Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
Sam Lau 9603f11883
Bug 34188: Require Library Branch Selection when Logging in 
This patch adds the ability to force staff to select a library when
logging into the staff interface. This is done via a new system
preference: 'ForcedLibrarySelection'

To test:
1) Apply patch, restart_all, and updatedatabase
2) Log out of the staff interface. Notice the login form looks the same
   and the "Library:" dropdown has 'My Library" selected as default. Log
   back into the staff interface.
3) In Administration, search for the system preference
   "ForcedLibrarySelection". Set it to 'Force' and press save.
4) Log out of the staff interface. Notice that this time, the "Library:"
   dropdown is required and has a blank selection as the default.
5) Fill in the username and password but do not select a library. Click
   'Log in'
6) Notice you cannot log in and are asked to 'Please select an item in
   the list'
7) Select a library from the drop down and click 'Log in'
8) Notice the login was successful and you were logged in to the library
   you selected.
9) Try loggin in with some other libraries to verify it works as
   expected
10) Sign-off :)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-11-08 17:41:39 -03:00

331 lines
14 KiB
Text
Raw Blame History

[% USE raw %]
[% USE Asset %]
[% USE Koha %]
[% USE Branches %]
[% USE Desks %]
[% USE Categories %]
[% USE Registers %]
[% USE AuthClient %]
[% PROCESS 'i18n.inc' %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>[% FILTER collapse %]
[% IF TwoFA_prompt %]
[% t("Two-factor authentication") | html %] &rsaquo;
[% END %]
[% IF TwoFA_setup %]
[% t("Two-factor authentication setup") | html %] &rsaquo;
[% END %]
[% IF too_many_login_attempts %]
[% t("This account has been locked.") | html %] &rsaquo;
[% ELSIF invalid_username_or_password %]
[% t("Invalid username or password") | html %] &rsaquo;
[% END %]
[% IF ( different_ip ) %]
[% t("IP address change") | html %] &rsaquo;
[% END %]
[% IF ( timed_out ) %]
[% t("Session timed out") | html %] &rsaquo;
[% END %]
[% IF ( nopermission ) %]
[% t("Access denied") | html %] &rsaquo;
[% END %]
[% IF ( auth_error ) %]
[% t("Error authenticating with external provider") | html %] &rsaquo;
[% END %]
[% IF ( loginprompt ) %]
[% t("Log in to Koha") | html %] &rsaquo;
[% END %]
[% t("Koha") | html %]
[% END %]</title>
[% INCLUDE 'doc-head-close.inc' %]
[% PROCESS 'auth-two-factor.inc' %]
</head>
<body id="main_auth" class="main_main-auth">
<div class="main container-fluid">
<div id="login">
<h1><a href="http://koha-community.org">Koha</a></h1>
[% IF (Koha.Preference('StaffLoginInstructions')) %]<div id="login_instructions">[% Koha.Preference('StaffLoginInstructions') | $raw %]</div>[% END %]
[% IF ( nopermission ) %]
<div id="login_error">
<strong>Error:</strong>
You do not have permission to access this page.
</div>
<p><strong>Log in as a different user</strong></p></h2>
[% END %]
[% IF ( timed_out ) %]
<div id="login_error"><strong>Error: </strong>Session timed out.<br /> Please log in again</div>
[% END %]
[% IF ( different_ip ) %]
<div id="login_error"><strong>Error: </strong>IP address has changed. Please log in again </div>
[% END %]
[% IF ( wrongip ) %]
<div id="login_error"><strong>Error: </strong>Autolocation is switched on and you are logging in with an IP address that doesn't match your library. </div>
[% END %]
[% IF too_many_login_attempts %]
<div id="login_error"><strong>Error: </strong>This account has been locked!</div>
[% IF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
[% END %]
[% ELSIF password_has_expired %]
<div id="login_error"><strong>Error: </strong>Your password has expired!</div>
[% IF Koha.Preference('EnableExpiredPasswordReset') && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-reset-password.pl">You must reset your password</a>.
