subject:"\[Freeipa\-devel\] \[PATCH\] 659\-666 Support of password reset with OTP"

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

2014-06-26 Thread Petr Vobornik


On 25.6.2014 19:41, Endi Sukma Dewata wrote:

On 6/20/2014 10:18 AM, Petr Vobornik wrote:

On 11.6.2014 15:19, Petr Vobornik wrote:

Patch set contains both API/server and Web UI parts.

[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP support
[PATCH] 662 webui: support password change with OTP in login screen
[PATCH] 663 webui: placeholder attribute support in textbox and textarea
[PATCH] 664 webui: add placeholders to login screen
[PATCH] 665 webui: rebase user password dialog on password dialog and
add otp support
[PATCH] 666 webui: support otp in reset_password.html

https://fedorahosted.org/freeipa/ticket/4262


attaching rebased patches (mainly because of VERSION conflict)


ACK. Possible improvements (some of which are already discussed on IRC):


pushed to master:
* 7fca783ec554e525465221af13e17f419769c760 ldap2: add otp support to 
modify_password
* 896920ed12a4601a60ac6a7e6f4f13d9ca48df77 rpcserver: add otp support to 
change_password handler

* 2df654223259ca336843f37a229838e125c874d6 ipa-passwd: add OTP support
* f9adc5a5f3ed84ae23c4261f7316ad2e84952d68 webui: support password 
change with OTP in login screen
* 6e7d4ad468854cce8a9a76f3abf8268e3813ff93 webui: placeholder attribute 
support in textbox and textarea
* e3de46767683c5050377cc5e683cd6e3d28ea4e9 webui: add placeholders to 
login screen
* 870db2f677dff01750aeec104c90fce3ca0e54be webui: rebase user password 
dialog on password dialog and add otp support
* 70c77e6a3cfe1a4fbfb5f053a4d47dd2e47d8b3b webui: support otp in 
reset_password.html



I've shamelessly copied all 13 items into new trac ticket 
https://fedorahosted.org/freeipa/ticket/4402 to track these possible 
improvements. We can create separate tickets for issues 8,9,11,12,13 if 
needed.




1. The clock interval field in the Add OTP Token dialog could be
disabled for HOTP.

2. The clock interval and counter fields (and probably some other
fields too) in the OTP Token details page could be hidden depending on
the token type.

3. The Add OTP Token dialog could provide more descriptive token types:
time-based or counter-based token instead of just TOTP or HOTP.

4. The OTP Token details page could show the token type (I suppose the
model may not be descriptive enough).

5. It would be nice to have a link/button to add OTP Token from the user
details page with the owner already set to the user.

6. The clock interval should have a unit of measurements (i.e. seconds).

7. When logging in with an expired password, the user will be asked to
reset a password and enter an OTP. Although OTP means one-time password,
some users could be confusing it with the OTP he/she just entered in the
previous page. It would be nicer to say New OTP or add an explanation
Wait for a new OTP to make sure the user enters a new OTP.

8. In the User authentication types field it might be better to say
password + OTP instead of just otp. The checkbox value can remain
otp.

9. The User authentication types is a bit confusing because if none
are selected it doesn't mean that no authentication is allowed, but it
means it's unset and it will use the global setting. The UI probably
should provide a separate radio button to select Use global setting or
show the effective setting next to it.

10. The Default user authentication types in the global setting is a
bit confusing because by default nothing is selected but the actual
default is supposedly not empty.

11. Ideally the password reset page/dialog should indicate whether the
old password and the OTP are required based on the actual authentication
type available to the user.

12. Ideally there should be a way to display the QR code of an existing
OTP token.

13. The UI could also provide a link to download the OTP app or a list
of supported apps.


--
Petr Vobornik

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

2014-06-25 Thread Endi Sukma Dewata


On 6/20/2014 10:18 AM, Petr Vobornik wrote:

On 11.6.2014 15:19, Petr Vobornik wrote:

Patch set contains both API/server and Web UI parts.

[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP support
[PATCH] 662 webui: support password change with OTP in login screen
[PATCH] 663 webui: placeholder attribute support in textbox and textarea
[PATCH] 664 webui: add placeholders to login screen
[PATCH] 665 webui: rebase user password dialog on password dialog and
add otp support
[PATCH] 666 webui: support otp in reset_password.html

https://fedorahosted.org/freeipa/ticket/4262


attaching rebased patches (mainly because of VERSION conflict)


ACK. Possible improvements (some of which are already discussed on IRC):

1. The clock interval field in the Add OTP Token dialog could be 
disabled for HOTP.


2. The clock interval and counter fields (and probably some other 
fields too) in the OTP Token details page could be hidden depending on 
the token type.


3. The Add OTP Token dialog could provide more descriptive token types: 
time-based or counter-based token instead of just TOTP or HOTP.


4. The OTP Token details page could show the token type (I suppose the 
model may not be descriptive enough).


5. It would be nice to have a link/button to add OTP Token from the user 
details page with the owner already set to the user.


6. The clock interval should have a unit of measurements (i.e. seconds).

7. When logging in with an expired password, the user will be asked to 
reset a password and enter an OTP. Although OTP means one-time password, 
some users could be confusing it with the OTP he/she just entered in the 
previous page. It would be nicer to say New OTP or add an explanation 
Wait for a new OTP to make sure the user enters a new OTP.


8. In the User authentication types field it might be better to say 
password + OTP instead of just otp. The checkbox value can remain otp.


