User is notified that password needs to be reset in forms-based login

Forms-based login procedure detects if 401 unauthorized response contains 'X-IPA-Rejection-Reason' http header with 'password-expired' value. If so it displays an error message that user needs to reset his password. https://fedorahosted.org/freeipa/ticket/2608
2024-12-27 01:11:32 -06:00 · 2012-04-16 12:22:34 +02:00 · 2012-04-16 12:22:34 +02:00 · c64bcafa13
commit c64bcafa13
parent 7b515bddbc
3 changed files with 67 additions and 17 deletions
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@ -359,10 +359,23 @@ IPA.logout = function() {

 IPA.login_password = function(username, password) {

-    var success = false;
+    var result = 'invalid';

    function success_handler(data, text_status, xhr) {
-        success = true;
+        result = 'success';
+    }
+
+    function error_handler(xhr, text_status, error_thrown) {
+
+        if (xhr.status === 401) {
+            var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason");
+
+            //change result from invalid only if we have a header which we
+            //understand
+            if (reason === 'password-expired') {
+                result = 'expired';
+            }
+        }
    }

    var data = {
@ -378,14 +391,15 @@ IPA.login_password = function(username, password) {
        dataType: 'html',
        async: false,
        type: 'POST',
-        success: success_handler
+        success: success_handler,
+        error: error_handler
    };

    IPA.display_activity_icon();
    $.ajax(request);
    IPA.hide_activity_icon();

-    return success;
+    return result;
 };

 /**
@ -1340,6 +1354,10 @@ IPA.unauthorized_dialog = function(spec) {
                "Please try again (make sure your caps lock is off).</p>" +
                "<p>If the problem persists, contact your administrator.</p>";

+    that.password_expired = "<p><strong>Password expired</strong></p>" +
+                "<p>Please run kinit to reset the password and then try to login again.</p>" +
+                "<p>If the problem persists, contact your administrator.</p>";
+
    that.create = function() {

        that.krb_message_contatiner = $('<div\>').appendTo(that.container);
@ -1482,13 +1500,17 @@ IPA.unauthorized_dialog = function(spec) {

        IPA.display_activity_icon();

-        var success = IPA.login_password(record.username[0], record.password[0]);
+        var result = IPA.login_password(record.username[0], record.password[0]);

        IPA.hide_activity_icon();

-        if (success) {
+        if (result === 'success') {
            that.on_login_success();
-        } else {
+        } else if (result === 'expired') {
+            that.error_box.html(that.password_expired);
+            that.error_box.css('display', 'block');
+        }else {
+            that.error_box.html(that.form_auth_failed);
            that.error_box.css('display', 'block');
        }
    };
--- a/install/ui/login.html
+++ b/install/ui/login.html
@ -21,12 +21,19 @@

        <div id="formwindow">
            <h2>Login</h2>
-            <div id="error-box" style="display:none">
+
+            <div id="invalid" class="error-box" style="display:none">
                <p><strong>Please re-enter your username or password</strong></p>
                <p>The password or username you entered is incorrect. Please try again (make sure your caps lock is off).</p>
                <p>If the problem persists, contact your administrator.</p>
            </div>

+            <div id="expired" class="error-box" style="display:none">
+                <p><strong>Password expired</strong></p>
+                <p>Please run kinit to reset the password and then try to login again.</p>
+                <p>If the problem persists, contact your administrator.</p>
+            </div>
+
            <form id="login">
                <ul>
                    <li>
--- a/install/ui/login.js
+++ b/install/ui/login.js
@ -22,10 +22,23 @@ var LP = {}; //Login Page

 LP.login = function(username, password) {

-    var success = false;
+    var result = 'invalid';

    function success_handler(data, text_status, xhr) {
-        success = true;
+        result = 'success';
+    }
+
+    function error_handler(xhr, text_status, error_thrown) {
+
+        if (xhr.status === 401) {
+            var reason = xhr.getResponseHeader("X-IPA-Rejection-Reason");
+
+            //change result from invalid only if we have a header which we
+            //understand
+            if (reason === 'password-expired') {
+                result = 'expired';
+            }
+        }
    }

    var data = {
@ -36,14 +49,18 @@ LP.login = function(username, password) {
    var request = {
        url: '/ipa/session/login_password',
        data: data,
+        contentType: 'application/x-www-form-urlencoded',
+        processData: true,
+        dataType: 'html',
        async: false,
-        type: "POST",
-        success: success_handler
+        type: 'POST',
+        success: success_handler,
+        error: error_handler
    };

    $.ajax(request);

-    return success;
+    return result;
 };

 LP.on_submit = function() {
@ -51,10 +68,14 @@ LP.on_submit = function() {
    var username = $('input[name=username]', LP.form).val();
    var password = $('input[name=password]', LP.form).val();

-    var success = LP.login(username, password);
+    var result = LP.login(username, password);

-    if (!success) {
-        $('#error-box').css('display', 'block');
+    if (result === 'invalid') {
+        $('#expired').css('display', 'none');
+        $('#invalid').css('display', 'block');
+    } else if (result === 'expired') {
+        $('#invalid').css('display', 'none');
+        $('#expired').css('display', 'block');
    } else {
        window.location = '/ipa/ui';
    }
@ -73,4 +94,4 @@ LP.init = function() {
 /* main (document onready event handler) */
 $(function() {
    LP.init();
-});
+});