Avoid to store passwords (#2557)

466b6a32 · Christophe Maudoux · c084cc28 · 466b6a32 · 466b6a32 · 466b6a32
Commit 466b6a32 authored Jul 04, 2021 by Christophe Maudoux
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -244,6 +244,7 @@ sub display {
            PING           => $self->conf->{portalPingInterval},
            REQUIRE_OLDPASSWORD =>
              $self->requireOldPwd->( $req, $req->userData ),
+            DONT_STORE_PASSWORD   => $self->conf->{browsersDontStorePassword},
            HIDE_OLDPASSWORD   => 0,
            PPOLICY_NOPOLICY   => !$self->isPP(),
            DISPLAY_PPOLICY    => $self->conf->{portalDisplayPasswordPolicy},
@@ -443,6 +444,7 @@ sub display {
                    $req->data->{oldpassword} ) ? ""
                : $req->data->{oldpassword},
                HIDE_OLDPASSWORD => $self->conf->{hideOldPassword},
+                DONT_STORE_PASSWORD   => $self->conf->{browsersDontStorePassword},
                PPOLICY_NOPOLICY => !$self->isPP(),
                DISPLAY_PPOLICY  => $self->conf->{portalDisplayPasswordPolicy},
                PPOLICY_MINSIZE  => $self->conf->{passwordPolicyMinSize},

--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@@ -537,25 +537,50 @@ $(window).on 'load', () ->

 	# Functions to show/hide change password inputs
 	$('#show-hide-button').on 'click', () ->
-		if  $("#newpassword").attr('type') == 'password'
-			console.log 'Show passwords'
-			$("#newpassword").attr('type', 'input')
-			$("#confirmpassword").attr('type', 'input')
-			$("#show-hide-icon-button").toggleClass("fa-eye fa-eye-slash")
+		if $("#newpassword").attr('autocomplete') == 'off'
+			if  $("#newpassword").attr('class') == 'form-control key' || $("#confirmpassword").attr('class') == 'form-control key'
+				console.log 'Show passwords'
+				$("#newpassword").attr('class', 'form-control')
+				$("#confirmpassword").attr('class', 'form-control')
+				$("#show-hide-icon-button").attr('class', 'fa fa-eye-slash')
+			else
+				console.log 'Hide passwords'
+				$("#newpassword").attr('class', 'form-control key') if $("#newpassword").get(0).value
+				$("#confirmpassword").attr('class', 'form-control key') if $("#confirmpassword").get(0).value
+				$("#show-hide-icon-button").attr('class', 'fa fa-eye') if ($("#newpassword").get(0).value || $("#confirmpassword").get(0).value)
 		else
-			console.log 'Hide passwords'
-			$("#newpassword").attr('type', 'password')
-			$("#confirmpassword").attr('type', 'password')
-			$("#show-hide-icon-button").toggleClass("fa-eye fa-eye-slash")
+			if  $("#newpassword").attr('type') == 'password'
+				console.log 'Show passwords'
+				$("#newpassword").attr('type', 'text')
+				$("#confirmpassword").attr('type', 'text')
+				$("#show-hide-icon-button").attr('class', 'fa fa-eye-slash')
+			else
+				console.log 'Hide passwords'
+				$("#newpassword").attr('type', 'password')
+				$("#confirmpassword").attr('type', 'password')
+				$("#show-hide-icon-button").attr('class', 'fa fa-eye')

