From e6d45b6d6028527079744af20dc9407a2a3867f2 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Tue, 25 Aug 2015 13:40:13 +0800 Subject: Bug 1196134 - add ability for admins to force a user to change their password on next login --- .../en/default/account/reset-password.html.tmpl | 210 +++++++++++++++++++++ template/en/default/admin/users/edit.html.tmpl | 12 ++ template/en/default/admin/users/userdata.html.tmpl | 37 ++-- template/en/default/global/messages.html.tmpl | 4 + template/en/default/global/user-error.html.tmpl | 4 + 5 files changed, 255 insertions(+), 12 deletions(-) create mode 100644 template/en/default/account/reset-password.html.tmpl (limited to 'template') diff --git a/template/en/default/account/reset-password.html.tmpl b/template/en/default/account/reset-password.html.tmpl new file mode 100644 index 000000000..2b1d297dc --- /dev/null +++ b/template/en/default/account/reset-password.html.tmpl @@ -0,0 +1,210 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% inline_style = BLOCK %] + +.field-hr, .field-row { + clear: both; +} + +.field-row { + height: 2.5em; +} + +.field-name { + text-align: right; + width: 150px; + float: left; + padding-top: 2px; + font-weight: bold; +} + +.field-value { + margin-left: 160px; +} + +#errors, #complexity_rules { + margin-left: 160px; + max-width: 500px; +} + +#errors { + color: #dd4848; + position: absolute; + margin-left: 500px; +} + +#errors ul { + padding: 0; + margin: 0; +} + +#complexity_rules { + margin-bottom: 50px; +} + +[% END %] + +[% inline_js = BLOCK %] +$(function() { + + $('#old_password, #new_password1, #new_password2') + .keyup(function() { + var errors = []; + var old = $('#old_password').val(); + var new1 = $('#new_password1').val(); + var new2 = $('#new_password2').val(); + + if (old === '') { + errors.push('Missing current password'); + } + if (new1 === '' || new2 === '') { + errors.push('Missing new password'); + } + else if (new1 !== new2) { + errors.push('New passwords do not match'); + } + else if (new1 === old) { + errors.push('Your new password must be different from your old password'); + } + else if (new1.length < [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %]) { + errors.push('Your password must be at least [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] long'); + } + else { + var complexity_fn; + [% SWITCH Param('password_complexity') %] + [% CASE 'no_constraints' %] + complexity_fn = function() {}; + [% CASE 'mixed_letters' %] + complexity_fn = function(pass, errors) { + if ( + pass.search(/[a-z]/) == -1 || + pass.search(/[A-Z]/) == -1 + ) { + errors.push('New password is not complex enough'); + } + }; + [% CASE 'letters_numbers' %] + complexity_fn = function(pass, errors) { + if ( + pass.search(/[a-z]/) == -1 || + pass.search(/[A-Z]/) == -1 || + pass.search(/[0-9]/) == -1 + ) { + errors.push('New password is not complex enough'); + } + }; + [% CASE 'letters_numbers_specialchars' %] + complexity_fn = function(pass, errors) { + if ( + pass.search(/[a-z]/) == -1 || + pass.search(/[A-Z]/) == -1 || + pass.search(/[0-9]/) == -1 || + pass.search(/\W/) == -1 + ) { + errors.push('New password is not complex enough'); + } + }; + [% END %] + complexity_fn(new1, errors); + } + + $('#submit').attr('disabled', errors.length > 0); + if ((old !== '' || new1 !== '' || new2 !== '') && errors.length) { + $('#errors').html(''); + } + else { + $('#errors').html(''); + } + }) + .keyup(); + + $('#forgot_password') + .click(function(event) { + event.preventDefault(); + $('#forgot-form').submit(); + }); +}); + +[% END %] + +[% PROCESS global/header.html.tmpl + title = "Password change required" + style = inline_style + javascript = inline_js +%] + +

Password Reset

+ +

+ [% user.password_change_reason || "You are required to update your password." FILTER html %] +

+ +
+ + + +
+
 
+
+
Email
+
+ [% user.login FILTER html %] +
+
+
+
Current Password
+
+ +
+
+
 
+
+
+
New Password
+
+ +
+
+
+
New Password
+
+ + (again) +
+
+
 
+
+
+ + Forgot Password +
+
+
+ +
+ +

+ Your password must be a minimum of [% constants.USER_PASSWORD_MIN_LENGTH FILTER none %] characters long + [% SWITCH Param('password_complexity') %] + [% CASE 'mixed_letters' %] + and must contain at least one UPPER and one lowercase letter + [% CASE 'letters_numbers' %] + and must contain at least one UPPER and one lowercase letter and a number + [% CASE 'letters_numbers_specialchars' %] + and must contain at least one letter, a number and a special character + [% END ~%]. +

+ +
+ + + +
+ +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index a5ab5cf03..fbf283574 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -38,6 +38,18 @@ $(function() { } }) .keyup(); + + $('#password_change_required') + .change(function() { + $('#password').prop('disabled', $(this).is(':checked')); + if ($(this).is(':checked')) { + $('#password_change_reason_container').show(); + } + else { + $('#password_change_reason_container').hide(); + } + }) + .change(); }); [% END %] diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl index 63f69cfe9..ebe7451e4 100644 --- a/template/en/default/admin/users/userdata.html.tmpl +++ b/template/en/default/admin/users/userdata.html.tmpl @@ -64,24 +64,37 @@ -[%# XXX This condition (can_change_password) will cause a problem - # if we ever have a login system that can create accounts through - # createaccount.cgi but can't change passwords. - #%] - [% IF editusers %] - [% IF user.authorizer.can_change_password %] - + + + - - [% IF editform %]
- (Enter new password to change.) + + [%# if a user's cryptpassword is '*' it means they use an auth provider + # such as github, or you can't log in with that account. in either case + # forcing a password reset isn't valid %] + [% IF otheruser.cryptpassword != '*' && editform %] +
+ + +
+ Password change reason (will be displayed to the user):
+ +
[% END %] - [% END %] + diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 0f408842f..4cefe2a3f 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -70,6 +70,10 @@ [% ELSE %] [% terms.Bug %]mail has been enabled. [% END %] + [% ELSIF field == 'password_change_required' %] + The user [% otheruser.password_change_required ? "must" : "no longer needs to" %] update their password. + [% ELSIF field == 'password_change_reason' %] + The password change reason has been modified. [% END %] [% END %] diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 814a02c13..98076ce1c 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1352,6 +1352,10 @@ [% title = "New Password Missing" %] You must enter a new password. + [% ELSIF error == "new_password_same" %] + [% title = "Password Unchanged" %] + Your new password cannot be the same as your old password. + [% ELSIF error == "no_axes_defined" %] [% title = "No Axes Defined" %] [% docslinks = {'reporting.html' => 'Reporting'} %] -- cgit v1.2.3-24-g4f1b