Separate reset password page

This patch adds separate reset password page. It is a complement to separate login page. It differentiate from reset password capabilities in Web UI's anauthorized dialog by not performing login. This is useful for users who wants only to reset the password and not to use Web UI. And also for users who are using the separate login page.

https://fedorahosted.org/freeipa/ticket/2755

freeipa.spec.in

@@ -590,6 +590,7 @@ fi
 %{_usr}/share/ipa/ui/index.html
 %{_usr}/share/ipa/ui/login.html
 %{_usr}/share/ipa/ui/logout.html
+%{_usr}/share/ipa/ui/reset_password.html
 %{_usr}/share/ipa/ui/*.ico
 %{_usr}/share/ipa/ui/*.css
 %{_usr}/share/ipa/ui/*.js
@@ -717,6 +718,9 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Fri Jun 21 2012 Petr Vobornik <pvoborni@redhat.com> - 2.99.0-34
+- Add Web UI reset password pages
+
 * Wed Jun 20 2012 Ondrej Hamada <ohamada@redhat.com> - 2.99.0-33
 - Set min for 389-ds-base to 1.2.11.5-1 on F17 to fix installation issue
 - Set min for 389-ds-base to 1.2.10.10-1 on F16 (and lower) to fix CN case persistence

install/ui/Makefile.am

@@ -53,6 +53,8 @@ app_DATA =				\
 	overpass_regular-web.ttf	\
 	overpass_regular-web.woff	\
 	policy.js			\
+	reset_password.js			\
+	reset_password.html			\
 	rule.js 			\
 	search.js 			\
 	selinux.js 			\

install/ui/ipa.css

@@ -1569,6 +1569,10 @@ span.sshkey-status, a.sshkey-set {
     width: 450px;
 }
 
+.form-box {
+    padding: 1em 2em;
+}
+
 #error-box, .error-box {
     -moz-border-radius: 0.3em 0.3em 0.3em 0.3em;
     -webkit-border-radius: 0.3em 0.3em 0.3em 0.3em;
@@ -1578,6 +1582,15 @@ span.sshkey-status, a.sshkey-set {
     padding: 1em 2em;
 }
 
+#success-box, .success-box {
+    -moz-border-radius: 0.3em 0.3em 0.3em 0.3em;
+    -webkit-border-radius: 0.3em 0.3em 0.3em 0.3em;
+    background-color: #FFEB80;
+    border: 1px solid #FFDE2E;
+    margin: 0 2em 1em 2em;
+    padding: 1em 2em;
+}
+
 #formwindow h2 {
     background-color: #F0F0F0;
     font-size: 1.6em;
@@ -1619,7 +1632,7 @@ span.sshkey-status, a.sshkey-set {
     box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.2);
     margin-left: 15px;
     padding: 2px 10px;
-    width: 248px;
+    width: 210px;
 }
 
 #login li label, #modal li label {

install/ui/jsl.conf

@@ -159,3 +159,4 @@
 +process automember.js
 +process webui.js
 +process login.js
++process reset_password.js

install/ui/login.html

@@ -30,7 +30,7 @@
 
             <div id="expired" class="error-box" style="display:none">
                 <p><strong>Password expired</strong></p>
-                <p>Please run kinit to reset the password and then try to login again.</p>
+                <p>Please <a href="reset_password.html">reset the password</a> and then try to login again.</p>
                 <p>If the problem persists, contact your administrator.</p>
             </div>
 
@@ -52,7 +52,6 @@
             </form>
         </div>
     </div>
-
 </body>
 
 </html>

install/ui/reset_password.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>IPA: Identity Policy Audit</title>
+
+    <link rel="stylesheet" type="text/css" href="ipa.css" />
+
+    <script type="text/javascript" src="json2.js"></script>
+    <script type="text/javascript" src="jquery.js"></script>
+    <script type="text/javascript" src="reset_password.js"></script>
+</head>
+
+<body class="info-page login-page">
+
+    <div class="container_1">
+
+        <div class="header-logo">
+            <img src="images/ipa-logo.png" /><img src="images/ipa-banner.png" />
+        </div>
+
+        <div id="formwindow">
+            <h2>Reset password</h2>
+
+            <div id="invalid" class="error-box" style="display:none">
+                <p id="error-msg"></p>
+            </div>
+
+            <div id="success" class="success-box" style="display:none">
+                <p>Password reset was successful.
+                <a id="login-link" href="login.html">Return to login page.</a></p>
+            </div>
+
+            <form id="login">
+                <ul>
+                    <li>
+                        <label for="username">Username:</label>
+                        <input type="text" id="username" name="username" accesskey="u" />
+                    </li>
+                    <li>
+                        <label for="password">Current Password:</label>
+                        <input type="password" id="password" name="password" accesskey="p" />
+                    </li>
+                    <li>
+                        <label for="new_password">New Password:</label>
+                        <input type="password" id="new_password" name="new_password" accesskey="n" />
+                    </li>
+                    <li>
+                        <label for="verify_password">Verify Password:</label>
+                        <input type="password" id="verify_password" name="verify_password" accesskey="v" />
+                    </li>
+                </ul>
+
+                <div class="formbutton">
+                    <input name="submit" value="Reset" type="submit" />
+                </div>
+            </form>
+            <div style="display:none" class="form-box" id="reset_pwd_link">
+                <p><a href="#">Reset password again</a></p>
+            </div>
+        </div>
+    </div>
+
+</body>
+
+</html>

install/ui/reset_password.js

@@ -0,0 +1,163 @@
+/*  Authors:
+ *    Petr Vobornik <pvoborni@redhat.com>
+ *
+ * Copyright (C) 2010 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+var RP = {}; //Reset Password Page
+
+RP.reset_password = function(username, old_password, new_password) {
+
+    //possible results: 'ok', 'invalid-password', 'policy-error'
+
+    var status, result, reason, invalid, failure, data, request;
+
+    status = 'invalid';
+    result = {
+        status: status,
+        message: "Password reset was not successful."
+    };
+
+    function success_handler(data, text_status, xhr) {
+
+        result.status = xhr.getResponseHeader("X-IPA-Pwchange-Result") || status;
+
+        if (result.status === 'policy-error') {
+            result.message = xhr.getResponseHeader("X-IPA-Pwchange-Policy-Error");
+        } else if (result.status === 'invalid-password') {
+            result.message = "The password or username you entered is incorrect.";
+        }
+
+        return result;
+    }
+
+    function error_handler(xhr, text_status, error_thrown) {
+        return result;
+    }
+
+    data = {
+        user: username,
+        old_password: old_password,
+        new_password: new_password
+    };
+
+    request = {
+        url: '/ipa/session/change_password',
+        data: data,
+        contentType: 'application/x-www-form-urlencoded',
+        processData: true,
+        dataType: 'html',
+        async: false,
+        type: 'POST',
+        success: success_handler,
+        error: error_handler
+    };
+
+    $.ajax(request);
+
+    return result;
+};
+
+RP.verify_required = function(field, value) {
+
+    var valid = true;
+
+    if (!value || value === '') {
+        valid = false;
+        RP.show_error(field +" is required");
+    }
+
+    return valid;
+};
+
+
+RP.on_submit = function() {
+
+    var username = $('#username').val();
+    var current_password = $('#password').val();
+    var new_password = $('#new_password').val();
+    var verify_password = $('#verify_password').val();
+
+    if (!RP.verify_required('Username', username)) return;
+    if (!RP.verify_required('Current Password', current_password)) return;
+    if (!RP.verify_required('New Password', new_password)) return;
+    if (!RP.verify_required('Verify Password', verify_password)) return;
+
+    if (new_password !== verify_password) {
+        RP.show_error("Passwords must match");
+        return;
+    }
+
+    var result = RP.reset_password(username, current_password, new_password);
+
+    if (result.status !== 'ok') {
+        RP.show_error(result.message);
+    } else {
+        RP.reset_form();
+        $('#success').css('display', 'block');
+        $('#login-link').focus();
+        RP.hide_reset_form();
+    }
+};
+
+RP.reset_form = function() {
+    $('#invalid').css('display', 'none');
+    $('#success').css('display', 'none');
+    $('#password').val('');
+    $('#new_password').val('');
+    $('#verify_password').val('');
+};
+
+RP.show_error = function(message) {
+
+    $('#error-msg').text(message);
+    $('#invalid').css('display', 'block');
+    $('#success').css('display', 'none');
+};
+
+RP.hide_reset_form = function() {
+
+    RP.form.hide();
+    RP.reset_link.show();
+};
+
+RP.show_reset_form = function() {
+
+    RP.reset_form();
+    RP.form.show();
+    RP.reset_link.hide();
+};
+
+RP.init = function() {
+
+    RP.form = $('#login');
+    RP.reset_link = $('#reset_pwd_link');
+    RP.reset_link.click(function() {
+        RP.show_reset_form();
+        return false;
+    });
+
+    $('input[name=submit]', RP.form).click(function() {
+        RP.on_submit();
+        return false;
+    });
+};
+
+/* main (document onready event handler) */
+$(function() {
+    RP.init();
+});