cleaned up ui a bit

NomadLogin/UI/SignInWindowController.swift

@@ -256,6 +256,7 @@ class SignInWindowController: NSWindowController, DSQueryable {
 //        }
 
         // make things look better
+
         os_log("Tweaking appearance", log: uiLog, type: .debug)
         if getManagedPreference(key: .LoginScreen) as? Bool == false {
             os_log("Present as login screen", log: uiLog, type: .debug)

Profile Manifest/com.twocanoes.xcreds.plist

@@ -235,18 +235,6 @@ A profile can consist of payloads with different version numbers. For example, c
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
-		<dict>
-			<key>pfm_description</key>
-			<string>Specify a path for the script that will give a local admin username and password. This will be used to reset a user&apos;s password when the user has forgotten it. It must return valid JSON in format of {&quot;username&quot;: &quot;tcadmin&quot;,&quot;password&quot;: &quot;twocanoes&quot;} </string>
-			<key>pfm_documentation_url</key>
-			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#localadmincredentialscriptpath</string>
-			<key>pfm_name</key>
-			<string>localAdminCredentialScriptPath</string>
-			<key>pfm_title</key>
-			<string>Local Admin Credential Script Path</string>
-			<key>pfm_type</key>
-			<string>string</string>
-		</dict>
 		<dict>
 			<key>pfm_description</key>
 			<string>Specify a custom path for the recovery key.</string>
@@ -605,25 +593,25 @@ A profile can consist of payloads with different version numbers. For example, c
 		</dict>
 		<dict>
 			<key>pfm_description</key>
-			<string>Username to use for the secure token management account</string>
+			<string>Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.</string>
 			<key>pfm_documentation_url</key>
-			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#securetokenmanagementusername</string>
+			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#localadminusername</string>
 			<key>pfm_name</key>
-			<string>SecureTokenManagementUsername</string>
+			<string>localAdminUserName</string>
 			<key>pfm_title</key>
-			<string>Secure Token Management Username</string>
+			<string>Local Admin User Name</string>
 			<key>pfm_type</key>
 			<string>string</string>
 		</dict>
 		<dict>
 			<key>pfm_description</key>
-			<string>The location to read the Secure Token management password</string>
+			<string>Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.</string>
 			<key>pfm_documentation_url</key>
-			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#securetokenmanagementpasswordlocation</string>
+			<string>https://github.com/twocanoes/xcreds/wiki/AdminGuide#localAdminPassword</string>
 			<key>pfm_name</key>
-			<string>SecureTokenManagementPasswordLocation</string>
+			<string>localAdminPassword</string>
 			<key>pfm_title</key>
-			<string>Secure Token Management Password Location</string>
+			<string>Local Admin Password</string>
 			<key>pfm_type</key>
 			<string>string</string>
 		</dict>

XCreds/PrefKeys.swift

@@ -8,7 +8,7 @@
 import Foundation
 
 enum PrefKeys: String {
-    case clientID, clientSecret, password="local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault,idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts",
+    case clientID, clientSecret, password="local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault,idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts",
          windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword
     case actionItemOnly = "ActionItemOnly"
     case aDDomain = "ADDomain"

XCreds/WebViewWindowController.swift

@@ -108,6 +108,7 @@ extension WebViewWindowController: WKNavigationDelegate {
             idpHostNames=[idpHostName]
         }
         let passwordElementID:String? = DefaultsOverride.standardOverride.value(forKey: PrefKeys.passwordElementID.rawValue) as? String
+        let shouldFindPasswordElement:Bool? = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldFindPasswordElement.rawValue)
 
         TCSLogWithMark("inserting javascript to get password")
         webView.evaluateJavaScript("result", completionHandler: { response, error in
@@ -153,6 +154,22 @@ extension WebViewWindowController: WKNavigationDelegate {
                         self.password=passwords[2]
 
                     }
+                    //
+                    if shouldFindPasswordElement == true {
+                        if passwords.count==1 {
+                            TCSLogWithMark("found 1 password field. setting")
+                            TCSLogWithMark("========= password set===========")
+                            self.password=passwords[0]
+                        }
+                        else {
+                            TCSLogErrorWithMark("password not set. Found: \(ids)")
+                            return
+
+                        }
+                    }
+                    else {
+                        TCSLogWithMark("password not captured")
+                    } 
                 }
             }
         })

XCreds/defaults.plist

@@ -22,6 +22,8 @@
 	<true/>
 	<key>shouldShowVersionInfo</key>
 	<true/>
+	<key>shouldFindPasswordElement</key>
+	<true/>
 	<key>shouldShowSupportStatus</key>
 	<string>1</string>
 	<key>shouldShowConfigureWifiButton</key>

XCredsLoginPlugIn/LoginWindow/LocalUsersViewController.xib

@@ -22,7 +22,7 @@
             <windowStyleMask key="styleMask" resizable="YES"/>
             <windowPositionMask key="initialPositionMask" leftStrut="YES" rightStrut="YES" topStrut="YES" bottomStrut="YES"/>
             <rect key="contentRect" x="138" y="173" width="480" height="270"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="3440" height="1415"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1496" height="933"/>
             <view key="contentView" id="qzn-cI-c0g">
                 <rect key="frame" x="0.0" y="0.0" width="480" height="270"/>
                 <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>

XCredsLoginPlugIn/LoginWindow/LoginWebViewWindowController.swift

@@ -130,28 +130,37 @@ class LoginWebViewWindowController: WebViewWindowController {
 //    }
     func loginTransition() {
 
-        let screenRect = NSScreen.screens[0].frame
-        let progressIndicator=NSProgressIndicator.init(frame: NSMakeRect(screenRect.width/2-16  , 3*screenRect.height/4-16,32, 32))
-        progressIndicator.style = .spinning
-        progressIndicator.startAnimation(self)
-        webView.addSubview(progressIndicator)
-
-        loginProgressWindowController = LoginProgressWindowController.init(windowNibName: NSNib.Name("LoginProgressWindowController"))
-        if let loginProgressWindowController = loginProgressWindowController {
-            loginProgressWindowController.window?.makeKeyAndOrderFront(self)
-
+//        let screenRect = NSScreen.screens[0].frame
+//        let progressIndicator=NSProgressIndicator.init(frame: NSMakeRect(screenRect.width/2-16  , 3*screenRect.height/4-16,32, 32))
+//        progressIndicator.style = .spinning
+//        progressIndicator.startAnimation(self)
+//        webView.addSubview(progressIndicator)
+//
+//        loginProgressWindowController = LoginProgressWindowController.init(windowNibName: NSNib.Name("LoginProgressWindowController"))
+//        if let loginProgressWindowController = loginProgressWindowController {
+//            loginProgressWindowController.window?.makeKeyAndOrderFront(self)
+//
+//
+//        }
+        monitor.pathUpdateHandler=nil
 
+        if let resolutionObserver = resolutionObserver {
+            NotificationCenter.default.removeObserver(resolutionObserver)
         }
-        monitor.pathUpdateHandler=nil
-//        self.window?.close()
+
 
 
         NSAnimationContext.runAnimationGroup({ (context) in
-            context.duration = 10.0
+            context.duration = 1.0
             context.allowsImplicitAnimation = true
-            self.window?.alphaValue = 0.0
+            self.webView?.animator().alphaValue = 0.0
+//            self.window?.setFrame(NSMakeRect(0, 0, 100, 100), display: true, animate: true)
         }, completionHandler: {
-            self.window?.close()
+            DispatchQueue.main.async{
+
+                self.window?.close()
+                self.delegate?.allowLogin()
+            }
         })
     }
 
@@ -296,9 +305,17 @@ class LoginWebViewWindowController: WebViewWindowController {
         case .success:
             TCSLogWithMark("Local password matches cloud password ")
         case .incorrectPassword:
-
             TCSLogWithMark("local password is different from cloud password. Prompting for local password...")
 
+            if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil &&
+                DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil &&
+                getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false {
+                TCSLogInfoWithMark("Set to write keychain silently and we have admin. Skipping.")
+                delegate.setHint(type: .passwordOverwrite, hint: true)
+                os_log("Hint set for passwordOverwrite", log: uiLog, type: .debug)
+                break;
+           }
+
             let passwordWindowController = LoginPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
 
             if passwordWindowController.window==nil {
@@ -397,14 +414,17 @@ class LoginWebViewWindowController: WebViewWindowController {
 
         TCSLogWithMark("setting tokens")
         delegate.setHint(type: .tokens, hint: [tokens.idToken ?? "",tokens.refreshToken ?? "",tokens.accessToken ?? ""])
-        if let resolutionObserver = resolutionObserver {
-            NotificationCenter.default.removeObserver(resolutionObserver)
-        }
+//        if let resolutionObserver = resolutionObserver {
+//            NotificationCenter.default.removeObserver(resolutionObserver)
+//        }
+//
+        DispatchQueue.main.async{
+
+            self.delegate?.allowLogin()
+
+//            self.loginTransition()
 
-        RunLoop.main.perform {
-            self.loginTransition()
         }
-        delegate.allowLogin()
 
 
     }

XCredsLoginPlugIn/LoginWindow/LoginWindowControlsWindowController.swift

@@ -118,7 +118,7 @@ class LoginWindowControlsWindowController: NSWindowController {
             self.window?.canBecomeVisibleWithoutLogin = true
 
             let screenRect = NSScreen.screens[0].frame
-            let windowRec = NSMakeRect(0, 0, screenRect.width,109)
+            let windowRec = NSMakeRect(0, 0, screenRect.width,self.window?.frame.size.height ?? 109)
 //            TCSLogWithMark("screens: \(NSScreen.screens) height is \(windowRec), secreenredc is \(screenRect)")
 
             self.window?.setFrame(windowRec, display: true, animate: false)

XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift

@@ -440,26 +440,30 @@ class XCredsCreateUser: XCredsBaseMechanism {
     ///
     /// - Parameter user: The shortname of the user to create a home for as a `String`.
     func createHomeDirFor(_ user: String) {
-        os_log("Find system locale...", log: createUserLog, type: .debug)
-        let currentLanguage = Locale.current.languageCode ?? "Non_localized"
-        os_log("System language is: %{public}@", log: createUserLog, type: .debug, currentLanguage)
-        let templateName = templateForLang(currentLanguage)
-        let sourceURL = URL(fileURLWithPath: "/System/Library/User Template/" + templateName)
-        let homeDirLocations = ["Desktop", "Downloads", "Documents", "Movies", "Music", "Pictures", "Public"]
-        do {
-            os_log("Initializing the user home directory", log: createUserLog, type: .debug)
-            try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user))
-
-            os_log("Copying non-localized folders to new home", log: createUserLog, type: .debug)
-            for location in homeDirLocations {
-                try FileManager.default.copyItem(at: URL(fileURLWithPath: "/System/Library/User Template/Non_localized/\(location)"), to: URL(fileURLWithPath: "/Users/" + user + "/\(location)"))
-            }
-
-            os_log("Copying language template", log: createUserLog, type: .debug)
-            try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user))
-        } catch {
-            os_log("Home template copy failed with: %{public}@", log: createUserLog, type: .error, error.localizedDescription)
-        }
+
+        let res=cliTask("/usr/sbin/createhomedir -c -u \(user)")
+
+        TCSLogWithMark(res)
+//        os_log("Find system locale...", log: createUserLog, type: .debug)
+//        let currentLanguage = Locale.current.languageCode ?? "Non_localized"
+//        os_log("System language is: %{public}@", log: createUserLog, type: .debug, currentLanguage)
+//        let templateName = templateForLang(currentLanguage)
+//        let sourceURL = URL(fileURLWithPath: "/System/Library/User Template/" + templateName)
+//        let homeDirLocations = ["Desktop", "Downloads", "Documents", "Movies", "Music", "Pictures", "Public"]
+//        do {
+//            os_log("Initializing the user home directory", log: createUserLog, type: .debug)
+//            try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user))
+//
+//            os_log("Copying non-localized folders to new home", log: createUserLog, type: .debug)
+//            for location in homeDirLocations {
+//                try FileManager.default.copyItem(at: URL(fileURLWithPath: "/System/Library/User Template/Non_localized/\(location)"), to: URL(fileURLWithPath: "/Users/" + user + "/\(location)"))
+//            }
+//
+//            os_log("Copying language template", log: createUserLog, type: .debug)
+//            try FileManager.default.copyItem(at: sourceURL, to: URL(fileURLWithPath: "/Users/" + user))
+//        } catch {
+//            os_log("Home template copy failed with: %{public}@", log: createUserLog, type: .error, error.localizedDescription)
+//        }
     }
 
     /// Looks at the Apple provided User Pictures directory, recurses it, and delivers a random picture path.

XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift

@@ -210,6 +210,11 @@ import Cocoa
 
             loginWindowControlsWindowController.dismiss()
         }
+
+        if loginWebViewWindowController != nil {
+            TCSLogWithMark("Dismissing loginWindowWindowController")
+            loginWebViewWindowController?.loginTransition()
+        }
         TCSLogWithMark("calling super allowLogin")
         super.allowLogin()
     }
@@ -245,6 +250,8 @@ import Cocoa
             loginWebViewWindowController.delegate=self
 
             loginWebViewWindowController.window?.orderFrontRegardless()
+            loginWebViewWindowController.window?.makeKeyAndOrderFront(self)
+
         case .usernamePassword:
 
             if loginWebViewWindowController != nil {
@@ -259,7 +266,14 @@ import Cocoa
             }
             if let signInWindowController = signInWindowController {
                 signInWindowController.delegate=self
+                if signInWindowController.username != nil {
+                    signInWindowController.username.stringValue=""
+                }
+                if signInWindowController.password != nil {
+                    signInWindowController.password.stringValue=""
+                }
                 signInWindowController.window?.orderFrontRegardless()
+                signInWindowController.window?.makeKeyAndOrderFront(self)
             }
 
         }

XCredsLoginPlugIn/WifiWindowController.xib

@@ -274,8 +274,8 @@ DQ
         </window>
     </objects>
     <resources>
-        <image name="NSRefreshFreestandingTemplate" width="19" height="19"/>
-        <image name="NSStopProgressFreestandingTemplate" width="19" height="19"/>
+        <image name="NSRefreshFreestandingTemplate" width="20" height="20"/>
+        <image name="NSStopProgressFreestandingTemplate" width="20" height="20"/>
         <image name="globe" catalog="system" width="15" height="15"/>
         <image name="wifi" catalog="system" width="17" height="13"/>
     </resources>

xCreds.xcodeproj/project.pbxproj

@@ -1091,7 +1091,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1128,7 +1128,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1193,7 +1193,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1229,7 +1229,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1378,7 +1378,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1413,7 +1413,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3985;
+				CURRENT_PROJECT_VERSION = 4058;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (