="30">
+      (again)
+    </div>
+  </div>
+  <div class="field-hr">&nbsp;</div>
+  <div class="field-row">
+    <div class="field-value">
+      <input type="submit" id="submit" value="Update Password">
+      <a id="forgot_password" href="#">Forgot Password</a>
+    </div>
+  </div>
+</div>
+
+</form>
+
+<p id="complexity_rules">
+  Your password must be a minimum of [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters long
+  [% SWITCH Param('password_complexity') %]
+    [% CASE 'mixed_letters' %]
+      and must contain at least one UPPER and one lowercase letter
+    [% CASE 'letters_numbers' %]
+      and must contain at least one UPPER and one lowercase letter and a number
+    [% CASE 'letters_numbers_specialchars' %]
+      and must contain at least one letter, a number and a special character
+  [% END ~%].
+</p>
+
+<form action="token.cgi" method="post" id="forgot-form">
+  <input type="hidden" name="loginname" value="[% user.login FILTER html %]">
+  <input type="hidden" name="a" value="reqpw">
+  <input type="hidden" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]">
+</form>
+
+[% PROCESS global/footer.html.tmpl %]
-- 
cgit v1.2.3-24-g4f1b