From 4a6ec50c625419cc0f3884142b7f4307cd2a4370 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Wed, 5 Oct 2011 12:04:12 -0400 Subject: [PATCH] Fix for Bug 5280 - Fix password field so that the password is masked as it is entered This patch changes the password field to a password type input on member-password.pl and adds a confirmation field to both member-password.pl and memberentry.pl requiring that the password be re-entered to confirm. Client-side and server-side validation for the two password fields has been added to both pages. Multiple error messages can now be displayed together on member-password.pl. If the user wishes for Koha to suggest a random password on member-password.pl they can click a link which will remove the password-type input fields, replace them with text-type fields, and automatically fill them with the random password suggestion. Follow-up fix lets the members.js correctly handling errors when there are no mandatory fields LR followup: fixing slight error that corrects previously reported template error. Signed-off-by: Liz Rea Tested password setting/changing utilities - all work as expected and described. Passes prove t xt t/db_dependent tests congruent with current master failures (adds no new fails). Signed-off-by: Paul Poulain --- koha-tmpl/intranet-tmpl/prog/en/js/members.js | 15 +++- .../en/modules/members/member-password.tt | 52 ++++++++++++-- .../prog/en/modules/members/memberentrygen.tt | 70 +++++++++++++++---- members/member-password.pl | 36 +++++----- members/memberentry.pl | 2 + 5 files changed, 135 insertions(+), 40 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/js/members.js b/koha-tmpl/intranet-tmpl/prog/en/js/members.js index 796db0a880..3ed6195e8d 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/js/members.js +++ b/koha-tmpl/intranet-tmpl/prog/en/js/members.js @@ -85,6 +85,8 @@ var myDate2=document.form.dateexpiry.value.split ('/'); // function to test all fields in forms and nav in different forms(1 ,2 or 3) function check_form_borrowers(nav){ var statut=0; + var message = ""; + var message_champ=""; if (document.form.check_member.value == 1 ) { if (document.form_double.answernodouble) { @@ -101,9 +103,8 @@ function check_form_borrowers(nav){ else { var champ_verif = document.form.BorrowerMandatoryField.value.split ('|'); - var message = MSG_MISSING_MANDATORY + message += MSG_MISSING_MANDATORY message += "\n"; - var message_champ=""; for (var i=0; i 0 ) { if (!(document.form_double.answernodouble.checked)){ - message =""; message_champ+= MSG_DUPLICATE_SUSPICION; statut=1; document.form.nodouble.value=0; diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt index 93b1828c05..126927053f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt @@ -1,6 +1,25 @@ [% INCLUDE 'doc-head-open.inc' %] Koha › Patrons › [% IF ( newpassword ) %]Password Updated [% ELSE %]Update Password for [% surname %], [% firstname %][% END %] [% INCLUDE 'doc-head-close.inc' %] + [% INCLUDE 'header.inc' %] @@ -20,31 +39,50 @@ [% ELSE %] -
+ [% IF ( errormsg ) %] +
+

The following errors have occurred:

+
    [% IF ( BADUSERID ) %] -
    You have entered a User ID that already exists. Please choose another one.
    +
  • You have entered a username that already exists. Please choose another one.
  • [% END %] [% IF ( SHORTPASSWORD ) %] -
    The password entered is too short. Password must be at least [% minPasswordLength %] characters.
    +
  • The password entered is too short. Password must be at least [% minPasswordLength %] characters.
  • [% END %] [% IF ( NOPERMISSION ) %] -
    You do not have permission to edit this patron's login information.
    +
  • You do not have permission to edit this patron's login information.
  • [% END %] + [% IF ( NOMATCH ) %] +
  • The passwords entered do not match. Please re-enter the new password.
  • + [% END %] +
+
[% END %]
Change Username and/or Password for [% firstname %] [% surname %]
  1. -
  2. +
  3. -
    Koha cannot display existing passwords. Below is a randomly generated suggestion. Leave the field blank to leave password unchanged.
    +
    Koha cannot display existing passwords. Leave the field blank to leave password unchanged.
    [% IF ( minPasswordLength ) %]
    Minimum password length: [% minPasswordLength %]
    [% END %] -
  4. + [% IF ( NOMATCH ) %] + + + [% ELSE %] + + + [% END %] + +
  5. + + +
Cancel
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt index 02d39f5e05..34fef892ed 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt @@ -3,7 +3,7 @@ [% IF ( opadd ) %]Add[% ELSIF ( opduplicate ) %]Duplicate[% ELSE %] Modify[% END %] [% IF ( categoryname ) %] [% categoryname %] patron[% ELSE %][% IF ( I ) %] Organization patron[% END %][% IF ( A ) %] Adult patron[% END %][% IF ( C ) %] Child patron[% END %][% IF ( P ) %] Professional patron[% END %][% IF ( S ) %] Staff patron[% END %][% END %][% UNLESS ( opadd ) %] [% surname %], [% firstname %][% END %] [% INCLUDE 'doc-head-close.inc' %] [% INCLUDE 'calendar.inc' %] - @@ -143,6 +144,9 @@ [% IF ( ERROR_short_password ) %]
  • Password must be at least [% minPasswordLength %] characters long.
  • [% END %] + [% IF ( ERROR_password_mismatch ) %] +
  • Passwords do not match.
  • + [% END %] [% IF ( ERROR_extended_unique_id_failed ) %]
  • The attribute value [% ERROR_extended_unique_id_failed %] is already is use by another patron record.
  • @@ -1182,41 +1186,82 @@ [% IF ( opadd ) %] [% IF ( NoUpdateLogin ) %] [% IF ( opduplicate ) %] - + [% ELSE %] - + [% END %] [% ELSE %] [% IF ( opduplicate ) %] - + [% ELSE %] - + [% END %] [% END %] [% ELSE %] [% IF ( password ) %] [% IF ( NoUpdateLogin ) %] - + [% ELSE %] [% IF ( opduplicate ) %] - + [% ELSE %] - + [% END %] [% END %] [% ELSE %] [% IF ( NoUpdateLogin ) %] - + [% ELSE %] - + [% END %] [% END %] [% END %] [% IF ( mandatorypassword ) %]Required[% END %][% IF ( ERROR_short_password ) %]Password is too short[% END %] [% IF ( minPasswordLength ) %]
    Minimum password length: [% minPasswordLength %]
    [% END %] - [% END %] - +
  • + [% IF ( mandatorypassword ) %] +
  • + [% END # hide fieldset %] @@ -1431,6 +1476,7 @@ [% INCLUDE 'members-menu.inc' %] [% END %] [% END %] +[% END %] [% INCLUDE 'intranet-bottom.inc' %] diff --git a/members/member-password.pl b/members/member-password.pl index 8128a3dff8..fe24df3a4b 100755 --- a/members/member-password.pl +++ b/members/member-password.pl @@ -40,17 +40,21 @@ $flagsrequired->{borrowers}=1; my $member=$input->param('member'); my $cardnumber = $input->param('cardnumber'); my $destination = $input->param('destination'); -my $errormsg; +my @errors; my ($bor)=GetMember('borrowernumber' => $member); if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' ) ) { - $errormsg = 'NOPERMISSION' unless($staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} ); + push(@errors,'NOPERMISSION') unless($staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} ); # need superlibrarian for koha-conf.xml fakeuser. } my $newpassword = $input->param('newpassword'); +my $newpassword2 = $input->param('newpassword2'); + +push(@errors,'NOMATCH') if ( ( $newpassword && $newpassword2 ) && ($newpassword ne $newpassword2) ); + my $minpw = C4::Context->preference('minPasswordLength'); -$errormsg = 'SHORTPASSWORD' if( $newpassword && $minpw && (length($newpassword) < $minpw ) ); +push(@errors,'SHORTPASSWORD') if( $newpassword && $minpw && (length($newpassword) < $minpw ) ); -if ( $newpassword && ! $errormsg ) { +if ( $newpassword && !scalar(@errors) ) { my $digest=md5_base64($input->param('newpassword')); my $uid = $input->param('newuserid'); my $dbh=C4::Context->dbh; @@ -62,13 +66,7 @@ if ( $newpassword && ! $errormsg ) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); } } else { - $errormsg = 'BADUSERID'; - $template->param(othernames => $bor->{'othernames'}, - surname => $bor->{'surname'}, - firstname => $bor->{'firstname'}, - userid => $bor->{'userid'}, - defaultnewpassword => $newpassword - ); + push(@errors,'BADUSERID'); } } else { my $userid = $bor->{'userid'}; @@ -79,7 +77,9 @@ if ( $newpassword && ! $errormsg ) { for (my $i=0; $i<$length; $i++) { $defaultnewpassword.=substr($chars, int(rand(length($chars))),1); } - + + $template->param( defaultnewpassword => $defaultnewpassword ); +} if ( $bor->{'category_type'} eq 'C') { my ( $catcodes, $labels ) = GetborCatFromCatType( 'A', 'WHERE category_type = ?' ); my $cnt = scalar(@$catcodes); @@ -120,16 +120,16 @@ if (C4::Context->preference('ExtendedPatronAttributes')) { userid => $bor->{'userid'}, destination => $destination, is_child => ($bor->{'category_type'} eq 'C'), - defaultnewpassword => $defaultnewpassword, activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''), + minPasswordLength => $minpw ); +if( scalar(@errors )){ + $template->param( errormsg => 1 ); + foreach my $error (@errors) { + $template->param($error) || $template->param( $error => 1); + } } -$template->param( member => $member, - errormsg => $errormsg, - $errormsg => 1 , - minPasswordLength => $minpw ); - output_html_with_http_headers $input, $cookie, $template->output; diff --git a/members/memberentry.pl b/members/memberentry.pl index 6de07bf50b..86dd6ed561 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -292,6 +292,8 @@ if ($op eq 'save' || $op eq 'insert'){ } my $password = $input->param('password'); + my $password2 = $input->param('password2'); + push @errors, "ERROR_password_mismatch" if ( $password ne $password2 ); push @errors, "ERROR_short_password" if( $password && $minpw && $password ne '****' && (length($password) < $minpw) ); if (C4::Context->preference('ExtendedPatronAttributes')) { -- 2.39.5