Hi,
after the password strength meter went through, I have another enhancement
related to the password field.
On the edit user page, there are placeholders in the password fields.
The placeholders are plain *'s, so if I add some characters after the
placeholder
like [******<newchars>] my new password will contain the placeholder
instead
of my expectation [<oldpass><newchars>].
That could lead to locking out of a user.
This patch makes sure that you can't lock yourself out accidentally like
this.
--
--
Mit freundlichen Grüßen,
Maximilian Meister
Systems Management Department
SUSE LINUX Products GmbH
Maxfeldstr. 5
D-90409 Nuremberg, Germany
http://www.suse.com
GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer, HRB 21284 (AG Nuremberg)
>From ac8d7ce0ab1e5319ce822a76557c5097ba24f148 Mon Sep 17 00:00:00 2001
From: Maximilian Meister <mmeis...@suse.de>
Date: Tue, 28 Jan 2014 14:54:37 +0100
Subject: [PATCH] add placeholder check to not accidentally submit the
placeholder or parts of it as a password
---
.../fragments/user/edit_user_table_rows.jspf | 1 +
web/html/javascript/spacewalk-placeholder-check.js | 29 ++++++++++++++++++++++
2 files changed, 30 insertions(+)
create mode 100644 web/html/javascript/spacewalk-placeholder-check.js
diff --git a/java/code/webapp/WEB-INF/pages/common/fragments/user/edit_user_table_rows.jspf b/java/code/webapp/WEB-INF/pages/common/fragments/user/edit_user_table_rows.jspf
index e00b70b..51a3581 100644
--- a/java/code/webapp/WEB-INF/pages/common/fragments/user/edit_user_table_rows.jspf
+++ b/java/code/webapp/WEB-INF/pages/common/fragments/user/edit_user_table_rows.jspf
@@ -44,6 +44,7 @@
</c:if>
</rhn:require>
+<script type="text/javascript" src="/javascript/spacewalk-placeholder-check.js"></script>
<div class="form-group">
<label class="col-lg-3 control-label"><bean:message key="password.displayname"/></label>
<div class="col-lg-6">
diff --git a/web/html/javascript/spacewalk-placeholder-check.js b/web/html/javascript/spacewalk-placeholder-check.js
new file mode 100644
index 0000000..d63486e
--- /dev/null
+++ b/web/html/javascript/spacewalk-placeholder-check.js
@@ -0,0 +1,29 @@
+// make sure not to submit the placeholder (or parts of it) as a password when editing a user
+$(document).ready(function () {
+ // Return true if all password fields are empty
+ function isPasswordFieldsEmpty() {
+ var empty = true;
+ $('input:password').each(function(index) {
+ if ($(this).val() != '') {
+ empty = false;
+ return false;
+ }
+ });
+ return empty;
+ }
+
+ // PLACEHOLDER needs to be in sync with PLACEHOLDER_PASSWORD
+ // in the UserActionHelper Java class.
+ var PLACEHOLDER = "******";
+ $('input:password').focus(function() {
+ if ($(this).val() == PLACEHOLDER) {
+ $('input:password').val('');
+ updateTickIcon();
+ }
+ }).blur(function() {
+ if (isPasswordFieldsEmpty()) {
+ $('input:password').val(PLACEHOLDER);
+ updateTickIcon();
+ }
+ });
+});
--
1.8.4
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
