This solution depends on Rob's patch #1006-2

Forms-based login procedure detects if 401 unauthorized message contains 'Expired Password' message. If so it displays an error message that user needs to reset his password.


https://fedorahosted.org/freeipa/ticket/2608
--
Petr Vobornik
From 77e7fd988d6cf6a583f507723933f09a5feef518 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Mon, 16 Apr 2012 12:22:34 +0200
Subject: [PATCH] User is notified that password needs to be reset in
 forms-based login

Forms-based login procedure detects if 401 unauthorized message contains 'Expired Password' message. If so it displays an error message that user needs to reset his password.

https://fedorahosted.org/freeipa/ticket/2608
---
 install/ui/ipa.js     |   31 ++++++++++++++++++++++++-------
 install/ui/login.html |    9 ++++++++-
 install/ui/login.js   |   32 ++++++++++++++++++++++++--------
 3 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/install/ui/ipa.js b/install/ui/ipa.js
index eeac030531302fffc0af79e70a835dca8120f674..dcc9d21a2d960a81ef70c89b050497bbfdfba6ad 100644
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@@ -359,10 +359,18 @@ IPA.logout = function() {
 
 IPA.login_password = function(username, password) {
 
-    var success = false;
+    var result = 'invalid';
 
     function success_handler(data, text_status, xhr) {
-        success = true;
+        result = 'success';
+    }
+
+    function error_handler(xhr, text_status, error_thrown) {
+
+        if (xhr.status === 401 &&
+                xhr.responseText.indexOf('Password Expired') > -1) {
+            result = 'expired';
+        }
     }
 
     var data = {
@@ -378,14 +386,15 @@ IPA.login_password = function(username, password) {
         dataType: 'html',
         async: false,
         type: 'POST',
-        success: success_handler
+        success: success_handler,
+        error: error_handler
     };
 
     IPA.display_activity_icon();
     $.ajax(request);
     IPA.hide_activity_icon();
 
-    return success;
+    return result;
 };
 
 /**
@@ -1340,6 +1349,10 @@ IPA.unauthorized_dialog = function(spec) {
                 "Please try again (make sure your caps lock is off).</p>" +
                 "<p>If the problem persists, contact your administrator.</p>";
 
+    that.password_expired = "<p><strong>Password expired</strong></p>" +
+                "<p>Please run kinit to reset the password and then try to login again.</p>" +
+                "<p>If the problem persists, contact your administrator.</p>";
+
     that.create = function() {
 
         that.krb_message_contatiner = $('<div\>').appendTo(that.container);
@@ -1482,13 +1495,17 @@ IPA.unauthorized_dialog = function(spec) {
 
         IPA.display_activity_icon();
 
-        var success = IPA.login_password(record.username[0], record.password[0]);
+        var result = IPA.login_password(record.username[0], record.password[0]);
 
         IPA.hide_activity_icon();
 
-        if (success) {
+        if (result === 'success') {
             that.on_login_success();
-        } else {
+        } else if (result === 'expired') {
+            that.error_box.html(that.password_expired);
+            that.error_box.css('display', 'block');
+        }else {
+            that.error_box.html(that.form_auth_failed);
             that.error_box.css('display', 'block');
         }
     };
diff --git a/install/ui/login.html b/install/ui/login.html
index d88ee0eeb0f81bb5fdd543dfc20b1f5dcf851241..9902466a70b3deb7e4c7ec5168abc803935d0c32 100644
--- a/install/ui/login.html
+++ b/install/ui/login.html
@@ -21,12 +21,19 @@
 
         <div id="formwindow">
             <h2>Login</h2>
-            <div id="error-box" style="display:none">
+
+            <div id="invalid" class="error-box" style="display:none">
                 <p><strong>Please re-enter your username or password</strong></p>
                 <p>The password or username you entered is incorrect. Please try again (make sure your caps lock is off).</p>
                 <p>If the problem persists, contact your administrator.</p>
             </div>
 
+            <div id="expired" class="error-box" style="display:none">
+                <p><strong>Password expired</strong></p>
+                <p>Please run kinit to reset the password and then try to login again.</p>
+                <p>If the problem persists, contact your administrator.</p>
+            </div>
+
             <form id="login">
                 <ul>
                     <li>
diff --git a/install/ui/login.js b/install/ui/login.js
index 68b16bce1cd743b7ee5fd2b50b17d10965fc09d6..b739128dba14b18f59d9d950a09fd87b2a4efed9 100644
--- a/install/ui/login.js
+++ b/install/ui/login.js
@@ -22,10 +22,18 @@ var LP = {}; //Login Page
 
 LP.login = function(username, password) {
 
-    var success = false;
+    var result = 'invalid';
 
     function success_handler(data, text_status, xhr) {
-        success = true;
+        result = 'success';
+    }
+
+    function error_handler(xhr, text_status, error_thrown) {
+
+        if (xhr.status === 401 &&
+                xhr.responseText.indexOf('Password Expired') > -1) {
+            result = 'expired';
+        }
     }
 
     var data = {
@@ -36,14 +44,18 @@ LP.login = function(username, password) {
     var request = {
         url: '/ipa/session/login_password',
         data: data,
+        contentType: 'application/x-www-form-urlencoded',
+        processData: true,
+        dataType: 'html',
         async: false,
-        type: "POST",
-        success: success_handler
+        type: 'POST',
+        success: success_handler,
+        error: error_handler
     };
 
     $.ajax(request);
 
-    return success;
+    return result;
 };
 
 LP.on_submit = function() {
@@ -51,10 +63,14 @@ LP.on_submit = function() {
     var username = $('input[name=username]', LP.form).val();
     var password = $('input[name=password]', LP.form).val();
 
-    var success = LP.login(username, password);
+    var result = LP.login(username, password);
 
-    if (!success) {
-        $('#error-box').css('display', 'block');
+    if (result === 'invalid') {
+        $('#expired').css('display', 'none');
+        $('#invalid').css('display', 'block');
+    } else if (result === 'expired') {
+        $('#invalid').css('display', 'none');
+        $('#expired').css('display', 'block');
     } else {
         window.location = '/ipa/ui';
     }
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to