LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
sogo/UI/WebServerResources/js/Common/Authentication.service.js

218 lines
7.8 KiB
JavaScript
Raw Blame History

/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* JavaScript for Authentication */
(function() {
/* jshint validthis: true */
'use strict';
angular.module('SOGo.Authentication', ['ngCookies'])
.constant('passwordPolicyConfig', {
PolicyPasswordChangeUnsupported: -3,
PolicyPasswordSystemUnknown: -2,
PolicyPasswordUnknown: -1,
PolicyPasswordExpired: 0,
PolicyAccountLocked: 1,
PolicyChangeAfterReset: 2,
PolicyPasswordModNotAllowed: 3,
PolicyMustSupplyOldPassword: 4,
PolicyInsufficientPasswordQuality: 5,
PolicyPasswordTooShort: 6,
PolicyPasswordTooYoung: 7,
PolicyPasswordInHistory: 8,
PolicyNoError: 65535
})
.provider('Authentication', Authentication);
function Authentication() {
function redirectUrl(username, domain) {
var userName, address, baseAddress, parts, hostpart, protocol, newAddress;
userName = username;
if (domain)
userName += '@' + domain;
address = '' + window.location.href;
baseAddress = ApplicationBaseURL + encodeURIComponent(userName);
if (baseAddress[0] == '/') {
parts = address.split('/');
hostpart = parts[2];
protocol = parts[0];
baseAddress = protocol + '//' + hostpart + baseAddress;
}
if (address.startsWith(baseAddress) && !address.endsWith('/logoff'))
newAddress = address;
else
newAddress = baseAddress;
return newAddress;
}
this.$get = getService;
/**
* @ngInject
*/
getService.$inject = ['$q', '$http', '$cookies', 'passwordPolicyConfig'];
function getService($q, $http, $cookies, passwordPolicyConfig) {
var service;
service = {
login: function(data) {
var d = $q.defer(),
username = data.username,
password = data.password,
verificationCode = data.verificationCode,
domain = data.domain,
language,
rememberLogin = data.rememberLogin ? 1 : 0;
if (data.loginSuffix && !username.endsWith(data.loginSuffix)) {
username += loginSuffix;
domain = false;
}
if (data.language && data.language != 'WONoSelectionString') {
language = data.language;
}
$http({
method: 'POST',
url: '/SOGo/connect',
data: {
userName: username,
password: password,
verificationCode: verificationCode,
domain: domain,
language: language,
rememberLogin: rememberLogin
}
}).then(function(response) {
var data = response.data;
// Make sure browser's cookies are enabled
if (navigator && !navigator.cookieEnabled) {
d.reject({error: l('cookiesNotEnabled')});
}
else {
// Check for TOTP
if (typeof data.totpMissingKey != 'undefined' && response.status == 202) {
d.resolve({totpmissingkey: 1});
}
// Check password policy
else if (typeof data.expire != 'undefined' && typeof data.grace != 'undefined') {
if (data.expire < 0 && data.grace > 0) {
d.reject({
cn: data.cn,
url: redirectUrl(username, domain),
grace: data.grace
});
} else if (data.expire > 0 && data.grace == -1) {
d.reject({
cn: data.cn,
url: redirectUrl(username, domain),
expire: data.expire
});
}
else {
d.resolve({
cn: data.cn,
url: redirectUrl(username, domain)
});
}
}
else {
d.resolve({ url: redirectUrl(username, domain) });
}
}
}, function(error) {
var response, perr, data = error.data;
if (data && data.totpInvalidKey) {
response = {error: l('You provided an invalid TOTP key.')};
}
else if (data && angular.isDefined(data.LDAPPasswordPolicyError)) {
perr = data.LDAPPasswordPolicyError;
if (perr == passwordPolicyConfig.PolicyNoError) {
response = {error: l('Wrong username or password.')};
}
else if (perr == passwordPolicyConfig.PolicyAccountLocked) {
response = {error: l('Your account was locked due to too many failed attempts.')};
}
else if (perr == passwordPolicyConfig.PolicyPasswordExpired ||
perr == passwordPolicyConfig.PolicyChangeAfterReset) {
response = {
passwordexpired: 1,
url: redirectUrl(username, domain)
};
}
else if (perr == passwordPolicyConfig.PolicyChangeAfterReset) {
response = {
passwordexpired: 1,
url: redirectUrl(username, domain)
};
}
else {
response = {error: l('Login failed due to unhandled error case: ') + perr};
}
}
else {
response = {error: l('Unhandled error response')};
}
d.reject(response);
});
return d.promise;
}, // login: function(data) { ...
changePassword: function(userName, domain, newPassword, oldPassword) {
var d = $q.defer(),
xsrfCookie = $cookies.get('XSRF-TOKEN');
$cookies.remove('XSRF-TOKEN', {path: '/SOGo/'});
$http({
method: 'POST',
url: '/SOGo/so/changePassword',
headers: {
'X-XSRF-TOKEN' : xsrfCookie
},
data: { userName: userName, newPassword: newPassword, oldPassword: oldPassword }
}).then(function() {
d.resolve({url: redirectUrl(userName, domain)});
}, function(response) {
var error,
data = response.data,
perr = data.LDAPPasswordPolicyError;
if (!perr) {
perr = passwordPolicyConfig.PolicyPasswordSystemUnknown;
error = _("Unhandled error response");
}
else if (perr == passwordPolicyConfig.PolicyNoError ||
perr == passwordPolicyConfig.PolicyPasswordUnknown) {
error = l("Password change failed");
} else if (perr == passwordPolicyConfig.PolicyPasswordModNotAllowed) {
error = l("Password change failed - Permission denied");
} else if (perr == passwordPolicyConfig.PolicyInsufficientPasswordQuality) {
error = l("Password change failed - Insufficient password quality");
} else if (perr == passwordPolicyConfig.PolicyPasswordTooShort) {
error = l("Password change failed - Password is too short");
} else if (perr == passwordPolicyConfig.PolicyPasswordTooYoung) {
error = l("Password change failed - Password is too young");
} else if (perr == passwordPolicyConfig.PolicyPasswordInHistory) {
error = l("Password change failed - Password is in history");
} else {
error = l("Unhandled policy error: %{0}").formatted(perr);
perr = passwordPolicyConfig.PolicyPasswordUnknown;
}
// Restore the cookie
$cookies.put('XSRF-TOKEN', xsrfCookie, {path: '/SOGo/'});
d.reject(error);
});
return d.promise;
}
};
return service;
}
}
})();
Reference in New Issue View Git Blame Copy Permalink