Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
🔒 fixed further security vulnerabilities adding additional password v…
…alidation

💄 improved light and dark theme (thanks @thomas-kromit)
  • Loading branch information
faburem committed Jun 16, 2022
1 parent e09390c commit 7f09078
Show file tree
Hide file tree
Showing 10 changed files with 230 additions and 140 deletions.
8 changes: 4 additions & 4 deletions imports/ui/pages/changePassword.html
Expand Up @@ -15,22 +15,22 @@ <h3>{{t "login.change_password"}}</h3>
<label class="control-label" for="at-field-password">
{{t "login.current_password"}}
</label>
<input aria-label='{{t "login.current_password"}}' type="password" class="form-control" id="at-field-current-password" name="at-field-current-password" placeholder="Current Password" autocapitalize="none" autocorrect="off">
<input aria-label='{{t "login.current_password"}}' type="password" class="form-control" id="at-field-current-password" name="at-field-current-password" placeholder="Current Password" autocapitalize="none" autocorrect="off" maxlength="50">
<span class="help-block hide"></span>
</div>
{{/unless}}
<div class="at-input mb-3 has-feedback">
<label class="control-label" for="at-field-password">
{{t "login.password"}}
</label>
<input type="password" class="form-control" id="at-field-password" name="at-field-password" placeholder="{{t 'login.password'}}" autocapitalize="none" autocorrect="off">
<span class="help-block hide"></span>
<input type="password" class="form-control" id="at-field-password" name="at-field-password" placeholder="{{t 'login.password'}}" autocapitalize="none" autocorrect="off" maxlength="50" minlength="8">
<div class="js-password-feedback invalid-feedback hide"></div>
</div>
<div class="at-input mb-3 has-feedback">
<label class="control-label" for="at-field-password_again">
{{t "login.password_again"}}
</label>
<input aria-label='{{t "login.password_again"}}' type="password" class="form-control" id="at-field-password-again" name="at-field-password-again" placeholder="{{t 'login.password_again'}}" autocapitalize="none" autocorrect="off">
<input aria-label='{{t "login.password_again"}}' type="password" class="form-control" id="at-field-password-again" name="at-field-password-again" placeholder="{{t 'login.password_again'}}" autocapitalize="none" autocorrect="off" maxlength="50" minlength="8">
<span class="help-block hide"></span>
</div>
<div class="row">
Expand Down
36 changes: 35 additions & 1 deletion imports/ui/pages/changePassword.js
@@ -1,5 +1,5 @@
import { FlowRouter } from 'meteor/ostrio:flow-router-extra'
import { showToast } from '../../utils/frontend_helpers.js'
import { showToast, validatePassword } from '../../utils/frontend_helpers.js'
import './changePassword.html'
import { t } from '../../utils/i18n.js'

