Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
Hammat Wele 292c0ea24d
Bug 33343: Make use of the 'autocomplete=off' attribute on password fields 
This patch adds 'autocomplete=off' to all password type fields in the OPAC

To test:
1. Apply the patch
2. Visit http://master/cgi-bin/koha/opac-main.pl
3. Inspect the page
    --> Confirm html shows autocomplete off on the password field
4. Click on Log in (without filling any field)
5. Repeat step 3
    --> Confirm html shows autocomplete off on the password field
6. Set 'PatronSelfRegistration' system preference to 'Allow' and PatronSelfRegistrationDefaultCategory to 'Board'
7. Visit http://master/cgi-bin/koha/opac-memberentry.pl
9. Repeat step 3
    --> Confirm html shows autocomplete off on the password field
10. Connect to the OPAC
11. Click on Change password
11. Repeat step 3
    --> Confirm html shows autocomplete off on the password field
12. Set 'EnableExpiredPasswordReset' system preference to 'Enable'
13. Visit http://master/cgi-bin/koha/opac-reset-password.pl
14. Repeat step 3
    --> Confirm html shows autocomplete off on the password field

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-06-06 16:20:57 -03:00

191 lines
11 KiB
Text
Raw Blame History

[% USE Koha %]
[% USE Categories %]
[% USE AdditionalContents %]
[% SET OpacNav = AdditionalContents.get( location => "OpacNav", lang => lang, library => logged_in_user.branchcode || default_branch, blocktitle => 0 ) %]
[% SET OpacNavBottom = AdditionalContents.get( location => "OpacNavBottom", lang => lang, library => logged_in_user.branchcode || default_branch, blocktitle => 0 ) %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Forgotten password recovery &rsaquo; [% IF ( LibraryNameTitle ) %][% LibraryNameTitle | html %][% ELSE %]Koha online[% END %] catalog</title>
[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
[% BLOCK jsinclude %]
[% IF (new_password) %]
[% Asset.js("lib/jquery/plugins/jquery.validate.min.js") | $raw %]
[% PROCESS 'password_check.inc' new_password => 'newPassword', minPasswordLength => minPasswordLength, RequireStrongPassword => RequireStrongPassword %]
[% END %]
<script>
$(function() {
$("#CheckAll").click(function(){
$("[name=deleteRequest]").attr('checked', true);
return false;
});
$("#CheckNone").click(function(){
$("[name=deleteRequest]").attr('checked', false);
return false;
});
$("select#type").change(function() {
$("fieldset#serial, fieldset#book, fieldset#chapter").hide()
$("fieldset#" + $(this).val() ).show();
});
[% IF (new_password) %]
$("#mainform").validate({
rules: {
newPassword: {
required: true,
password_strong: true,
password_no_spaces: true
},
repeatPassword: {
required: true,
password_match: true
}
}
});
[% END %]
});
</script>
[% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='opac-password-recovery' %]
[% INCLUDE 'masthead.inc' %]
<div class="main">
<nav id="breadcrumbs" aria-label="Breadcrumb" class="breadcrumbs">
<ol class="breadcrumb">
<li class="breadcrumb-item">
<a href="/cgi-bin/koha/opac-main.pl">Home</a>
</li>
<li class="breadcrumb-item active">
<a href="#" aria-current="page">Forgotten password recovery</a>
</li>
</ol>
</nav> <!-- /#breadcrumbs -->
<div class="container-fluid">
<div class="row">
<div class="col-lg-2">
[% IF ( OpacPublic ) %]
<div id="navigation">
[% INCLUDE 'navigation.inc' IsPatronPage=0 %]
</div>
[% END %]
</div>
<div class="col-6 order-first order-md-first order-lg-2 maincontent">
<h1>Forgotten password recovery</h1>
[% IF (hasError) %]
<div class="alert alert-warning">
<h2>Error</h2>
<p>
[% IF (sendmailError) %]
<span>An error has occurred while sending you the password recovery link.</span>
<br/><span>Please try again later.</span>
[% ELSIF (errNoBorrowerFound) %]
<span>No account was found with the provided information.</span>
[% ELSIF errResetForbidden %]
<span id="password-reset-forbidden">Sorry, your password cannot be changed online.</span>
[% ELSIF (errMultipleAccountsForEmail) %]
<span>Account identification with this email address only is ambiguous.</span>
<br /><span>Please use the field 'Login' as well.</span>
[% ELSIF (errNoBorrowerEmail) %]
<span>This account has no email address we can send the email to.</span>
[% ELSIF (errAlreadyStartRecovery) %]
<span>The process of password recovery has already been started for this account</span>
