From 3135429f561f24d241799a561add73c585ce3b98 Mon Sep 17 00:00:00 2001 From: Brayan Osmar Pereyra Suxo Date: Tue, 5 Jun 2012 11:02:17 -0400 Subject: [PATCH 1/3] BUG 8830 Validate password field with policies security SOLVED - Add the ajax for validate password field with policies security - Add the validate to the comfirm password field --- workflow/engine/methods/users/usersAjax.php | 54 ++++++++++ workflow/engine/templates/users/users.js | 113 +++++++++++++++++++- 2 files changed, 163 insertions(+), 4 deletions(-) diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index 314a959f6..e5d114359 100644 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -511,5 +511,59 @@ switch($_POST['action']) } print(G::json_encode($rowsCasesMenu)); break; + case 'testPassword'; + require_once 'classes/model/UsersProperties.php'; + $oUserProperty = new UsersProperties(); + + $aFields = array(); + $color = ''; + $img = ''; + $DateNow = date('Y-m-d H:i:s'); + $aErrors = $oUserProperty->validatePassword($_POST['PASSWORD_TEXT'], $DateNow, $DateNow); + + if (!empty($aErrors)) { + $img = '/images/delete.png'; + $color = 'red'; + if (!defined('NO_DISPLAY_USERNAME')) { + define('NO_DISPLAY_USERNAME', 1); + } + $aFields = array(); + $aFields['DESCRIPTION'] = G::LoadTranslation('ID_POLICY_ALERT').':
'; + + foreach ($aErrors as $sError) { + switch ($sError) { + case 'ID_PPP_MINIMUM_LENGTH': + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUM_LENGTH . '
'; + $aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH; + break; + case 'ID_PPP_MAXIMUM_LENGTH': + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUM_LENGTH . '
'; + $aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH; + break; + case 'ID_PPP_EXPIRATION_IN': + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '
'; + $aFields[substr($sError, 3)] = PPP_EXPIRATION_IN; + break; + default: + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'
'; + $aFields[substr($sError, 3)] = 1; + break; + } + } + + $aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . ''; + $aFields['STATUS'] = false; + } else { + $color = 'green'; + $img = '/images/dialog-ok-apply.png'; + $aFields['DESCRIPTION'] .= 'The password complies with policies. '; + //$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . ''; + $aFields['STATUS'] = true; + } + $span = ''; + $gif = ''; + $aFields['DESCRIPTION'] = $span . $gif . $aFields['DESCRIPTION']; + print(G::json_encode($aFields)); + break; } diff --git a/workflow/engine/templates/users/users.js b/workflow/engine/templates/users/users.js index c8018bb16..5958bf924 100644 --- a/workflow/engine/templates/users/users.js +++ b/workflow/engine/templates/users/users.js @@ -10,6 +10,7 @@ var infoMode; var global = {}; var readMode; var canEdit = true; +var flagPoliciesPassword = false; //var rendeToPage='document.body'; global.IC_UID = ''; global.IS_UID = ''; @@ -387,7 +388,7 @@ Ext.onReady(function() { xtype : 'textfield', width : 260, allowBlank : false - }, + }, { id : 'USR_USERNAME', fieldLabel : _('ID_USER_ID'), @@ -449,7 +450,63 @@ Ext.onReady(function() { xtype : 'textfield', inputType : 'password', width : 260, - allowBlank : allowBlackStatus + allowBlank : allowBlackStatus, + listeners: { + blur : function(ob) + { + var spanAjax = ''; + var imageAjax = ''; + var labelAjax = _('ID_PASSWORD_TESTING'); + + Ext.getCmp('passwordReview').setText(spanAjax + imageAjax + labelAjax + '', false); + Ext.getCmp('passwordReview').setVisible(true); + + var PasswordText = this.getValue(); + + Ext.Ajax.request({ + url : 'usersAjax', + method:'POST', + params : { + 'action' : 'testPassword', + PASSWORD_TEXT : PasswordText + }, + success: function(r,o){ + var resp = Ext.util.JSON.decode(r.responseText); + + if (resp.STATUS) { + flagPoliciesPassword = true; + } else { + flagPoliciesPassword = false; + } + + Ext.getCmp('passwordReview').setText(resp.DESCRIPTION, false); + }, + failure: function () { + Ext.MessageBox.show({ + title: 'Error', + msg: 'Failed to store data', + buttons: Ext.MessageBox.OK, + animEl: 'mb9', + icon: Ext.MessageBox.ERROR + }); + } + }); + + Ext.getCmp('passwordReview').setVisible(true); + + if (Ext.getCmp('USR_CNF_PASS').getValue() != '') { + userExecuteEvent(document.getElementById('USR_CNF_PASS'), 'blur'); + } + + } + } + }, + { + xtype: 'label', + fieldLabel: ' ', + id:'passwordReview', + width: 300, + labelSeparator: '' }, { id : 'USR_CNF_PASS', @@ -457,7 +514,32 @@ Ext.onReady(function() { xtype : 'textfield', inputType : 'password', width : 260, - allowBlank : allowBlackStatus + allowBlank : allowBlackStatus, + listeners: { + blur : function(ob) + { + var PasswordText = Ext.getCmp('USR_NEW_PASS').getValue(); + var PasswordConfirm = this.getValue(); + + if (PasswordText != PasswordConfirm) { + var spanErrorConfirm = ''; + var imageErrorConfirm = ''; + var labelErrorConfirm = _('ID_NEW_PASS_SAME_OLD_PASS'); + + Ext.getCmp('passwordConfirm').setText(spanErrorConfirm + imageErrorConfirm + labelErrorConfirm + '', false); + Ext.getCmp('passwordConfirm').setVisible(true); + } else { + Ext.getCmp('passwordConfirm').setVisible(false); + } + } + } + }, + { + xtype: 'label', + fieldLabel: ' ', + id:'passwordConfirm', + width: 300, + labelSeparator: '' } ] @@ -776,7 +858,15 @@ Ext.onReady(function() { else { frmDetails.render(document.body); } + + Ext.getCmp('passwordReview').setVisible(false); + Ext.getCmp('passwordConfirm').setVisible(false); + + var spanAjax = ''; + var imageAjax = ''; + var labelAjax = _('ID_PASSWORD_TESTING'); + Ext.getCmp('passwordReview').setText(spanAjax + imageAjax + labelAjax + '', false); }); function defineUserPanel() @@ -815,6 +905,10 @@ function editUser() } function saveUser() { + if (flagPoliciesPassword != true) { + Ext.Msg.alert( _('ID_ERROR'), Ext.getCmp('passwordReview').html); + return false; + } var newPass = frmDetails.getForm().findField('USR_NEW_PASS').getValue(); var confPass = frmDetails.getForm().findField('USR_CNF_PASS').getValue(); @@ -1049,4 +1143,15 @@ function loadUserView() } - +function userExecuteEvent (element,event) { + if ( document.createEventObject ) { + // IE + var evt = document.createEventObject(); + return element.fireEvent('on'+event,evt) + } else { + // firefox + others + var evt = document.createEvent("HTMLEvents"); + evt.initEvent(event, true, true ); // event type,bubbling,cancelable + return !element.dispatchEvent(evt); + } +} \ No newline at end of file From 400237d6bf374c10ef0a744412133cf629660fa4 Mon Sep 17 00:00:00 2001 From: Brayan Osmar Pereyra Suxo Date: Tue, 5 Jun 2012 18:20:42 -0400 Subject: [PATCH 2/3] BUG 8830 Review code and fields SOLVED - Review code and fields --- workflow/engine/methods/users/usersAjax.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index e5d114359..4587002f6 100644 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -518,8 +518,8 @@ switch($_POST['action']) $aFields = array(); $color = ''; $img = ''; - $DateNow = date('Y-m-d H:i:s'); - $aErrors = $oUserProperty->validatePassword($_POST['PASSWORD_TEXT'], $DateNow, $DateNow); + $dateNow = date('Y-m-d H:i:s'); + $aErrors = $oUserProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, $dateNow); if (!empty($aErrors)) { $img = '/images/delete.png'; @@ -556,8 +556,7 @@ switch($_POST['action']) } else { $color = 'green'; $img = '/images/dialog-ok-apply.png'; - $aFields['DESCRIPTION'] .= 'The password complies with policies. '; - //$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . ''; + $aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . ''; $aFields['STATUS'] = true; } $span = ''; From bd8938114c462cb35f889c81da85674933af2d66 Mon Sep 17 00:00:00 2001 From: Brayan Osmar Pereyra Suxo Date: Fri, 8 Jun 2012 15:57:05 -0400 Subject: [PATCH 3/3] BUG 8830 The variables are camelize SOLVED - The variables are camelize - Use quotes in variables --- workflow/engine/templates/users/users.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/workflow/engine/templates/users/users.js b/workflow/engine/templates/users/users.js index 5958bf924..6123e251c 100644 --- a/workflow/engine/templates/users/users.js +++ b/workflow/engine/templates/users/users.js @@ -461,14 +461,14 @@ Ext.onReady(function() { Ext.getCmp('passwordReview').setText(spanAjax + imageAjax + labelAjax + '', false); Ext.getCmp('passwordReview').setVisible(true); - var PasswordText = this.getValue(); + var passwordText = this.getValue(); Ext.Ajax.request({ url : 'usersAjax', method:'POST', params : { - 'action' : 'testPassword', - PASSWORD_TEXT : PasswordText + 'action' : 'testPassword', + 'PASSWORD_TEXT' : passwordText }, success: function(r,o){ var resp = Ext.util.JSON.decode(r.responseText); @@ -518,10 +518,10 @@ Ext.onReady(function() { listeners: { blur : function(ob) { - var PasswordText = Ext.getCmp('USR_NEW_PASS').getValue(); - var PasswordConfirm = this.getValue(); + var passwordText = Ext.getCmp('USR_NEW_PASS').getValue(); + var passwordConfirm = this.getValue(); - if (PasswordText != PasswordConfirm) { + if (passwordText != passwordConfirm) { var spanErrorConfirm = ''; var imageErrorConfirm = ''; var labelErrorConfirm = _('ID_NEW_PASS_SAME_OLD_PASS');