Expand All @@ -14,6 +14,14 @@ Template.changePassword.events({
return
}
if (FlowRouter.getParam('token') && templateInstance.$('#at-field-password').val() && templateInstance.$('#at-field-password-again').val()) {
const passwordValidation = validatePassword(templateInstance.$('#at-field-password').val())
if (!passwordValidation.valid) {
templateInstance.$('#at-field-password').addClass('is-invalid')
templateInstance.$('#at-field-password-again').addClass('is-invalid')
templateInstance.$('.notification').text(passwordValidation.message)
document.querySelector('.notification').classList.toggle('d-none')
return
}
Accounts.resetPassword(FlowRouter.getParam('token'), templateInstance.$('#at-field-password').val(), (error) => {
if (error) {
templateInstance.$('.notification').text(t(`login.${error.error}`))
Expand All @@ -24,6 +32,14 @@ Template.changePassword.events({
}
})
} else if (Meteor.user() && templateInstance.$('#at-field-current-password').val() && templateInstance.$('#at-field-password').val() && templateInstance.$('#at-field-password-again').val()) {
const passwordValidation = validatePassword(templateInstance.$('#at-field-password').val())
if (!passwordValidation.valid) {
templateInstance.$('#at-field-password').addClass('is-invalid')
templateInstance.$('#at-field-password-again').addClass('is-invalid')
templateInstance.$('.notification').text(passwordValidation.message)
document.querySelector('.notification').classList.toggle('d-none')
return
}
Accounts.changePassword(templateInstance.$('#at-field-current-password').val(), templateInstance.$('#at-field-password').val(), (error) => {
if (error) {
templateInstance.$('.notification').text(t(`login.${error.error}`))
Expand All @@ -35,6 +51,24 @@ Template.changePassword.events({
})
}
},
'keyup #at-field-password': (event, templateInstance) => {
event.preventDefault()
const validetedPW = validatePassword(templateInstance.$('#at-field-password').val())
templateInstance.$('.js-password-feedback').text(validetedPW.message)
if (validetedPW.valid) {
templateInstance.$('#at-field-password').removeClass('is-invalid')
templateInstance.$('#at-field-password-again').removeClass('is-invalid')
templateInstance.$('.js-password-feedback').removeClass('invalid-feedback')
templateInstance.$('.js-password-feedback').addClass('valid-feedback')
templateInstance.$('.js-password-feedback').removeClass('hide')
} else {
templateInstance.$('#at-field-password').addClass('is-invalid')
templateInstance.$('.js-password-feedback').removeClass('valid-feedback')
templateInstance.$('.js-password-feedback').addClass('invalid-feedback')
templateInstance.$('.js-password-feedback').removeClass('hide')
templateInstance.$('.js-password-feedback').addClass('d-block')
}
},
})
Template.changePassword.helpers({
hasTokenSet: () => FlowRouter.getParam('token'),
Expand Down
4 changes: 2 additions & 2 deletions imports/ui/pages/register.html
Expand Up @@ -26,14 +26,14 @@ <h3>{{t "login.register"}}</h3>
<label class="control-label" for="at-field-password">
{{t "login.password"}}
</label>
<input type="password" class="form-control" id="at-field-password" name="at-field-password" placeholder="{{t 'login.password'}}" autocapitalize="none" autocorrect="off">
<input type="password" class="form-control" id="at-field-password" name="at-field-password" placeholder="{{t 'login.password'}}" autocapitalize="none" autocorrect="off" maxlength="50" minlength="8">
<div class="js-password-feedback invalid-feedback hide"></div>
</div>
<div class="at-input mb-3 has-feedback">
<label class="control-label" for="at-field-password_again">
{{t "login.password_again"}}
</label>
<input aria-label='{{t "login.password_again"}}' type="password" class="form-control" id="at-field-password-again" name="at-field-password-again" placeholder="{{t 'login.password_again'}}" autocapitalize="none" autocorrect="off">
<input aria-label='{{t "login.password_again"}}' type="password" class="form-control" id="at-field-password-again" name="at-field-password-again" placeholder="{{t 'login.password_again'}}" autocapitalize="none" autocorrect="off" maxlength="50" minlength="8">
<span class="help-block hide"></span>
</div>
{{#unless currentUser}}
Expand Down
2 changes: 1 addition & 1 deletion imports/ui/pages/register.js
@@ -1,6 +1,6 @@
import { FlowRouter } from 'meteor/ostrio:flow-router-extra'
import { t } from '../../utils/i18n.js'
import { validateEmail, validatePassword } from '../../utils/frontend_helpers.js'
import { validateEmail, validatePassword } from '../../utils/frontend_helpers.js'
import './register.html'

Template.register.events({
Expand Down
13 changes: 4 additions & 9 deletions imports/ui/pages/signIn.js
Expand Up @@ -66,15 +66,10 @@ Template.signIn.events({
event.preventDefault()
if (templateInstance.$('#at-field-email').val() && validateEmail(templateInstance.$('#at-field-email').val())) {
Accounts.forgotPassword({ email: templateInstance.$('#at-field-email').val() }, (error) => {
if (error) {
templateInstance.$('.notification').text(t('login.email_unknown'))
document.querySelector('.notification').classList.remove('d-none')
} else {
templateInstance.$('.notification').text(t('login.reset_password_mail'))
document.querySelector('.notification').classList.remove('d-none')
templateInstance.$('#at-field-email').removeClass('is-invalid')
templateInstance.$('#at-field-password').removeClass('is-invalid')
}
templateInstance.$('.notification').text(t('login.reset_password_mail'))
document.querySelector('.notification').classList.remove('d-none')
templateInstance.$('#at-field-email').removeClass('is-invalid')
templateInstance.$('#at-field-password').removeClass('is-invalid')
})
} else {
templateInstance.$('#at-field-email').addClass('is-invalid')
Expand Down
66 changes: 45 additions & 21 deletions imports/ui/styles/dark.scss
@@ -1,3 +1,4 @@

// ++++ [DarkThemeColors] ++++ ///////////////////////////////////////////////////////
$primary: #005a52; // Color/Background-Color for links, Save-, Selectbuttons
$secondary: #272727; // Background-Color for all fields, control buttons, checkboxes
Expand All @@ -13,6 +14,7 @@ $grey: #2d2d2d;
$lightgrey: #404040;
$gray-900: #eeeeee;
$titra-dark: #006d62;
$none: none;

//Tabs/Container
$tab-background-color: $grey; // Tab/Container-Background-Color
Expand Down Expand Up @@ -159,18 +161,27 @@ $modal-content-bg-color: $grey;
$modal-content-color: #dadada;


//++++ [AdvancedCustomization] ++++ ///////////////////////////////////////////////////////






//++++ [AdvancedCustomization] ++++ ///////////////////////////////////////////////////////
.internal-autofill-selected {
appearance: menulist-button;
background-color: $success !important;
background-image: none !important;
::selection {
color: $success !important;
background: $lightgrey !important;
}
::-moz-selection {
color: $success !important;
background: $lightgrey !important;
}
.nav-tabs {
border-bottom: 0px solid #dee2e6 !important;
}
.dt-scrollable {
border-top: 0px solid var(--dt-border-color) !important;
}
.dt-scrollable__no-data {
border: 0px !important;
}

.d-flex {
display: flex !important;
color: $success !important;
Expand Down Expand Up @@ -291,10 +302,17 @@ $modal-content-color: #dadada;
}
.tab-borders {
background-color: $tab-background-color !important;
border-left: 1px solid $dark;
border-right: 1px solid $dark;
border-bottom: 1px solid $dark;
border-left: 1px solid $dark !important;
border-right: 1px solid $dark !important;
border-bottom: 1px solid $dark !important;
border-top: 1px solid $dark !important;
border-top-right-radius: 0.25rem !important;
border-bottom-right-radius: 0.25rem !important;
border-bottom-left-radius: 0.25rem !important;
}



.tab-content {
background-color: $tab-background-color !important;
}
Expand Down Expand Up @@ -336,6 +354,12 @@ $modal-content-color: #dadada;
background-color: $alert-secondary-bg-color !important;
border-color: $alert-secondary-border-color !important;
}

.fc .fc-scrollgrid-section-header.fc-scrollgrid-section-sticky > * {
top: 0;
background: none !important;
}

.fc-button-primary {
color: $fc-color !important;
background-color: $fc-bg-color !important;
Expand Down Expand Up @@ -441,28 +465,28 @@ a {
text-decoration: underline;
}
g > text {
fill: #FFFFFF;
fill: #FFFFFF;
}
.gantt .grid-header {
fill: $grey !important;
stroke: $grey !important;
fill: $grey !important;
stroke: $grey !important;
}
.gantt .grid-row {
fill: $grey !important;
fill: $grey !important;
}
.gantt .grid-row:nth-child(even) {
fill: $dark-form !important;
fill: $dark-form !important;
}
.gantt .row-line {
stroke: $dark !important;
stroke: $dark !important;
}
.gantt .lower-text {
fill: $body-color !important;
fill: $body-color !important;
}
.gantt .upper-text {
fill: $body-color !important;
fill: $body-color !important;
}
.gantt .bar {
fill: $lightgrey !important;
fill: $lightgrey !important;
}
@import "{}/imports/ui/styles/general.scss";

0 comments on commit 7f09078

Please sign in to comment.