[% IF username %]
("<strong>[% username | html %]</strong>")
[% ELSIF email %]
("<strong>[% email | html %]</strong>")
[% END %]
<br/>You should have received an email with a link to reset your password.
<br/>If you did not receive this email, you can request a new one: <a href="/cgi-bin/koha/opac-password-recovery.pl?resendEmail=true&email=[% email | uri %]&username=[% username | uri %]">Get new password recovery link</a>
[% ELSIF (errPassNotMatch) %]
The passwords do not match.
[% ELSIF password_too_short %]
<li>Password must be at least [% minPasswordLength | html %] characters long.</li>
[% ELSIF password_too_weak %]
<li>Password must contain at least one digit, one lowercase and one uppercase.</li>
[% ELSIF password_has_whitespaces %]
<li>Password must not contain leading or trailing whitespaces.</li>
[% ELSIF (errLinkNotValid) %]
The link you clicked is either invalid, or expired.
<br/>Be sure you used the link from the email, or contact library staff for assistance.
[% END %]
</p>
<p>Please contact the library if you need further assistance.</p>
</div> <!-- /div.alert.alert-warning -->
[% END # /IF hasError %]
<div id="password-recovery">
[% IF (! Categories.can_any_reset_password ) %]
<div class="alert alert-info">You can't reset your password.</div>
[% ELSIF (password_recovery) %]
<form action="/cgi-bin/koha/opac-password-recovery.pl" method="post" autocomplete="off">
<legend class="sr-only">Password recovery</legend>
<input type="hidden" name="koha_login_context" value="opac" />
<p>To reset your password, enter your login or your email address.</p>
<fieldset class="brief">
<div class="form-group">
<label for="username">Login:</label>
<input class="form-control" type="text" id="username" size="40" name="username" value="[% username | html %]" />
</div>
<div class="form-group">
<label for="email">Email:</label>
<input class="form-control" type="text" id="email" size="40" name="email" value="[% email | html %]" />
</div>
<fieldset class="action">
<input type="submit" value="Submit" class="btn btn-primary" name="sendEmail" />
</fieldset>
</fieldset>
</form>
[% ELSIF (new_password) %]
[% UNLESS ( errLinkNotValid ) %]
<form id="mainform" name="mainform" action="/cgi-bin/koha/opac-password-recovery.pl" method="post" autocomplete="off">
<legend class="sr-only">Password not valid</legend>
<input type="hidden" name="koha_login_context" value="opac" />
<fieldset class="brief">
[% IF ( RequireStrongPassword ) %]
<div class="alert alert-info">Your password must contain at least [% minPasswordLength | html %] characters, including UPPERCASE, lowercase and numbers.</div>
[% ELSE %]
<div class="alert alert-info">Your password must be at least [% minPasswordLength | html %] characters long.</div>
[% END %]
<div class="form-group">
<label for="newPassword">New password:</label>
<input class="form-control" type="password" id="newPassword" size="40" name="newPassword" autocomplete="off" />
</div>
<div class="form-group">
<label for="repeatPassword">Confirm new password:</label>
<input class="form-control" type="password" id="repeatPassword" size="40" name="repeatPassword" autocomplete="off" />
</div>
<fieldset class="action">
<input type="hidden" name="username" value="[% username | html %]" />
<input type="hidden" name="uniqueKey" value="[% uniqueKey | html %]" />
<input type="submit" value="Submit" class="btn btn-primary" name="passwordReset" />
</fieldset>
</fieldset>
</form>
[% END # /UNLESS errLinkNotValid %]
[% ELSIF (mail_sent) %]
<div class="alert alert-info">
<p>
You will receive an email shortly.
<br/>Please click the link in this email to finish the process of resetting your password.
<br/>This link is valid for 2 days starting now.
</p>
<a href="/cgi-bin/koha/opac-main.pl">Return to the main page</a>
</div>
[% ELSIF (password_reset_done) %]
<div class="alert alert-success">
<p>The password has been changed for user "[% username | html %]".</p>
<a href="/cgi-bin/koha/opac-user.pl">Log in to your account.</a>
</div>
[% END # /IF (! Categories.can_any_reset_password ) %]
</div><!-- / #password-recovery -->
</div><!-- / .span10 -->
</div><!-- / .row-fluid -->
</div><!-- / .container-fluid -->
</div><!-- / .main -->
[% INCLUDE 'opac-bottom.inc' %]
View git blame Copy permalink