[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface lonpreferences.pm
raeburn
raeburn at source.lon-capa.org
Sun Feb 9 00:36:28 EST 2020
raeburn Sun Feb 9 05:36:28 2020 EDT
Modified files: (Branch: version_2_11_X)
/loncom/interface lonpreferences.pm
Log:
- For 2.11
Backport 1.236
-------------- next part --------------
Index: loncom/interface/lonpreferences.pm
diff -u loncom/interface/lonpreferences.pm:1.196.4.25 loncom/interface/lonpreferences.pm:1.196.4.26
--- loncom/interface/lonpreferences.pm:1.196.4.25 Thu Aug 22 00:00:03 2019
+++ loncom/interface/lonpreferences.pm Sun Feb 9 05:36:27 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Preferences
#
-# $Id: lonpreferences.pm,v 1.196.4.25 2019/08/22 00:00:03 raeburn Exp $
+# $Id: lonpreferences.pm,v 1.196.4.26 2020/02/09 05:36:27 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1238,18 +1238,18 @@
$r->print(Apache::loncommon::start_page('Personal Data'));
$r->print(Apache::lonhtmlcommon::breadcrumbs('Change Password'));
}
- my ($blocked,$blocktext) =
- &Apache::loncommon::blocking_status('passwd');
- if ($blocked) {
- $r->print('<p class="LC_warning">'.$blocktext.'</p>');
- return;
- }
if ((!defined($caller)) || ($caller eq 'preferences')) {
$user = $env{'user.name'};
$domain = $env{'user.domain'};
if (!defined($caller)) {
$caller = 'preferences';
}
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('passwd');
+ if ($blocked) {
+ $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+ return;
+ }
} elsif ($caller eq 'reset_by_email') {
my %data = &Apache::lonnet::tmpget($mailtoken);
if (keys(%data) == 0) {
@@ -1266,6 +1266,12 @@
$user = $data{'username'};
$domain = $data{'domain'};
$currentpass = $data{'temppasswd'};
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('passwd',$user,$domain);
+ if ($blocked) {
+ $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+ return;
+ }
} else {
$r->print(
'<p class="LC_warning">'
@@ -1325,7 +1331,7 @@
my $jsh=Apache::File->new($include."/londes.js");
$r->print(<$jsh>);
}
- $r->print(&jscript_send($caller,$extrafields));
+ $r->print(&jscript_send($caller,$domain,$currentauth,$extrafields));
$r->print(<<ENDFORM);
$errormessage
@@ -1342,11 +1348,105 @@
}
sub jscript_send {
- my ($caller,$extrafields) = @_;
+ my ($caller,$domain,$currentauth,$extrafields) = @_;
+ my ($min,$max,$rulestr,$numrules);
+ $min = $Apache::lonnet::passwdmin;
+ my %js_lt = &Apache::lonlocal::texthash(
+ uc => 'New password needs at least one upper case letter',
+ lc => 'New password needs at least one lower case letter',
+ num => 'New password needs at least one number',
+ spec => 'New password needs at least one non-alphanumeric',
+ blank1 => 'Empty Password field',
+ blank2 => 'Empty Confirm Password field',
+ mismatch => 'Contents of Password and Confirm Password fields must match',
+ fail => 'Please fix the following:',
+ );
+ &js_escape(\%js_lt);
+ if ($currentauth eq 'internal:') {
+ if ($domain ne '') {
+ my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+ if (keys(%passwdconf)) {
+ if ($passwdconf{min}) {
+ $min = $passwdconf{min};
+ }
+ if ($passwdconf{max}) {
+ $max = $passwdconf{max};
+ $js_lt{'long'} = &js_escape(&mt('Maximum password length: [_1]',$max));
+ }
+ if (ref($passwdconf{chars}) eq 'ARRAY') {
+ if (@{$passwdconf{chars}}) {
+ $rulestr = join('","',@{$passwdconf{chars}});
+ $numrules = scalar(@{$passwdconf{chars}});
+ }
+ }
+ }
+ }
+ }
+ $js_lt{'short'} = &js_escape(&mt('Minimum password length: [_1]',$min));
+
+ my $passwdcheck = <<"ENDJS";
+ var errors = new Array();
+ var min = parseInt("$min") || 0;
+ var currauth = "$currentauth";
+ if (this.document.client.elements.newpass_1.value == '') {
+ errors.push("$js_lt{'blank1'}");
+ }
+ if (this.document.client.elements.newpass_2.value == '') {
+ errors.push("$js_lt{'blank2'}");
+ }
+ if (errors.length == 0) {
+ if (this.document.client.elements.newpass_1.value != this.document.client.elements.newpass_2.value) {
+ errors.push("$js_lt{'mismatch'}");
+ }
+ var posspass = this.document.client.elements.newpass_1.value;
+ if (min > 0) {
+ if (posspass.length < min) {
+ errors.push("$js_lt{'short'}");
+ }
+ }
+ if (currauth == 'internal:') {
+ var max = parseInt("$max") || 0;
+ if (max > 0) {
+ if (posspass.length > max) {
+ errors.push("$js_lt{'long'}");
+ }
+ }
+ var numrules = parseInt("$numrules") || 0;
+ if (numrules > 0) {
+ var rules = new Array("$rulestr");
+ for (var i=0; i<rules.length; i++) {
+ if (rules[i] == 'uc') {
+ if (!posspass.match(/[A-Z]/)) {
+ errors.push("$js_lt{'uc'}");
+ }
+ } else if (rules[i] == 'lc') {
+ if (!posspass.match(/[a-z]/)) {
+ errors.push("$js_lt{'lc'}");
+ }
+ } else if (rules[i] == 'num') {
+ if (!posspass.match(/\\d/)) {
+ errors.push("$js_lt{'num'}");
+ }
+ } else if (rules[i] == 'spec') {
+ var pattern = /^[!@#$%^&*()_+\\-=\\[\\]{};':"\\\|,.<a>\\/?]/;
+ if (!posspass.match(pattern)) {
+ errors.push("$js_lt{'spec'}");
+ }
+ }
+ }
+ }
+ }
+ }
+ if (errors.length > 0) {
+ alert("$js_lt{'fail'}"+"\\n\\n"+errors.join("\\n"));
+ return;
+ }
+ENDJS
my $output = qq|
<script type="text/javascript" language="JavaScript">
function send() {
+$passwdcheck
uextkey=this.document.client.elements.ukey_cpass.value;
lextkey=this.document.client.elements.lkey_cpass.value;
initkeys();
@@ -1487,14 +1587,8 @@
}
sub verify_and_change_password {
- my ($r,$caller,$mailtoken,$ended) = @_;
+ my ($r,$caller,$mailtoken,$timelimit,$extrafields,$ended) = @_;
my ($user,$domain,$homeserver);
- my ($blocked,$blocktext) =
- &Apache::loncommon::blocking_status('passwd');
- if ($blocked) {
- $r->print('<p class="LC_warning">'.$blocktext.'</p>');
- return;
- }
if ($caller eq 'reset_by_email') {
$user = $env{'form.uname'};
$domain = $env{'form.udom'};
@@ -1503,20 +1597,30 @@
if ($homeserver eq 'no_host') {
&passwordchanger($r,"<p>\n<span class='LC_error'>".
&mt("Invalid username and/or domain")."</span>\n</p>",
- $caller,$mailtoken);
- return 1;
+ $caller,$mailtoken,$timelimit,$extrafields);
+ return 'no_host';
}
} else {
&passwordchanger($r,"<p>\n<span class='LC_error'>".
&mt("Username and domain were blank")."</span>\n</p>",
- $caller,$mailtoken);
- return 1;
+ $caller,$mailtoken,$timelimit,$extrafields);
+ return 'missingdata';
}
} else {
$user = $env{'user.name'};
$domain = $env{'user.domain'};
$homeserver = $env{'user.home'};
}
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('passwd',$user,$domain);
+ if ($blocked) {
+ $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+ if ($caller eq 'reset_by_email') {
+ return 'blocked';
+ } else {
+ return;
+ }
+ }
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
# Check for authentication types that allow changing of the password.
if ($currentauth !~ /^(unix|internal):/) {
@@ -1524,8 +1628,8 @@
&passwordchanger($r,"<p>\n<span class='LC_error'>".
&mt("Authentication type for this user can not be changed by this mechanism").
"</span>\n</p>",
- $caller,$mailtoken);
- return 1;
+ $caller,$mailtoken,$timelimit,$extrafields);
+ return 'otherauth';
} else {
return;
}
@@ -1541,8 +1645,12 @@
defined($newpass2) ){
&passwordchanger($r,"<p>\n<span class='LC_error'>".
&mt("One or more password fields were blank").
- "</span>\n</p>",$caller,$mailtoken);
- return;
+ "</span>\n</p>",$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'missingdata';
+ } else {
+ return;
+ }
}
# Get the keys
my $lonhost = $r->dir_config('lonHostID');
@@ -1560,7 +1668,11 @@
</p>
ENDERROR
# Probably should log an error here
- return 1;
+ if ($caller eq 'reset_by_email') {
+ return 'internalerror';
+ } else {
+ return;
+ }
}
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
#
@@ -1574,31 +1686,39 @@
&passwordchanger($r,
'<span class="LC_error">'.
&mt('Could not verify current authentication.').' '.
- &mt('Please try again.').'</span>',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+ return 'emptydata';
}
if ($currentpass ne $data{'temppasswd'}) {
&passwordchanger($r,
'<span class="LC_error">'.
&mt('Could not verify current authentication.').' '.
- &mt('Please try again.').'</span>',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+ return 'missingtemp';
}
}
if ($newpass1 ne $newpass2) {
&passwordchanger($r,
'<span class="LC_warning">'.
&mt('The new passwords you entered do not match.').' '.
- &mt('Please try again.').'</span>',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'mismatch';
+ } else {
+ return;
+ }
}
if ($currentauth eq 'unix:') {
if (length($newpass1) < 7) {
&passwordchanger($r,
'<span class="LC_warning">'.
&mt('Passwords must be a minimum of 7 characters long.').' '.
- &mt('Please try again.').'</span>',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'length';
+ } else {
+ return;
+ }
}
} else {
my $warning = &Apache::loncommon::check_passwd_rules($domain,$newpass1);
@@ -1606,8 +1726,12 @@
&passwordchanger($r,'<span class="LC_warning">'.
$warning.
&mt('Please try again.').'</span>',
- $caller,$mailtoken);
- return 1;
+ $caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'rules';
+ } else {
+ return;
+ }
}
}
#
@@ -1627,8 +1751,12 @@
ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~
</pre></span>
ENDERROR
- &passwordchanger($r,$errormessage,$caller,$mailtoken);
- return 1;
+ &passwordchanger($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'badchars';
+ } else {
+ return;
+ }
}
#
# Change the password (finally)
@@ -1651,7 +1779,7 @@
# error error: run in circles, scream and shout
if ($caller eq 'reset_by_email') {
if (!$result) {
- return 1;
+ return 'error';
} else {
return $result;
}
@@ -2302,7 +2430,7 @@
}elsif($env{'form.action'} eq 'changepass'){
&passwordchanger($r);
}elsif($env{'form.action'} eq 'verify_and_change_pass'){
- &verify_and_change_password($r,'preferences','',\$ended);
+ &verify_and_change_password($r,'preferences','','','',\$ended);
}elsif($env{'form.action'} eq 'changescreenname'){
&screennamechanger($r);
}elsif($env{'form.action'} eq 'verify_and_change_screenname'){
More information about the LON-CAPA-cvs
mailing list