LupusNobilis/sogo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sogo/UI/WebServerResources/js/Common/Authentication.service.js
Ludovic Marcotte 582baf2960 (feat) added AngularJS's XSRF support (#3246)
2016-04-26 11:07:22 -04:00

207 lines
7.1 KiB
JavaScript
Raw Blame History

/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* JavaScript for Authentication */
(function() {
/* jshint validthis: true */
'use strict';
angular.module('SOGo.Authentication', ['ngCookies'])
.constant('passwordPolicyConfig', {
PolicyPasswordChangeUnsupported: -3,
PolicyPasswordSystemUnknown: -2,
PolicyPasswordUnknown: -1,
PolicyPasswordExpired: 0,
PolicyAccountLocked: 1,
PolicyChangeAfterReset: 2,
PolicyPasswordModNotAllowed: 3,
PolicyMustSupplyOldPassword: 4,
PolicyInsufficientPasswordQuality: 5,
PolicyPasswordTooShort: 6,
PolicyPasswordTooYoung: 7,
PolicyPasswordInHistory: 8,
PolicyNoError: 65535
})
.provider('Authentication', Authentication);
function Authentication() {
function redirectUrl(username, domain) {
var userName, address, baseAddress, altBaseAddress, parts, hostpart, protocol, newAddress;
userName = username;
if (domain)
userName += '@' + domain.value;
address = '' + window.location.href;
baseAddress = ApplicationBaseURL + '/' + encodeURIComponent(userName);
if (baseAddress[0] == '/') {
parts = address.split('/');
hostpart = parts[2];
protocol = parts[0];
baseAddress = protocol + '//' + hostpart + baseAddress;
}
parts = baseAddress.split('/');
parts.splice(0, 3);
altBaseAddress = parts.join('/');
if ((address.startsWith(baseAddress) || address.startsWith(altBaseAddress)) &&
!address.endsWith('/logoff')) {
newAddress = address;
}
else {
newAddress = baseAddress;
}
return newAddress;
}
this.$get = getService;
/**
* @ngInject
*/
getService.$inject = ['$q', '$http', '$cookies', 'passwordPolicyConfig'];
function getService($q, $http, $cookies, passwordPolicyConfig) {
var service;
function readLoginCookie() {
var loginValues = null,
cookie = $cookies.get('0xHIGHFLYxSOGo'),
value;
if (cookie && cookie.length > 8) {
value = decodeURIComponent(cookie.substr(8));
loginValues = value.base64decode().split(':');
}
return loginValues;
}
service = {
login: function(data) {
var d = $q.defer(),
username = data.username,
password = data.password,
domain = data.domain,
language,
rememberLogin = data.rememberLogin ? 1 : 0;
if (data.loginSuffix && !username.endsWith(data.loginSuffix)) {
username += loginSuffix;
domain = false;
}
if (data.language && data.language != 'WONoSelectionString') {
language = data.language;
}
$http({
method: 'POST',
url: '/SOGo/connect',
data: {
userName: username,
password: password,
domain: domain,
language: language,
rememberLogin: rememberLogin
}
}).then(function(response) {
var data = response.data;
// Make sure browser's cookies are enabled
var loginCookie = readLoginCookie();
if (!loginCookie) {
d.reject(l('cookiesNotEnabled'));
}
else {
// Check password policy
if (typeof data.expire != 'undefined' && typeof data.grace != 'undefined') {
if (data.expire < 0 && data.grace > 0) {
d.reject({grace: data.grace});
//showPasswordDialog('grace', createPasswordGraceDialog, data['grace']);
} else if (data.expire > 0 && data.grace == -1) {
d.reject({expire: data.expire});
//showPasswordDialog('expiration', createPasswordExpirationDialog, data['expire']);
}
else {
d.resolve(redirectUrl(username, domain));
}
}
else {
d.resolve(redirectUrl(username, domain));
}
}
}, function(response) {
var msg, perr, data = response.data;
if (data && data.LDAPPasswordPolicyError) {
perr = data.LDAPPasswordPolicyError;
if (perr == passwordPolicyConfig.PolicyNoError) {
msg = l('Wrong username or password.');
}
else if (perr == passwordPolicyConfig.PolicyAccountLocked) {
msg = l('Your account was locked due to too many failed attempts.');
}
else {
msg = l('Login failed due to unhandled error case: ') + perr;
}
}
else {
msg = l('Unhandled error response');
}
d.reject({error: msg});
});
return d.promise;
}, // login: function(data) { ...
changePassword: function(newPassword) {
var d = $q.defer(),
loginCookie = readLoginCookie(),
xsrfCookie = $cookies.get('XSRF-TOKEN');
$cookies.remove('XSRF-TOKEN', {path: '/SOGo/'});
$http({
method: 'POST',
url: '/SOGo/so/changePassword',
headers: {
'X-XSRF-TOKEN' : xsrfCookie
},
data: {
userName: loginCookie[0],
password: loginCookie[1],
newPassword: newPassword }
}).then(d.resolve, function(response) {
var error,
data = response.data,
perr = data.LDAPPasswordPolicyError;
if (!perr) {
perr = passwordPolicyConfig.PolicyPasswordSystemUnknown;
error = _("Unhandled error response");
}
else if (perr == passwordPolicyConfig.PolicyNoError) {
error = l("Password change failed");
} else if (perr == passwordPolicyConfig.PolicyPasswordModNotAllowed) {
error = l("Password change failed - Permission denied");
} else if (perr == passwordPolicyConfig.PolicyInsufficientPasswordQuality) {
error = l("Password change failed - Insufficient password quality");
} else if (perr == passwordPolicyConfig.PolicyPasswordTooShort) {
error = l("Password change failed - Password is too short");
} else if (perr == passwordPolicyConfig.PolicyPasswordTooYoung) {
error = l("Password change failed - Password is too young");
} else if (perr == passwordPolicyConfig.PolicyPasswordInHistory) {
error = l("Password change failed - Password is in history");
} else {
error = l("Unhandled policy error: %{0}").formatted(perr);
perr = passwordPolicyConfig.PolicyPasswordUnknown;
}
// Restore the cookie
$cookies.put('XSRF-TOKEN', xsrfCookie, {path: '/SOGo/'});
d.reject(error);
});
return d.promise;
}
};
return service;
}
}
})();
Reference in a new issue View git blame Copy permalink