[% ELSIF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
[% ELSE %]
<p>You must contact the library to reset your password</p>
[% END %]
[% ELSIF invalid_username_or_password %]
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
[% END %]
[% IF auth_error %]
<div id="login_error" class="alert alert-danger">
<p>There was an error authenticating to external identity provider</p>
<p>[% auth_error | html %]</p>
</div>
[% END %]
[% IF (shibbolethAuthentication) %]
<!-- This is what is displayed if shib login has failed -->
[% IF (invalidShibLogin ) %]
<div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
[% END %]
<p><a href="[% shibbolethLoginUrl | $raw %]">Log in using a Shibboleth account</a>.</p>
[% END %]
[% IF !TwoFA_prompt && !TwoFA_setup && !Koha.Preference('staffShibOnly') %]
<!-- login prompt time-->
[% SET identity_providers = AuthClient.get_providers('staff') %]
[% IF ( ! identity_providers.empty ) %]
[% FOREACH provider IN identity_providers %]
<p class="clearfix">
<a href="[% provider.url | url %]" class="btn btn-light col-xs-12" id="provider_[% provider.code | html %]">
[% IF provider.icon_url %]
<img src="[% provider.icon_url | url %]" style="max-height: 20px; max-width: 20px;"/>
[% ELSE %]
<i class="fa fa-user" aria-hidden="true"></i>
[% END %]
Log in with [% provider.description | html %]
</a>
</p>
[% END %]
<hr/>
<p>If you do not have an external account, but do have a local account, you can still log in: </p>
[% END # /IF identity_providers.size %]
<form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
[% END %]
<p><label for="userid">Username:</label>
<input type="text" name="userid" id="userid" class="input focus" value="[% userid | html %]" size="20" tabindex="1" autocomplete="off" />
</p>
<p><label for="password">Password:</label>
<input type="password" name="password" id="password" class="input" value="" size="20" tabindex="2" autocomplete="off" />
</p>
[% UNLESS IndependentBranches %]
<p>
[% IF Koha.Preference('ForcedLibrarySelection') %]
<label for="branch" class="required">Library:</label>
<select name="branch" id="branch" class="input" tabindex="3" required="required">
<option value=""></option>
[% ELSE %]
<label for="branch">Library:</label>
<select name="branch" id="branch" class="input" tabindex="3">
<option value="">My library</option>
[% END %]
[% FOREACH l IN Branches.all( unfiltered => 1 ) %]
<option value="[% l.branchcode | html %]">[% l.branchname | html %]</option>
[% END %]
</select>
[% IF Koha.Preference('ForcedLibrarySelection') %]
<span class="required">Required</span>
[% END %]
</p>
[% IF Koha.Preference('UseCirculationDesks') && Desks.all %]
<p>
<label for="desk">Desk:</label>
<select name="desk_id" id="desk_id" class="input" tabindex="3">
<option id="nodesk" value="">---</option>
[% FOREACH d IN Desks.all %]
<option class="[% d.branchcode | html %]" value="[% d.desk_id | html %]" disabled >[% d.desk_name | html %]</option>
[% END %]
</select>
</p>
[% END %]
[% IF Koha.Preference('UseCashRegisters') && Registers.all().size %]
<p>
<label for="register_id">Cash register:</label>
<select name="register_id" id="register_id" class="input" tabindex="4">
<option id="noregister" value="" selected="selected">Library default</option>
[% PROCESS options_for_registers registers => Registers.all() %]
</select>
</p>
[% END %]
[% END %]
<!-- <p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />Remember me</label></p> -->
<p class="submit"><input id="submit-button" type="submit" class="btn btn-primary" value="Log in" tabindex="4" /></p>
</form>
[% IF ( casAuthentication ) %]
<h4>Cas login</h4>
[% IF ( invalidCasLogin ) %]
<!-- This is what is displayed if cas login has failed -->
<p>Sorry, the CAS login failed.</p>
[% END %]
[% IF ( casServerUrl ) %]
<p><a href="[% casServerUrl | $raw %]">If you have a CAS account, please click here to login</a>.<p>
[% END %]
[% IF ( casServersLoop ) %]
<p>If you have a CAS account, please choose against which one you would like to authenticate:</p>
<ul>
[% FOREACH casServer IN casServersLoop %]
<li><a href="[% casServer.value | $raw %]">[% casServer.name | html %]</a></li>
[% END %]
[% END %]
[% END %]
[% ELSIF TwoFA_prompt %]
<form action="[% script_name | html %]" method="post" name="loginform" id="loginform" autocomplete="off">
<input type="hidden" name="koha_login_context" value="intranet" />
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
[% END %]
[% IF invalid_otp_token %]
<div id="login_error">Invalid two-factor code</div>
[% END %]
<div id="email_error" class="dialog alert" style="display: none;"></div>
<div id="email_success" class="dialog message" style="display: none;"></div>
<p>
<label for="otp_token">Two-factor authentication code:</label>
<input type="text" name="otp_token" id="otp_token" class="input focus" value="" size="20" tabindex="1" />
</p>
<p>
<input type="submit" id="submit-button" class="btn btn-primary" value="Verify code" />
<a class="send_otp" id="send_otp" href="#">Send the code by email</a>
<a class="cancel" id="logout" href="/cgi-bin/koha/mainpage.pl?logout.x=1">Cancel</a>
</p>
</form>
[% ELSIF TwoFA_setup %]
[% PROCESS registration_form %]
[% END %]
[% IF ( nopermission ) %]
<p><a id="previous_page" href="javascript:window.history.back()">[Previous page]</a>
<a id="mainpage" href="/">[Main page]</a></p>
[% END %]
<!--<ul> -->
<!-- <li><a href="/cgi-bin/koha/lostpassword.pl" title="Password lost and found">Lost your password?</a></li> -->
<!-- </ul> -->
</div>
[% MACRO jsinclude BLOCK %]
[% Asset.js("js/desk_selection.js") | $raw %]
[% Asset.js("js/register_selection.js") | $raw %]
<script>
$(document).ready( function() {
if ( document.location.hash ) {
$( '#loginform' ).append( '<input name="auth_forwarded_hash" type="hidden" value="' + document.location.hash + '"/>' );
}
// Clear last borrowers, rememberd sql reports, carts, etc.
logOut();
$("#send_otp").on("click", function(e){
e.preventDefault();
[% UNLESS notice_email_address %]
alert("Cannot send the notice, you don't have an email address defined.")
[% ELSE %]
$("#email_success").hide();
$("#email_error").hide();
$.ajax({
url: '/api/v1/auth/otp/token_delivery',
type: 'POST',
success: function(data){
let message = _("The code has been sent by email, please check your inbox.")
$("#email_success").show().html(message);
},
error: function(data){
let error = data.responseJSON && data.responseJSON.error == "email_not_sent"
? _("Email not sent, please contact the Koha administrator")
: _("Something wrong happened, please contact the Koha administrator");
$("#email_error").show().html(error);
}
});
[% END %]
});
if( $("#registration-form").length ) {
$.ajax({
data: {},
type: 'POST',
url: '/api/v1/auth/two-factor/registration',
success: function (data) {
$("#qr_code").attr('src', data.qr_code);
$("#secret32").val(data.secret32);
$("#issuer").html(data.issuer);
$("#key_id").html(data.key_id);
$("#key_secret").html(data.secret32);
$("#registration-form").show();
},
error: function (data) {
alert(data);
},
});
};
$("#register-2FA").on("click", function(e){
e.preventDefault();
const data = {
secret32: $("#secret32").val(),
pin_code: $("#pin_code").val(),
};
if (!data.pin_code) return;
$.ajax({
data: data,
type: 'POST',
url: '/api/v1/auth/two-factor/registration/verification',
success: function (data) {
return;
},
error: function (data) {
const error = data.responseJSON.error;
if ( error == 'Invalid pin' ) {
$("#errors").html(_("Invalid PIN code")).show();
} else {
alert(error);
}
},
}).then(function(){
alert(_("Two-factor authentication correctly configured. You will be redirected to the login screen."));
window.location = "/cgi-bin/koha/mainpage.pl";
});
});
});
</script>
[% END %]
<!-- the main div is closed in intranet-bottom.inc -->
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink