Fix #253 Fix #254

pydio · Aug 23, 2013 · 79ba3c2 · 79ba3c2
1 parent 63a7b48
commit 79ba3c2
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 11 deletions.
diff --git a/core/src/plugins/auth.multi/login_patch.xml b/core/src/plugins/auth.multi/login_patch.xml
@@ -9,10 +9,24 @@
 	}else{
 		modal.showDialogForm('Log In', ($('login_form')?'login_form':'login_form_dynamic'), 
 		function(oForm){
+            $("generic_dialog_box").setStyle({
+                top:$("progressBox").getStyle('top'),
+                left:$("progressBox").getStyle('left')
+            });
+            if(!Modernizr.input.placeholder) oForm.addClassName('no_placeholder');
+            $("generic_dialog_box").down(".titleString").hide();
+            $("generic_dialog_box").down("#modalCloseBtn").hide();
+            $("generic_dialog_box").down(".dialogTitle").setAttribute("style", $("progressBox").down(".dialogTitle").getAttribute("style"));
+            if(!$("generic_dialog_box").down("#progressCustomMessage")){
+                if($("progressBox").down("#progressCustomMessage")) $("generic_dialog_box").down(".dialogContent").insert({top:$("progressBox").down("#progressCustomMessage").cloneNode(true)});
+            }
+            oForm.setStyle({display:'block'});
+            oForm.up(".dialogContent").setStyle({backgroundImage:'none', borderWidth:0});
+
 			if(!$('auth_source')){
 				var auth_chooser = '<div class="SF_element"> \
 					<div class="SF_label"><ajxp:message ajxp_message_id="396">'+MessageHash[396]+'</ajxp:message></div> \
-					<div class="SF_input"><select id="auth_source" name="auth_source" style="width: 100px; padding:0px;" class="dialogFocus"></select></div> \
+					<div class="SF_input"><select id="auth_source" name="auth_source" style="width: 210px; height:28px; padding:3px 0px; font-size:14px;" class="dialogFocus"></select></div> \
 				</div>';
 				oForm.down('div.SF_element').insert({before:auth_chooser});
 				$H(authSources).each(function(pair){
@@ -33,7 +47,17 @@
 				});
 				oForm.down('input[type="text"]').key_enter_attached = true;
 			}
-		}, 
+            var authConfs = ajaxplorer.getPluginConfigs("auth");
+            if(authConfs && authConfs.get("SECURE_LOGIN_FORM")){
+                try{
+                    oForm.down('input[name="remember_me"]').up("div.SF_element").remove();
+                    oForm.down('input[name="userid"]').setAttribute("autocomplete", "off");
+                    oForm.down('input[name="password"]').setAttribute("autocomplete", "off");
+                    oForm.setAttribute("autocomplete", "off");
+                }catch(e){}
+            }
+            modal.refreshDialogPosition();
+		},
 		function(){
 			var oForm = modal.getForm();
 			var connexion = new Connexion();
@@ -46,7 +70,7 @@
 			}
 			connexion.addParameter('login_seed', oForm.login_seed.value);
 			connexion.addParameter('auth_source', selectedSource);
-			connexion.addParameter('remember_me', (oForm.remember_me.checked?"true":"false"));
+			connexion.addParameter('remember_me', (oForm.remember_me && oForm.remember_me.checked?"true":"false"));
 			if(oForm.login_seed.value != '-1'){
 				connexion.addParameter('password', hex_md5(hex_md5(oForm.password.value)+oForm.login_seed.value));
 			}else{

diff --git a/core/src/plugins/core.auth/manifest.xml b/core/src/plugins/core.auth/manifest.xml
@@ -12,6 +12,7 @@
 		<global_param name="ALLOW_GUEST_BROWSING" group="CONF_MESSAGE[Generic Auth Features]"  type="boolean" label="CONF_MESSAGE[Guest Browsing]" description="CONF_MESSAGE[Enable the 'guest' user, who does not need to log in.]" mandatory="true" default="false"/>
 		<global_param name="PASSWORD_MINLENGTH" group="CONF_MESSAGE[Generic Auth Features]" type="string" label="CONF_MESSAGE[Password length]" description="CONF_MESSAGE[Minimum number of characters required for passwords in the application]" mandatory="true" default="8"/>
 		<global_param name="SESSION_SET_CREDENTIALS" group="CONF_MESSAGE[Generic Auth Features]"  type="boolean" label="CONF_MESSAGE[Store Credentials in Session]" description="CONF_MESSAGE[Set the users credentials in the session after a successful login, this can be necessary when bridging specific auth and access plugins.]" mandatory="true" default="false"/>
+		<global_param name="SECURE_LOGIN_FORM" group="CONF_MESSAGE[Generic Auth Features]"  type="boolean" label="CONF_MESSAGE[Secure Login Form]" description="CONF_MESSAGE[Raise the security of the login form by disabling autocompletion and remember me feature]" mandatory="true" default="false" expose="true"/>
         <global_param type="plugin_instance:auth" name="MASTER_INSTANCE_CONFIG" group="CONF_MESSAGE[Main Instance]" label="CONF_MESSAGE[Instance Type]" description="CONF_MESSAGE[Choose the configuration plugin]" mandatory="true" default="auth.serial"/>
 
         <global_param group="CONF_MESSAGE[Secondary Instance (optional)]" name="MULTI_MODE" type="group_switch:multimode" label="CONF_MESSAGE[Mode]" description="CONF_MESSAGE[Master/slave will assume that the master is read-only, and the slave is a local alternative to allow sharing features. User Choice will allow the user to manually choose its authentification method at startup.]" mandatory="true" default="MASTER_SLAVE"/>

diff --git a/core/src/plugins/core.auth/standard_auth_actions.xml b/core/src/plugins/core.auth/standard_auth_actions.xml
@@ -17,7 +17,7 @@
 						document.location.href=loginRedirect;
 					}else{
 					    modal.setCloseValidation(function(){
-					        return false;
+					        return (ajaxplorer && ajaxplorer.user && ajaxplorer.user.id == "guest")
 					    });
 						modal.showDialogForm('Log In', ($('login_form')?'login_form':'login_form_dynamic'), 
 						function(oForm){
@@ -35,12 +35,6 @@
 						    oForm.setStyle({display:'block'});
 						    oForm.up(".dialogContent").setStyle({backgroundImage:'none', borderWidth:0});
 
-						    /*
-						    if(ajxpBootstrap.parameters.get("customWording")){
-                                var ttSt = $("generic_dialog_box").down("span.titleString");
-                                ttSt.innerHTML = ttSt.innerHTML.replace("AjaXplorer", ajxpBootstrap.parameters.get("customWording").title );
-						    }
-						    */
 							ajaxplorer.loadSeedOrCaptcha(oForm.down('#login_seed'), oForm.down('img#captcha_image'), oForm.down('div.dialogLegend'), 'before');
 							if(Prototype.Browser.IE && !Modernizr.borderradius && !oForm.down('input[type="text"]').key_enter_attached){
 								oForm.select('input').invoke("observe", "keydown", function(event){
@@ -55,14 +49,25 @@
 								});
 								oForm.down('input[type="text"]').key_enter_attached = true;
 							}
+
+                            var authConfs = ajaxplorer.getPluginConfigs("auth");
+                            if(authConfs && authConfs.get("SECURE_LOGIN_FORM")){
+                                try{
+                                    oForm.down('input[name="remember_me"]').up("div.SF_element").remove();
+                                    oForm.down('input[name="userid"]').setAttribute("autocomplete", "off");
+                                    oForm.down('input[name="password"]').setAttribute("autocomplete", "off");
+                                    oForm.setAttribute("autocomplete", "off");
+                                }catch(e){}
+                            }
+                            modal.refreshDialogPosition();
 						}, 
 						function(){
 							var oForm = modal.getForm();
 							var connexion = new Connexion();
 							connexion.addParameter('get_action', 'login');
 							connexion.addParameter('userid', oForm.userid.value);
 							connexion.addParameter('login_seed', oForm.login_seed.value);
-							connexion.addParameter('remember_me', (oForm.remember_me.checked?"true":"false"));
+							connexion.addParameter('remember_me', (oForm.remember_me && oForm.remember_me.checked?"true":"false"));
 							if(oForm.login_seed.value != '-1'){
 								connexion.addParameter('password', hex_md5(hex_md5(oForm.password.value)+oForm.login_seed.value));
 							}else{