This solution depends on Rob's patch #1006-2
Forms-based login procedure detects if 401 unauthorized message contains
'Expired Password' message. If so it displays an error message that user
needs to reset his password.
https://fedorahosted.org/freeipa/ticket/2608
--
Petr Vobornik
From 77e7fd988d6cf6a583f507723933f09a5feef518 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Mon, 16 Apr 2012 12:22:34 +0200
Subject: [PATCH] User is notified that password needs to be reset in
forms-based login
Forms-based login procedure detects if 401 unauthorized message contains 'Expired Password' message. If so it displays an error message that user needs to reset his password.
https://fedorahosted.org/freeipa/ticket/2608
---
install/ui/ipa.js | 31 ++++++++++++++++++++++++-------
install/ui/login.html | 9 ++++++++-
install/ui/login.js | 32 ++++++++++++++++++++++++--------
3 files changed, 56 insertions(+), 16 deletions(-)
diff --git a/install/ui/ipa.js b/install/ui/ipa.js
index eeac030531302fffc0af79e70a835dca8120f674..dcc9d21a2d960a81ef70c89b050497bbfdfba6ad 100644
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@@ -359,10 +359,18 @@ IPA.logout = function() {
IPA.login_password = function(username, password) {
- var success = false;
+ var result = 'invalid';
function success_handler(data, text_status, xhr) {
- success = true;
+ result = 'success';
+ }
+
+ function error_handler(xhr, text_status, error_thrown) {
+
+ if (xhr.status === 401 &&
+ xhr.responseText.indexOf('Password Expired') > -1) {
+ result = 'expired';
+ }
}
var data = {
@@ -378,14 +386,15 @@ IPA.login_password = function(username, password) {
dataType: 'html',
async: false,
type: 'POST',
- success: success_handler
+ success: success_handler,
+ error: error_handler
};
IPA.display_activity_icon();
$.ajax(request);
IPA.hide_activity_icon();
- return success;
+ return result;
};
/**
@@ -1340,6 +1349,10 @@ IPA.unauthorized_dialog = function(spec) {
"Please try again (make sure your caps lock is off).</p>" +
"<p>If the problem persists, contact your administrator.</p>";
+ that.password_expired = "<p><strong>Password expired</strong></p>" +
+ "<p>Please run kinit to reset the password and then try to login again.</p>" +
+ "<p>If the problem persists, contact your administrator.</p>";
+
that.create = function() {
that.krb_message_contatiner = $('<div\>').appendTo(that.container);
@@ -1482,13 +1495,17 @@ IPA.unauthorized_dialog = function(spec) {
IPA.display_activity_icon();
- var success = IPA.login_password(record.username[0], record.password[0]);
+ var result = IPA.login_password(record.username[0], record.password[0]);
IPA.hide_activity_icon();
- if (success) {
+ if (result === 'success') {
that.on_login_success();
- } else {
+ } else if (result === 'expired') {
+ that.error_box.html(that.password_expired);
+ that.error_box.css('display', 'block');
+ }else {
+ that.error_box.html(that.form_auth_failed);
that.error_box.css('display', 'block');
}
};
diff --git a/install/ui/login.html b/install/ui/login.html
index d88ee0eeb0f81bb5fdd543dfc20b1f5dcf851241..9902466a70b3deb7e4c7ec5168abc803935d0c32 100644
--- a/install/ui/login.html
+++ b/install/ui/login.html
@@ -21,12 +21,19 @@
<div id="formwindow">
<h2>Login</h2>
- <div id="error-box" style="display:none">
+
+ <div id="invalid" class="error-box" style="display:none">
<p><strong>Please re-enter your username or password</strong></p>
<p>The password or username you entered is incorrect. Please try again (make sure your caps lock is off).</p>
<p>If the problem persists, contact your administrator.</p>
</div>
+ <div id="expired" class="error-box" style="display:none">
+ <p><strong>Password expired</strong></p>
+ <p>Please run kinit to reset the password and then try to login again.</p>
+ <p>If the problem persists, contact your administrator.</p>
+ </div>
+
<form id="login">
<ul>
<li>
diff --git a/install/ui/login.js b/install/ui/login.js
index 68b16bce1cd743b7ee5fd2b50b17d10965fc09d6..b739128dba14b18f59d9d950a09fd87b2a4efed9 100644
--- a/install/ui/login.js
+++ b/install/ui/login.js
@@ -22,10 +22,18 @@ var LP = {}; //Login Page
LP.login = function(username, password) {
- var success = false;
+ var result = 'invalid';
function success_handler(data, text_status, xhr) {
- success = true;
+ result = 'success';
+ }
+
+ function error_handler(xhr, text_status, error_thrown) {
+
+ if (xhr.status === 401 &&
+ xhr.responseText.indexOf('Password Expired') > -1) {
+ result = 'expired';
+ }
}
var data = {
@@ -36,14 +44,18 @@ LP.login = function(username, password) {
var request = {
url: '/ipa/session/login_password',
data: data,
+ contentType: 'application/x-www-form-urlencoded',
+ processData: true,
+ dataType: 'html',
async: false,
- type: "POST",
- success: success_handler
+ type: 'POST',
+ success: success_handler,
+ error: error_handler
};
$.ajax(request);
- return success;
+ return result;
};
LP.on_submit = function() {
@@ -51,10 +63,14 @@ LP.on_submit = function() {
var username = $('input[name=username]', LP.form).val();
var password = $('input[name=password]', LP.form).val();
- var success = LP.login(username, password);
+ var result = LP.login(username, password);
- if (!success) {
- $('#error-box').css('display', 'block');
+ if (result === 'invalid') {
+ $('#expired').css('display', 'none');
+ $('#invalid').css('display', 'block');
+ } else if (result === 'expired') {
+ $('#invalid').css('display', 'none');
+ $('#expired').css('display', 'block');
} else {
window.location = '/ipa/ui';
}
--
1.7.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel