9 [% PROCESS 'i18n.inc' %]
10 [% SET footerjs = 1 %]
11 [% INCLUDE 'doc-head-open.inc' %]
12 <title>[% FILTER collapse %]
14 [% t("Two-factor authentication") | html %] ›
17 [% t("Two-factor authentication setup") | html %] ›
19 [% IF too_many_login_attempts %]
20 [% t("This account has been locked.") | html %] ›
21 [% ELSIF invalid_username_or_password %]
22 [% t("Invalid username or password") | html %] ›
24 [% IF ( different_ip ) %]
25 [% t("IP address change") | html %] ›
27 [% IF ( timed_out ) %]
28 [% t("Session timed out") | html %] ›
30 [% IF ( nopermission ) %]
31 [% t("Access denied") | html %] ›
33 [% IF ( auth_error ) %]
34 [% t("Error authenticating with external provider") | html %] ›
36 [% IF ( loginprompt ) %]
37 [% t("Log in to Koha") | html %] ›
39 [% t("Koha") | html %]
41 [% INCLUDE 'doc-head-close.inc' %]
42 [% PROCESS 'auth-two-factor.inc' %]
44 <body id="main_auth" class="main_main-auth">
46 <div class="main container-fluid">
47 [% INCLUDE 'messages.inc' %]
50 <h1><a href="http://koha-community.org">Koha</a></h1>
51 [% IF (Koha.Preference('StaffLoginInstructions')) %]<div id="login_instructions">[% Koha.Preference('StaffLoginInstructions') | $raw %]</div>[% END %]
52 [% IF ( nopermission ) %]
53 <div id="login_error">
54 <strong>Error:</strong>
55 You do not have permission to access this page.
57 <p><strong>Log in as a different user</strong></p></h2>
60 [% IF ( timed_out ) %]
61 <div id="login_error"><strong>Error: </strong>Session timed out.<br /> Please log in again</div>
64 [% IF ( different_ip ) %]
65 <div id="login_error"><strong>Error: </strong>IP address has changed. Please log in again </div>
69 <div id="login_error"><strong>Error: </strong>Autolocation is switched on and you are logging in with an IP address that doesn't match your library. </div>
72 [% IF too_many_login_attempts %]
73 <div id="login_error"><strong>Error: </strong>This account has been locked!</div>
74 [% IF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
75 <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
77 [% ELSIF password_has_expired %]
78 <div id="login_error"><strong>Error: </strong>Your password has expired!</div>
79 [% IF Koha.Preference('EnableExpiredPasswordReset') && Koha.Preference('OpacBaseURL') %]
80 <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-reset-password.pl">You must reset your password</a>.
81 [% ELSIF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
82 <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
84 <p>You must contact the library to reset your password</p>
86 [% ELSIF invalid_username_or_password %]
87 <div id="login_error"><strong>Error: </strong>Invalid username or password</div>
91 <div id="login_error" class="alert alert-danger">
92 <p>There was an error authenticating to external identity provider</p>
93 <p>[% auth_error | html %]</p>
97 [% IF (shibbolethAuthentication) %]
98 <!-- This is what is displayed if shib login has failed -->
99 [% IF (invalidShibLogin ) %]
100 <div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
102 <p><a href="[% shibbolethLoginUrl | $raw %]">Log in using a Shibboleth account</a>.</p>
105 [% IF !TwoFA_prompt && !TwoFA_setup && !Koha.Preference('staffShibOnly') %]
106 <!-- login prompt time-->
107 [% SET identity_providers = AuthClient.get_providers('staff') %]
108 [% IF ( ! identity_providers.empty ) %]
109 [% FOREACH provider IN identity_providers %]
111 <a href="[% provider.url | url %]" class="btn btn-light col-xs-12" id="provider_[% provider.code | html %]">
112 [% IF provider.icon_url %]
113 <img src="[% provider.icon_url | url %]" style="max-height: 20px; max-width: 20px;"/>
115 <i class="fa fa-user" aria-hidden="true"></i>
117 Log in with [% provider.description | html %]
122 <p>If you do not have an external account, but do have a local account, you can still log in: </p>
123 [% END # /IF identity_providers.size %]
125 <form action="[% script_name | html %]" method="post" name="loginform" id="loginform" class="validated">
126 [% INCLUDE 'csrf-token.inc' %]
127 <input type="hidden" name="op" value="cud-login" />
128 <input type="hidden" name="koha_login_context" value="intranet" />
129 [% FOREACH INPUT IN INPUTS %]
130 [% NEXT IF INPUT.name == "op" %]
131 [% NEXT IF INPUT.name == "csrf_token" %]
132 [% NEXT IF INPUT.name == "koha_login_context" %]
133 [% NEXT IF INPUT.name == "branch" %]
134 <input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
136 <p><label for="userid">Username:</label>
137 <input type="text" name="login_userid" id="userid" class="input focus" value="[% userid | html %]" size="20" tabindex="1" autocomplete="off" />
139 <p><label for="password">Password:</label>
140 <input type="password" name="login_password" id="password" class="input" value="" size="20" tabindex="2" autocomplete="off" />
143 [% UNLESS IndependentBranches %]
145 [% IF Koha.Preference('ForceLibrarySelection') %]
146 <label for="branch" class="required">Library:</label>
147 <select name="branch" id="branch" class="input" tabindex="3" required="required">
148 <option value=""></option>
150 <label for="branch">Library:</label>
151 <select name="branch" id="branch" class="input" tabindex="3">
152 <option value="">My library</option>
154 [% FOREACH l IN Branches.all( unfiltered => 1 ) %]
155 <option value="[% l.branchcode | html %]">[% l.branchname | html %]</option>