9. The User authentication types is a bit confusing because if none 
are selected it doesn't mean that no authentication is allowed, but it 
means it's unset and it will use the global setting. The UI probably 
should provide a separate radio button to select Use global setting or 
show the effective setting next to it.


10. The Default user authentication types in the global setting is a 
bit confusing because by default nothing is selected but the actual 
default is supposedly not empty.


11. Ideally the password reset page/dialog should indicate whether the 
old password and the OTP are required based on the actual authentication 
type available to the user.


12. Ideally there should be a way to display the QR code of an existing 
OTP token.


13. The UI could also provide a link to download the OTP app or a list 
of supported apps.


--
Endi S. Dewata

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

2014-06-20 Thread Petr Vobornik


On 11.6.2014 15:19, Petr Vobornik wrote:

Patch set contains both API/server and Web UI parts.

[PATCH] 659 ldap2: add otp support to modify_password
[PATCH] 660 rpcserver: add otp support to change_password handler
[PATCH] 661 ipa-passwd: add OTP support
[PATCH] 662 webui: support password change with OTP in login screen
[PATCH] 663 webui: placeholder attribute support in textbox and textarea
[PATCH] 664 webui: add placeholders to login screen
[PATCH] 665 webui: rebase user password dialog on password dialog and
add otp support
[PATCH] 666 webui: support otp in reset_password.html

https://fedorahosted.org/freeipa/ticket/4262


attaching rebased patches (mainly because of VERSION conflict)


--
Petr Vobornik
From 7722d49fdc782d14e5bcc3fbefaee70e5fff62a4 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Thu, 22 May 2014 14:47:44 +0200
Subject: [PATCH] webui: placeholder attribute support in textbox and textarea

---
 install/ui/src/freeipa/widget.js | 8 
 1 file changed, 8 insertions(+)

diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
index cfa9417c5ddbaf94b45aa35498d6076a55fac493..9677a168eb2a137ed1c42b9b2b5d62f43c3a735d 100644
--- a/install/ui/src/freeipa/widget.js
+++ b/install/ui/src/freeipa/widget.js
@@ -269,6 +269,12 @@ IPA.input_widget = function(spec) {
 var that = IPA.widget(spec);
 
 /**
+ * Placeholder
+ * @property {string}
+ */
+that.placeholder = text.get(spec.placeholder);
+
+/**
  * Widget's width.
  * @deprecated
  * @property {number}
@@ -709,6 +715,7 @@ IPA.text_widget = function(spec) {
 'class': 'form-control',
 size: that.size,
 title: that.tooltip,
+placeholder: that.placeholder,
 keyup: function() {
 that.on_value_changed();
 }
@@ -1975,6 +1982,7 @@ IPA.textarea_widget = function (spec) {
 'class': 'form-control',
 readOnly: !!that.read_only,
 title: that.tooltip,
+placeholder: that.placeholder,
 keyup: function() {
 that.on_value_changed();
 }
-- 
1.9.0

From 6b680e0092ca8518b6aebb974ee982139e85d266 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Thu, 22 May 2014 14:48:22 +0200
Subject: [PATCH] webui: add placeholders to login screen

---
 install/ui/src/freeipa/widgets/LoginScreen.js | 8 +++-
 install/ui/test/data/ipa_init.json| 3 +++
 ipalib/plugins/internal.py| 3 +++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js
index 701c88cf12f07e7d7e4d4efc44d980f332656042..78991d0a93d6b9d3507d3afe31587ed1f3b55ed9 100644
--- a/install/ui/src/freeipa/widgets/LoginScreen.js
+++ b/install/ui/src/freeipa/widgets/LoginScreen.js
@@ -568,6 +568,7 @@ define(['dojo/_base/declare',
 $type: 'text',
 name: 'username',
 label: text.get('@i18n:login.username', Username),
+placeholder: text.get('@i18n:login.username', Username),
 show_errors: false,
 undo: false
 },
@@ -575,6 +576,7 @@ define(['dojo/_base/declare',
 $type: 'password',
 name: 'password',
 label: text.get('@i18n:login.password', Password),
+placeholder: text.get('@i18n:login.password_and_otp', 'Password or Password+One-Time-Password'),
 show_errors: false,
 undo: false
 },
@@ -589,13 +591,15 @@ define(['dojo/_base/declare',
 name: 'current_password',
 $type: 'password',
 label: text.get('@i18n:login.current_password', Current Password),
+placeholder: text.get('@i18n:login.current_password', Current Password),
 show_errors: false,
 undo: false
 },
 {
 name: 'otp',
 $type: 'password',
-label: text.get('@i18n:login.current_password', OTP),
+label: text.get('@i18n:password.otp', OTP),
+placeholder: text.get('@i18n:password.otp_long', 'One-Time-Password'),
 show_errors: false,
 undo: false
 },
@@ -604,6 +608,7 @@ define(['dojo/_base/declare',
 $type: 'password',
 required: true,
 label: text.get('@i18n:password.new_password)', New Password),
+placeholder: text.get('@i18n:password.new_password)', New Password),
 show_errors: false,
 undo: false
 },
@@ -612,6 +617,7 @@ define(['dojo/_base/declare',
 $type: 'password',
 required: true,
 label: text.get('@i18n:password.verify_password', Verify Password),
+placeholder: text.get('@i18n:password.new_password)', New Password),
 validators: [{
 $type: 'same_password',

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

Re: [Freeipa-devel] [PATCH] 659-666 Support of password reset with OTP

3 matches

Site Navigation

Mail list logo

Footer information