 	# Functions to show/hide placeholder password inputs
 	$('#passwordfield').on 'input', () ->
-		if $('#passwordfield').get(0).value && $('#passwordfield').attr('type') == 'text'
-			$("#passwordfield").removeClass 'form-control'
-			$("#passwordfield").addClass 'form-control key'
+		if $('#passwordfield').get(0).value && $("#passwordfield").attr('autocomplete') == 'off'
+			$("#passwordfield").attr('class', 'form-control key')
+		else
+			$("#passwordfield").attr('class', 'form-control')
+	$('#oldpassword').on 'input', () ->
+		if $('#oldpassword').get(0).value && $('#oldpassword').attr('autocomplete') == 'off'
+			$("#oldpassword").attr('class', 'form-control key')
+		else
+			$("#oldpassword").attr('class', 'form-control')
+	$('#newpassword').on 'input', () ->
+		if $('#newpassword').get(0).value && $('#newpassword').attr('autocomplete') == 'off'
+			$("#newpassword").attr('class', 'form-control key') if $("#show-hide-icon-button").attr('class') == 'fa fa-eye'
+		else
+			$("#newpassword").attr('class', 'form-control')
+	$('#confirmpassword').on 'input', () ->
+		if $('#confirmpassword').get(0).value && $('#confirmpassword').attr('autocomplete') == 'off'
+			$("#confirmpassword").attr('class', 'form-control key') if $("#show-hide-icon-button").attr('class') == 'fa fa-eye'
 		else
-			$("#passwordfield").removeClass 'form-control key'
-			$("#passwordfield").addClass 'form-control'
+			$("#confirmpassword").attr('class', 'form-control')

 	#$('#formpass').on 'submit', changePwd


--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -583,25 +583,68 @@ LemonLDAP::NG Portal jQuery scripts
      return removeOidcConsent($(this).attr('partner'));
    });
    $('#show-hide-button').on('click', function() {
-      if ($("#newpassword").attr('type') === 'password') {
-        console.log('Show passwords');
-        $("#newpassword").attr('type', 'input');
-        $("#confirmpassword").attr('type', 'input');
-        return $("#show-hide-icon-button").toggleClass("fa-eye fa-eye-slash");
+      if ($("#newpassword").attr('autocomplete') === 'off') {
+        if ($("#newpassword").attr('class') === 'form-control key' || $("#confirmpassword").attr('class') === 'form-control key') {
+          console.log('Show passwords');
+          $("#newpassword").attr('class', 'form-control');
+          $("#confirmpassword").attr('class', 'form-control');
+          return $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash');
+        } else {
+          console.log('Hide passwords');
+          if ($("#newpassword").get(0).value) {
+            $("#newpassword").attr('class', 'form-control key');
+          }
+          if ($("#confirmpassword").get(0).value) {
+            $("#confirmpassword").attr('class', 'form-control key');
+          }
+          if ($("#newpassword").get(0).value || $("#confirmpassword").get(0).value) {
+            return $("#show-hide-icon-button").attr('class', 'fa fa-eye');
+          }
+        }
      } else {
-        console.log('Hide passwords');
-        $("#newpassword").attr('type', 'password');
-        $("#confirmpassword").attr('type', 'password');
-        return $("#show-hide-icon-button").toggleClass("fa-eye fa-eye-slash");
+        if ($("#newpassword").attr('type') === 'password') {
+          console.log('Show passwords');
+          $("#newpassword").attr('type', 'text');
+          $("#confirmpassword").attr('type', 'text');
+          return $("#show-hide-icon-button").attr('class', 'fa fa-eye-slash');
+        } else {
+          console.log('Hide passwords');
+          $("#newpassword").attr('type', 'password');
+          $("#confirmpassword").attr('type', 'password');
+          return $("#show-hide-icon-button").attr('class', 'fa fa-eye');
+        }
      }
    });
    $('#passwordfield').on('input', function() {
-      if ($('#passwordfield').get(0).value && $('#passwordfield').attr('type') === 'text') {
-        $("#passwordfield").removeClass('form-control');
-        return $("#passwordfield").addClass('form-control key');
+      if ($('#passwordfield').get(0).value && $("#passwordfield").attr('autocomplete') === 'off') {
+        return $("#passwordfield").attr('class', 'form-control key');
+      } else {
+        return $("#passwordfield").attr('class', 'form-control');
+      }
+    });
+    $('#oldpassword').on('input', function() {
+      if ($('#oldpassword').get(0).value && $('#oldpassword').attr('autocomplete') === 'off') {
+        return $("#oldpassword").attr('class', 'form-control key');
+      } else {
+        return $("#oldpassword").attr('class', 'form-control');
+      }
+    });
+    $('#newpassword').on('input', function() {
+      if ($('#newpassword').get(0).value && $('#newpassword').attr('autocomplete') === 'off') {
+        if ($("#show-hide-icon-button").attr('class') === 'fa fa-eye') {
+          return $("#newpassword").attr('class', 'form-control key');
+        }
+      } else {
+        return $("#newpassword").attr('class', 'form-control');
+      }
+    });
+    $('#confirmpassword').on('input', function() {
+      if ($('#confirmpassword').get(0).value && $('#confirmpassword').attr('autocomplete') === 'off') {
+        if ($("#show-hide-icon-button").attr('class') === 'fa fa-eye') {
+          return $("#confirmpassword").attr('class', 'form-control key');
+        }
      } else {
-        $("#passwordfield").removeClass('form-control key');
-        return $("#passwordfield").addClass('form-control');
+        return $("#confirmpassword").attr('class', 'form-control');
      }
    });
    $('#resetfinduserform').on('click', function() {