158 [% IF Koha.Preference('ForceLibrarySelection') %]
159 <span class="required">Required</span>
163 [% IF Koha.Preference('UseCirculationDesks') && Desks.all %]
165 <label for="desk">Desk:</label>
166 <select name="desk_id" id="desk_id" class="input" tabindex="3">
167 <option id="nodesk" value="">---</option>
168 [% FOREACH d IN Desks.all %]
169 <option class="[% d.branchcode | html %]" value="[% d.desk_id | html %]" disabled >[% d.desk_name | html %]</option>
175 [% IF Koha.Preference('UseCashRegisters') && Registers.all().size %]
177 <label for="register_id">Cash register:</label>
178 <select name="register_id" id="register_id" class="input" tabindex="4">
179 <option id="noregister" value="" selected="selected">Library default</option>
180 [% PROCESS options_for_registers registers => Registers.all() %]
187 <!-- <p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />Remember me</label></p> -->
189 <p class="submit"><input id="submit-button" type="submit" class="btn btn-primary" value="Log in" tabindex="4" /></p>
192 [% IF ( casAuthentication ) %]
195 [% IF ( invalidCasLogin ) %]
196 <!-- This is what is displayed if cas login has failed -->
197 <p>Sorry, the CAS login failed.</p>
200 [% IF ( casServerUrl ) %]
201 <p><a href="[% casServerUrl | $raw %]">If you have a CAS account, please click here to login</a>.<p>
204 [% IF ( casServersLoop ) %]
205 <p>If you have a CAS account, please choose against which one you would like to authenticate:</p>
207 [% FOREACH casServer IN casServersLoop %]
208 <li><a href="[% casServer.value | $raw %]">[% casServer.name | html %]</a></li>
212 [% ELSIF TwoFA_prompt %]
213 <form action="[% script_name | html %]" method="post" name="loginform" id="loginform" autocomplete="off">
214 [% INCLUDE 'csrf-token.inc' %]
215 <input type="hidden" name="op" value="cud-login" />
216 <input type="hidden" name="koha_login_context" value="intranet" />
217 [% FOREACH INPUT IN INPUTS %]
218 [% NEXT IF INPUT.name == "op" %]
219 [% NEXT IF INPUT.name == "csrf_token" %]
220 [% NEXT IF INPUT.name == "koha_login_context" %]
221 [% NEXT IF INPUT.name == "branch" %]
222 <input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
224 [% IF invalid_otp_token %]
225 <div id="login_error">Invalid two-factor code</div>
228 <div id="email_error" class="dialog alert" style="display: none;"></div>
229 <div id="email_success" class="dialog message" style="display: none;"></div>
231 <label for="otp_token">Two-factor authentication code:</label>
232 <input type="text" name="otp_token" id="otp_token" class="input focus" value="" size="20" tabindex="1" />
235 <input type="submit" id="submit-button" class="btn btn-primary" value="Verify code" />
236 <a class="send_otp" id="send_otp" href="#">Send the code by email</a>
237 <a class="cancel" id="logout" href="/cgi-bin/koha/mainpage.pl?logout.x=1">Cancel</a>
241 [% ELSIF TwoFA_setup %]
242 [% PROCESS registration_form %]
245 [% IF ( nopermission ) %]
246 <p><a id="previous_page" href="javascript:window.history.back()">[Previous page]</a>
247 <a id="mainpage" href="/">[Main page]</a></p>
252 <!-- <li><a href="/cgi-bin/koha/lostpassword.pl" title="Password lost and found">Lost your password?</a></li> -->
257 [% MACRO jsinclude BLOCK %]
258 [% Asset.js("js/desk_selection.js") | $raw %]
259 [% Asset.js("js/register_selection.js") | $raw %]
261 $(document).ready( function() {
262 if ( document.location.hash ) {
263 const input = $('<input name="auth_forwarded_hash" type="hidden">')
264 input.val(document.location.hash);
265 $( '#loginform' ).append( input );
267 // Clear last borrowers, rememberd sql reports, carts, etc.
270 $("#send_otp").on("click", function(e){
272 [% UNLESS notice_email_address %]
273 alert("Cannot send the notice, you don't have an email address defined.")
275 $("#email_success").hide();
276 $("#email_error").hide();
278 url: '/api/v1/auth/otp/token_delivery',
280 success: function(data){
281 let message = _("The code has been sent by email, please check your inbox.")
282 $("#email_success").show().html(message);
284 error: function(data){
285 let error = data.responseJSON && data.responseJSON.error == "email_not_sent"
286 ? _("Email not sent, please contact the Koha administrator")
287 : _("Something wrong happened, please contact the Koha administrator");
288 $("#email_error").show().html(error);
294 if( $("#registration-form").length ) {
298 url: '/api/v1/auth/two-factor/registration',
299 success: function (data) {
300 $("#qr_code").attr('src', data.qr_code);
301 $("#secret32").val(data.secret32);
302 $("#issuer").html(data.issuer);
303 $("#key_id").html(data.key_id);
304 $("#key_secret").html(data.secret32);
305 $("#registration-form").show();
307 error: function (data) {
313 $("#register-2FA").on("click", function(e){
316 secret32: $("#secret32").val(),
317 pin_code: $("#pin_code").val(),
319 if (!data.pin_code) return;
324 url: '/api/v1/auth/two-factor/registration/verification',
325 success: function (data) {
328 error: function (data) {
329 const error = data.responseJSON.error;
330 if ( error == 'Invalid pin' ) {
331 $("#errors").html(_("Invalid PIN code")).show();
337 alert(_("Two-factor authentication correctly configured. You will be redirected to the login screen."));
338 window.location = "/cgi-bin/koha/mainpage.pl";
345 <!-- the main div is closed in intranet-bottom.inc -->
346 [% INCLUDE 'intranet-bottom.inc' %]