Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP
On 25.6.2014 19:41, Endi Sukma Dewata wrote: On 6/20/2014 10:18 AM, Petr Vobornik wrote: On 11.6.2014 15:19, Petr Vobornik wrote: Patch set contains both API/server and Web UI parts. [PATCH] 659 ldap2: add otp support to modify_password [PATCH] 660 rpcserver: add otp support to change_password handler [PATCH] 661 ipa-passwd: add OTP support [PATCH] 662 webui: support password change with OTP in login screen [PATCH] 663 webui: placeholder attribute support in textbox and textarea [PATCH] 664 webui: add placeholders to login screen [PATCH] 665 webui: rebase user password dialog on password dialog and add otp support [PATCH] 666 webui: support otp in reset_password.html https://fedorahosted.org/freeipa/ticket/4262 attaching rebased patches (mainly because of VERSION conflict) ACK. Possible improvements (some of which are already discussed on IRC): pushed to master: * 7fca783ec554e525465221af13e17f419769c760 ldap2: add otp support to modify_password * 896920ed12a4601a60ac6a7e6f4f13d9ca48df77 rpcserver: add otp support to change_password handler * 2df654223259ca336843f37a229838e125c874d6 ipa-passwd: add OTP support * f9adc5a5f3ed84ae23c4261f7316ad2e84952d68 webui: support password change with OTP in login screen * 6e7d4ad468854cce8a9a76f3abf8268e3813ff93 webui: placeholder attribute support in textbox and textarea * e3de46767683c5050377cc5e683cd6e3d28ea4e9 webui: add placeholders to login screen * 870db2f677dff01750aeec104c90fce3ca0e54be webui: rebase user password dialog on password dialog and add otp support * 70c77e6a3cfe1a4fbfb5f053a4d47dd2e47d8b3b webui: support otp in reset_password.html I've shamelessly copied all 13 items into new trac ticket https://fedorahosted.org/freeipa/ticket/4402 to track these possible improvements. We can create separate tickets for issues 8,9,11,12,13 if needed. 1. The clock interval field in the Add OTP Token dialog could be disabled for HOTP. 2. The clock interval and counter fields (and probably some other fields too) in the OTP Token details page could be hidden depending on the token type. 3. The Add OTP Token dialog could provide more descriptive token types: time-based or counter-based token instead of just TOTP or HOTP. 4. The OTP Token details page could show the token type (I suppose the model may not be descriptive enough). 5. It would be nice to have a link/button to add OTP Token from the user details page with the owner already set to the user. 6. The clock interval should have a unit of measurements (i.e. seconds). 7. When logging in with an expired password, the user will be asked to reset a password and enter an OTP. Although OTP means one-time password, some users could be confusing it with the OTP he/she just entered in the previous page. It would be nicer to say New OTP or add an explanation Wait for a new OTP to make sure the user enters a new OTP. 8. In the User authentication types field it might be better to say password + OTP instead of just otp. The checkbox value can remain otp. 9. The User authentication types is a bit confusing because if none are selected it doesn't mean that no authentication is allowed, but it means it's unset and it will use the global setting. The UI probably should provide a separate radio button to select Use global setting or show the effective setting next to it. 10. The Default user authentication types in the global setting is a bit confusing because by default nothing is selected but the actual default is supposedly not empty. 11. Ideally the password reset page/dialog should indicate whether the old password and the OTP are required based on the actual authentication type available to the user. 12. Ideally there should be a way to display the QR code of an existing OTP token. 13. The UI could also provide a link to download the OTP app or a list of supported apps. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP
On 6/20/2014 10:18 AM, Petr Vobornik wrote: On 11.6.2014 15:19, Petr Vobornik wrote: Patch set contains both API/server and Web UI parts. [PATCH] 659 ldap2: add otp support to modify_password [PATCH] 660 rpcserver: add otp support to change_password handler [PATCH] 661 ipa-passwd: add OTP support [PATCH] 662 webui: support password change with OTP in login screen [PATCH] 663 webui: placeholder attribute support in textbox and textarea [PATCH] 664 webui: add placeholders to login screen [PATCH] 665 webui: rebase user password dialog on password dialog and add otp support [PATCH] 666 webui: support otp in reset_password.html https://fedorahosted.org/freeipa/ticket/4262 attaching rebased patches (mainly because of VERSION conflict) ACK. Possible improvements (some of which are already discussed on IRC): 1. The clock interval field in the Add OTP Token dialog could be disabled for HOTP. 2. The clock interval and counter fields (and probably some other fields too) in the OTP Token details page could be hidden depending on the token type. 3. The Add OTP Token dialog could provide more descriptive token types: time-based or counter-based token instead of just TOTP or HOTP. 4. The OTP Token details page could show the token type (I suppose the model may not be descriptive enough). 5. It would be nice to have a link/button to add OTP Token from the user details page with the owner already set to the user. 6. The clock interval should have a unit of measurements (i.e. seconds). 7. When logging in with an expired password, the user will be asked to reset a password and enter an OTP. Although OTP means one-time password, some users could be confusing it with the OTP he/she just entered in the previous page. It would be nicer to say New OTP or add an explanation Wait for a new OTP to make sure the user enters a new OTP. 8. In the User authentication types field it might be better to say password + OTP instead of just otp. The checkbox value can remain otp. 9. The User authentication types is a bit confusing because if none are selected it doesn't mean that no authentication is allowed, but it means it's unset and it will use the global setting. The UI probably should provide a separate radio button to select Use global setting or show the effective setting next to it. 10. The Default user authentication types in the global setting is a bit confusing because by default nothing is selected but the actual default is supposedly not empty. 11. Ideally the password reset page/dialog should indicate whether the old password and the OTP are required based on the actual authentication type available to the user. 12. Ideally there should be a way to display the QR code of an existing OTP token. 13. The UI could also provide a link to download the OTP app or a list of supported apps. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP
On 11.6.2014 15:19, Petr Vobornik wrote: Patch set contains both API/server and Web UI parts. [PATCH] 659 ldap2: add otp support to modify_password [PATCH] 660 rpcserver: add otp support to change_password handler [PATCH] 661 ipa-passwd: add OTP support [PATCH] 662 webui: support password change with OTP in login screen [PATCH] 663 webui: placeholder attribute support in textbox and textarea [PATCH] 664 webui: add placeholders to login screen [PATCH] 665 webui: rebase user password dialog on password dialog and add otp support [PATCH] 666 webui: support otp in reset_password.html https://fedorahosted.org/freeipa/ticket/4262 attaching rebased patches (mainly because of VERSION conflict) -- Petr Vobornik From 7722d49fdc782d14e5bcc3fbefaee70e5fff62a4 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Thu, 22 May 2014 14:47:44 +0200 Subject: [PATCH] webui: placeholder attribute support in textbox and textarea --- install/ui/src/freeipa/widget.js | 8 1 file changed, 8 insertions(+) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index cfa9417c5ddbaf94b45aa35498d6076a55fac493..9677a168eb2a137ed1c42b9b2b5d62f43c3a735d 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -269,6 +269,12 @@ IPA.input_widget = function(spec) { var that = IPA.widget(spec); /** + * Placeholder + * @property {string} + */ +that.placeholder = text.get(spec.placeholder); + +/** * Widget's width. * @deprecated * @property {number} @@ -709,6 +715,7 @@ IPA.text_widget = function(spec) { 'class': 'form-control', size: that.size, title: that.tooltip, +placeholder: that.placeholder, keyup: function() { that.on_value_changed(); } @@ -1975,6 +1982,7 @@ IPA.textarea_widget = function (spec) { 'class': 'form-control', readOnly: !!that.read_only, title: that.tooltip, +placeholder: that.placeholder, keyup: function() { that.on_value_changed(); } -- 1.9.0 From 6b680e0092ca8518b6aebb974ee982139e85d266 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Thu, 22 May 2014 14:48:22 +0200 Subject: [PATCH] webui: add placeholders to login screen --- install/ui/src/freeipa/widgets/LoginScreen.js | 8 +++- install/ui/test/data/ipa_init.json| 3 +++ ipalib/plugins/internal.py| 3 +++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 701c88cf12f07e7d7e4d4efc44d980f332656042..78991d0a93d6b9d3507d3afe31587ed1f3b55ed9 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -568,6 +568,7 @@ define(['dojo/_base/declare', $type: 'text', name: 'username', label: text.get('@i18n:login.username', Username), +placeholder: text.get('@i18n:login.username', Username), show_errors: false, undo: false }, @@ -575,6 +576,7 @@ define(['dojo/_base/declare', $type: 'password', name: 'password', label: text.get('@i18n:login.password', Password), +placeholder: text.get('@i18n:login.password_and_otp', 'Password or Password+One-Time-Password'), show_errors: false, undo: false }, @@ -589,13 +591,15 @@ define(['dojo/_base/declare', name: 'current_password', $type: 'password', label: text.get('@i18n:login.current_password', Current Password), +placeholder: text.get('@i18n:login.current_password', Current Password), show_errors: false, undo: false }, { name: 'otp', $type: 'password', -label: text.get('@i18n:login.current_password', OTP), +label: text.get('@i18n:password.otp', OTP), +placeholder: text.get('@i18n:password.otp_long', 'One-Time-Password'), show_errors: false, undo: false }, @@ -604,6 +608,7 @@ define(['dojo/_base/declare', $type: 'password', required: true, label: text.get('@i18n:password.new_password)', New Password), +placeholder: text.get('@i18n:password.new_password)', New Password), show_errors: false, undo: false }, @@ -612,6 +617,7 @@ define(['dojo/_base/declare', $type: 'password', required: true, label: text.get('@i18n:password.verify_password', Verify Password), +placeholder: text.get('@i18n:password.new_password)', New Password), validators: [{ $type: 'same_password',