--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js.map
--- a/lemonldap-ng-portal/site/templates/bootstrap/password.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/password.tpl
@@ -26,7 +26,6 @@
    </TMPL_IF>

    <TMPL_IF NAME="REQUIRE_OLDPASSWORD">
-
      <TMPL_IF NAME="HIDE_OLDPASSWORD">
        <input id="oldpassword" name="oldpassword" type="hidden" value="<TMPL_VAR NAME=OLDPASSWORD>" aria-required="true">
      <TMPL_ELSE>
@@ -34,10 +33,13 @@
          <div class="input-group-prepend">
            <span class="input-group-text"><label for="oldpassword" class="mb-0"><i class="fa fa-lock"></i></label></span>
          </div>
-          <input id="oldpassword" name="oldpassword" type="password" value="<TMPL_VAR NAME=OLDPASSWORD>" class="form-control" trplaceholder="currentPwd" required aria-required="true">
+          <TMPL_IF NAME="DONT_STORE_PASSWORD">
+            <input id="oldpassword" name="oldpassword" type="text" value="<TMPL_VAR NAME=OLDPASSWORD>" class="form-control" trplaceholder="currentPwd" autocomplete="off" required aria-required="true">
+          <TMPL_ELSE>
+            <input id="oldpassword" name="oldpassword" type="password" value="<TMPL_VAR NAME=OLDPASSWORD>" class="form-control" trplaceholder="currentPwd" required aria-required="true">
+          </TMPL_IF>
        </div>
      </TMPL_IF>
-
    </TMPL_IF>

    <TMPL_IF NAME="DISPLAY_PPOLICY"><TMPL_INCLUDE NAME="passwordpolicy.tpl"></TMPL_IF>
@@ -46,15 +48,22 @@
      <div class="input-group-prepend">
        <span class="input-group-text"><label for="newpassword" class="mb-0"><i class="fa fa-lock"></i></label></span>
      </div>
-      <input id="newpassword" name="newpassword" type="password" class="form-control" trplaceholder="newPassword" required aria-required="true"/>
+      <TMPL_IF NAME="DONT_STORE_PASSWORD">
+        <input id="newpassword" name="newpassword" type="text" class="form-control" trplaceholder="newPassword" autocomplete="off" required aria-required="true"/>
+      <TMPL_ELSE>
+        <input id="newpassword" name="newpassword" type="password" class="form-control" trplaceholder="newPassword" required aria-required="true"/>
+      </TMPL_IF>
    </div>
    <div class="form-group input-group">
      <div class="input-group-prepend">
        <span class="input-group-text"><label for="confirmpassword" class="mb-0"><i class="fa fa-lock"></i></label></span>
      </div>
-      <input id="confirmpassword" name="confirmpassword" type="password" class="form-control" trplaceholder="confirmPwd" required aria-required="true"/>
+      <TMPL_IF NAME="DONT_STORE_PASSWORD">
+        <input id="confirmpassword" name="confirmpassword" type="text" class="form-control" trplaceholder="confirmPwd" autocomplete="off" required aria-required="true"/>
+      <TMPL_ELSE>
+        <input id="confirmpassword" name="confirmpassword" type="password" class="form-control" trplaceholder="confirmPwd" required aria-required="true"/>
+      </TMPL_IF>
    </div>
-
    <div class="buttons">
      <button type="submit" class="btn btn-success">
        <span class="fa fa-check-circle"></span>