Skip to content

Commit db35328

Browse files
mixmanmixman
committed
Merge pull request #65 from futurice/improve-password-change
Improve password change
2 parents 5266337 + f62acc6 commit db35328

File tree

3 files changed

+39
-21
lines changed

3 files changed

+39
-21
lines changed

fum/api/views.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -326,9 +326,9 @@ def password(self, request, username=None, relname=None):
326326
user.set_ldap_password(password)
327327
return Response("Ok", status=200)
328328
except Exception, e:
329-
return Response("Fail: %s"%e, status=500)
329+
return Response("New password too similar to the username or to an old password", status=403)
330330
else:
331-
return Response("Old password fail", status=403)
331+
return Response("Incorrect old password", status=403)
332332

333333
# TODO: Faster failing option: try to first write to ldap, only then save the image files to disk?
334334
@action(methods=['post'])

fum/common/static/js/main.js

Lines changed: 31 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -56,20 +56,20 @@ $.fn.editable.defaults.select2 = {
5656
})();
5757

5858
function validatePassword(password) {
59-
if (password.length < 10) {
60-
return "Password has to be at least 10 characters long";
61-
}
59+
return validatePasswordLength(password) &&
60+
validatePasswordCharacterGroups(password);
61+
}
6262

63+
function validatePasswordLength(password) {
64+
return password.length >= 10;
65+
}
66+
function validatePasswordCharacterGroups(password) {
6367
lower_case = new RegExp('[a-z]').test(password);
6468
upper_case = new RegExp('[A-Z]').test(password);
6569
numbers = new RegExp('[0-9]').test(password);
6670
special = new RegExp('[^a-zA-Z0-9]').test(password);
6771

68-
if (lower_case + upper_case + numbers + special < 3) {
69-
return "You must have characters from at least 3 character groups (a-z, A-Z, 0-9, special)";
70-
}
71-
72-
return "OK";
72+
return (lower_case + upper_case + numbers + special) >= 3
7373
}
7474

7575
$(document).ready(function(){
@@ -102,41 +102,56 @@ $(document).ready(function(){
102102
*/
103103
$('#password-modal').on('shown', function() {
104104
$('#password-modal input:visible').first().focus();
105+
$('#password-length').show();
106+
$('#password-character-groups').show();
107+
$('#passwords-matching').hide();
105108
});
106109

107110
$('#password-modal').on('hide', function() {
108111
$('#password-new, #password-new-again, #password-current').val('');
109112
$('#password-status, #password-status-again').html('');
110113
$('#password-new-again').change();
114+
$('#wrong-password-alert').hide();
111115
});
112116
/* validations */
113117
$('#password-new').bind("change paste keyup", function() {
114-
$('#password-status').html(validatePassword($(this).val()));
118+
if(!validatePasswordLength($(this).val())){
119+
$('#password-length').show();
120+
}else{
121+
$('#password-length').hide();
122+
}
123+
if(!validatePasswordCharacterGroups($(this).val())){
124+
$('#password-character-groups').show();
125+
}else{
126+
$('#password-character-groups').hide();
127+
}
115128
$('#password-new-again').change();
116129
});
117130

118131
$('#password-new-again').bind("change paste keyup", function() {
119-
var state = "No match";
120132
if ($(this).val() === $('#password-new').val() && $(this).val().length > 0) {
121-
state = "OK";
122-
if (validatePassword($('#password-new').val()) === "OK") {
133+
$('#passwords-matching').hide();
134+
if (validatePassword($('#password-new').val())) {
123135
$('#password-change').removeClass('btn-warning').addClass('btn-success').removeAttr('disabled');
124136
}
125137
} else {
138+
$('#passwords-matching').show();
126139
$('#password-change').removeClass('btn-success').addClass('btn-warning').attr('disabled', 'disabled');
127140
}
128141
if ($(this).val().length < 1) {
129-
state = "";
142+
$('#passwords-matching').hide();
130143
}
131-
$('#password-status-again').html(state);
132144
});
133145

134146
/* custom ajax post */
135147
$('#password-change').click(function() {
136-
if ($('#password-new').val() === $('#password-new-again').val() && validatePassword($('#password-new').val()) === "OK") {
148+
if ($('#password-new').val() === $('#password-new-again').val() && validatePassword($('#password-new').val())) {
137149
$.post($(this).attr('data-url'), { 'password': $('#password-new').val(), 'old_password': $('#password-current').val() || "" })
138150
.done(function() { $('#password-cancel').click(); })
139-
.fail(function(data) { $('#password-status-again').html(data.responseText); });
151+
.fail(function(data) {
152+
$('#wrong-password-alert').html(data.responseText.replace(/\"/g, ""));
153+
$('#wrong-password-alert').show();
154+
});
140155
} else {
141156
return;
142157
}

fum/users/templates/users/users_detail.html

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -181,17 +181,20 @@ <h3>Change password{% if sudo %} (for user {{object.username}}) {% endif %}</h3>
181181
{% if sudo %}
182182
<a href="{% url "users-changepassword" object.username %}" id="sudo_change_password">SUDO: Change to a random password and send it via SMS</a>
183183
{% endif %}
184-
184+
<div id="wrong-password-alert" class="alert alert-danger" style="display:none;"></div>
185+
<div id="password-length" class="alert alert-info">Password must be at least 10 characters long</div>
186+
<div id="password-character-groups" class="alert alert-info">Password must have characters from at least 3 character groups (a-z, A-Z, 0-9, special)</div>
187+
<div id="passwords-matching" class="alert alert-info" style="display:none;">Passwords don't match</div>
185188
{% if not sudo %}
189+
186190
<label>Current password</label>
187191
<input type="password" id="password-current"></input>
188192
{% endif %}
193+
<br>
189194
<label>New password</label>
190195
<input type="password" id="password-new"></input>
191-
<div id="password-status"></div>
192196
<label>Again</label>
193197
<input type="password" id="password-new-again"></input>
194-
<div id="password-status-again"></div>
195198
</div>
196199
<div class="modal-footer">
197200
<a href="#" class="btn" data-dismiss="modal" id="password-cancel">Cancel</a>

0 commit comments

Comments
 (0)