revisit password expiration policy templates customizations (#30)

pmauduit · pmauduit · commit 4b18b6ca4c39 · 2024-09-21T10:50:36.000+02:00
Reading the Java class mentioned in issue #30, it seems that only 2 properties were modified in the original messages.properties from the classpath (what about the other languages ?). This commit should provide the same behaviour as the original PR. I had to reintroduce the pwdupdateform.html fragment from upstream, and customize the (hardcoded ?) URLs to get into the console webservices meant for password management. FTR, the original template is here: https://github.com/apereo/cas/blob/6.6.x/support/cas-server-support-thymeleaf/src/main/resources/templates/fragments/pwdupdateform.html BTW, it looks like CAS provides such password management from the user on its own code, via an optional module: https://apereo.github.io/cas/7.0.x/password_management/Password-Management-Reset.html but since we already have the feature provided by the console, it makes probably more sense to make use of them instead. Note: I am not sure why the `password.expiration.warning` does not seem to be used in any templates in the CAS6.6 codebase. Note2: we might want to be able to customize the console's endpoint url from the datadir, but since they were hardcoded in the java class, at least we are isofunctional here. tests: runtime, using https://github.com/georchestra/sample-docker-composition/tree/main/cas/password-expiration - tested with english & french locales.
diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
@@ -287,7 +287,7 @@ screen.surrogates.button.cancel=Cancel
 screen.surrogates.account.selection.error=You are not authorized to impersonate the indicated user at this time.
 
 # Password policy
-password.expiration.warning=Your password expires in {0} day(s). Please <a href="https://pm.example.edu">change your password</a> now.
+password.expiration.warning=Your password expires in {0} day(s). Please <a href="/console/account/changePassword">change your password</a> now.
 password.expiration.loginsRemaining=You have {0} login(s) remaining before you <strong>MUST</strong> change your password.
 screen.accountdisabled.heading=This account has been disabled.
 screen.accountdisabled.message=Please contact the system administrator to regain access.
diff --git a/src/main/resources/messages_de.properties b/src/main/resources/messages_de.properties
@@ -240,7 +240,7 @@ screen.surrogates.button.cancel=Abbrechen
 
 
 # Password policy
-password.expiration.warning=Ihr Kennwort läuft in {0} Tagen ab. Bitte <a href\="{1}">ändern Sie Ihr Kennwort</a>.
+password.expiration.warning=Ihr Kennwort läuft in {0} Tagen ab. Bitte <a href="/console/account/changePassword">ändern Sie Ihr Kennwort</a>.
 password.expiration.loginsRemaining=Sie haben {0} Anmeldungen übrig, bevor Sie Ihr Kennwort ändern <strong>müssen</strong>.
 screen.accountdisabled.heading=Dieses Konto wurde deaktiviert.
 screen.accountdisabled.message=Bitte kontaktieren Sie Ihren System Administrator um wieder Zugriff zu erhalten.
diff --git a/src/main/resources/messages_es.properties b/src/main/resources/messages_es.properties
@@ -69,7 +69,7 @@ screen.service.empty.error.message=El registro de servicios del CAS está vacío
 Las aplicaciones que quieren autenticar con CAS deben ser explícitamente definidas en el registro de servicios.
 
 # Password policy
-password.expiration.warning=Su contraseña caduca en {0} días. Por favor <a href="{1}">cambie su contraseña</a> ahora.
+password.expiration.warning=Su contraseña caduca en {0} días. Por favor <a href="/console/account/changePassword">cambie su contraseña</a> ahora.
 password.expiration.loginsRemaining=Tiene {0} inicios de sesión restantes antes que <strong>DEBE</strong> cambiar su contraseña.
 screen.accountdisabled.heading=Se ha deshabilitado esta cuenta.
 screen.accountdisabled.message=Por favor contacte al administrador de sistema para recobrar acceso.
diff --git a/src/main/resources/messages_fr.properties b/src/main/resources/messages_fr.properties
@@ -225,7 +225,7 @@ screen.surrogates.button.cancel=Annuler
 
 
 # Password policy
-password.expiration.warning=Votre mot de passe expire dans {0} jour(s). Merci de <a href="{1}">changer votre mot de passe</a> maintenant.
+password.expiration.warning=Votre mot de passe expire dans {0} jour(s). Merci de <a href="/console/account/changePassword">changer votre mot de passe</a> maintenant.
 password.expiration.loginsRemaining=Il vous reste {0} authentification(s) avant de <strong>DEVOIR</strong> changer votre mot de passe.
 screen.accountdisabled.heading=Ce compte a été désactivé.
 screen.accountdisabled.message=Merci de contacter votre administrateur système pour récupérer votre accès.
diff --git a/src/main/resources/templates/georchestra/fragments/pwdupdateform.html b/src/main/resources/templates/georchestra/fragments/pwdupdateform.html
@@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
+
+    <title>Password Update Form</title>
+    <link href="../../static/css/cas.css" rel="stylesheet" th:remove="tag"/>
+</head>
+
+<body>
+<main role="main" class="container mt-3 mb-3">
+    <div id="pwdmain" th:fragment="pwdupdateform">
+        <script th:inline="javascript">
+            /*<![CDATA[*/
+
+            var policyPattern = /*[[${passwordPolicyPattern}]]*/;
+            var passwordStrengthI18n = {
+                0: /*[[#{screen.pm.password.strength.0}]]*/,
+                1: /*[[#{screen.pm.password.strength.1}]]*/,
+                2: /*[[#{screen.pm.password.strength.2}]]*/,
+                3: /*[[#{screen.pm.password.strength.3}]]*/,
+                4: /*[[#{screen.pm.password.strength.4}]]*/
+            };
+            var passwordMinimumStrength = 0;
+
+            /*]]>*/
+        </script>
+        <h3 th:utext="${expiredPass}
+        ? #{screen.expiredpass.heading(${credential.id})}
+        : #{screen.mustchangepass.heading(${credential.id})}">
+            Change Password Heading</h3>
+
+        <form id="passwordManagementForm" th:if="${passwordManagementEnabled}" method="post"
+              th:object="${password}">
+            <div class="banner banner-danger alert alert-danger banner-dismissible my-4" th:if="${#fields.hasErrors('*')}">
+
+                <span th:each="err : ${#fields.errors('*')}" th:utext="${err}">Error text</span>
+            </div>
+
+            <div class="cas-field my-3 mdc-input-group form-group d-flex">
+                <div class="mdc-input-group-field mdc-input-group-field-append flex-grow-1">
+                    <div class="d-flex caps-check">
+
+                        <label for="password"
+                               class="mdc-text-field caps-check mdc-text-field--outlined control-label mdc-text-field--with-trailing-icon">
+                            <input class="mdc-text-field__input form-control pwd"
+                                   autocapitalize="none"
+                                   spellcheck="false"
+                                   type="password"
+                                   name="password"
+                                   id="password"
+                                   th:field="*{password}"
+                                   autocomplete="off" required/>
+                            <span class="mdc-notched-outline">
+                                <span class="mdc-notched-outline__leading"></span>
+                                <span class="mdc-notched-outline__notch">
+                                    <span class="mdc-floating-label" th:utext="#{screen.pm.enterpsw}">Enter Password:</span>
+                                </span>
+                                <span class="mdc-notched-outline__trailing"></span>
+                            </span>
+                        </label>
+                        <i class="mdi mdi-alert mdc-text-field__icon text-danger caps-warn"></i>
+                    </div>
+                </div>
+                <button class="reveal-password align-self-end mdc-button mdc-button--raised mdc-input-group-append mdc-icon-button btn btn-primary"
+                        tabindex="-1" type="button">
+                    <i class="mdi mdi-eye reveal-password-icon fas fa-eye"></i>
+                    <span class="visually-hidden">Toggle Password</span>
+                </button>
+            </div>
+
+            <div class="cas-field form-group mdc-input-group my-3">
+                <div class="d-flex caps-check">
+                    <label for="confirmedPassword" class="mdc-text-field mdc-text-field--outlined mdc-text-field--with-trailing-icon control-label">
+                        <input class="mdc-text-field__input form-control pwd"
+                               type="password"
+                               autocapitalize="none"
+                               spellcheck="false"
+                               name="confirmedPassword"
+                               id="confirmedPassword"
+                               th:field="*{confirmedPassword}"
+                               autocomplete="off" required/>
+
+                        <span class="mdc-notched-outline">
+                            <span class="mdc-notched-outline__leading"></span>
+                            <span class="mdc-notched-outline__notch">
+                                <span class="mdc-floating-label" th:utext="#{screen.pm.confirmpsw}">Confirm Password:</span>
+                            </span>
+                            <span class="mdc-notched-outline__trailing"></span>
+                        </span>
+                    </label>
+                    <i class="mdi mdi-alert mdc-text-field__icon bs-hide text-danger caps-warn"></i>
+                </div>
+            </div>
+
+            <div class="cas-field form-group my-3 d-flex flex-column">
+                <div class="d-flex align-items-center">
+                    <span th:text="#{screen.pm.password.strength}">Strength:</span>&nbsp;
+                    <span id="password-strength-icon" class="mdi" aria-hidden="true"></span>
+                </div>
+                <div id="strengthProgressBar" role="progressbar" class="d-none progress">
+                    <div id="progress-strength-indicator" class="progress-bar progress-bar-indicator text-center"></div>
+                    <div class="mdc-linear-progress">
+                        <div class="mdc-linear-progress__buffering-dots"></div>
+                        <div class="mdc-linear-progress__buffer"></div>
+                        <div class="mdc-linear-progress__bar mdc-linear-progress__primary-bar" style="transform: scaleX(0);">
+                            <span class="mdc-linear-progress__bar-inner"></span>
+                        </div>
+                        <div class="mdc-linear-progress__bar mdc-linear-progress__secondary-bar">
+                            <span class="mdc-linear-progress__bar-inner"></span>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="cas-field form-group my-3 text-warning" id="password-strength-msg" style="display: none;">
+                <div class="suggestions banner banner-warning alert alert-warning p-2 mb-2 d-flex align-items-center" role="alert">
+                    <span class="mdi mdi-information fas fa-info-circle" aria-hidden="true"></span>&nbsp;
+                    <p class="m-0">
+                        <span id="password-strength-warning"></span>&nbsp;
+                        <span id="password-strength-suggestions"></span>
+                    </p>
+                </div>
+            </div>
+            <div class="cas-field form-group my-3 text-danger" id="password-strength-notes">
+                <div id="password-policy-violation-msg" class="banner banner-danger alert alert-danger p-2" role="alert" style="display: none;">
+                    <span class="mdi mdi-alert fas fa-exclamation-triangle" aria-hidden="true"></span>&nbsp;
+                    <strong th:text="#{screen.pm.password.policyViolation}">Password does not match the password policy
+                        requirement.</strong>
+                </div>
+                <div id="password-confirm-mismatch-msg" class="banner banner-danger alert alert-danger p-2" role="alert" style="display: none;">
+                    <span class="mdi mdi-alert fas fa-exclamation-triangle" aria-hidden="true"></span>&nbsp;
+                    <strong th:text="#{screen.pm.password.confirmMismatch}">Passwords do not match.</strong>
+                </div>
+            </div>
+
+            <div class="cas-field form-group">
+                <input type="hidden" name="execution" th:value="${flowExecutionKey}"/>
+                <input type="hidden" name="_eventId" value="submit"/>
+                <button class="mdc-button mdc-button--raised btn btn-primary me-2"
+                        name="submit"
+                        accesskey="s"
+                        th:value="#{screen.pm.button.submit}"
+                        th:attr="data-processing-text=#{screen.welcome.button.loginwip}"
+                        value="SUBMIT"
+                        id="submit"
+                        type="submit"
+                        disabled="true">
+                    <span class="mdc-button__label" th:text="#{screen.pm.button.submit}">Submit</span>
+                </button>
+                <a class="mdc-button mdc-button--outline btn btn-outline-secondary" th:href="@{/login}">
+                    <span class="mdc-button__label" th:text="#{screen.pm.button.cancel}">CANCEL</span>
+                </a>
+            </div>
+        </form>
+
+        <p id="pwddesc" th:unless="${passwordManagementEnabled}"
+           th:utext="${expiredPass} ? #{screen.expiredpass.message('/console/account/passwordRecovery')} : #{screen.mustchangepass.message('/console/account/passwordRecovery')}">Expired/Must Change Password text</p>
+
+    </div>
+</main>
+</body>
+</html>
