#49839 Ticket 49837 - Add new password policy attributes to UI
Closed 3 years ago by spichugi. Opened 5 years ago by mreynolds.
mreynolds/389-ds-base ticket49837  into  master

@@ -370,8 +370,25 @@ 

  }

  

  .ds-input {

+   margin-top: 5px !important;

+   padding-right: 5px !important;

+   padding-left: 5px !important;

+ }

+ 

+ .ds-pw-input {

+   margin-top: 5px;

    padding-right: 5px;

    padding-left: 5px !important;

+   min-width: 65px !important;

+   max-width: 65px !important;

+ }

+ 

+ .ds-pw-list-input {

+   margin-top: 5px;

+   padding-right: 5px;

+   padding-left: 5px !important;

+   min-width: 150px !important;

+   max-width: 150px !important;

  }

  

  .ds-ro-input {
@@ -885,6 +902,12 @@ 

    width: 285px !important;

  }

  

+ .ds-pw-list-label {

+   margin-top: 7px !important;

+   margin-bottom: 7px !important;

+   width: 200px !important;

+ }

+ 

  .ds-passwd-label {

    width: 300px !important;

  }
@@ -1281,7 +1304,7 @@ 

  }

  

  .ds-checkbox-group {

-   margin-top: 10px;

+   margin-top: 10px !important;

  }

  

  .ds-alert-header {

@@ -1384,7 +1384,7 @@ 

        // TODO - lookup the entry, and get the current settings

  

        // Set the form header and fields

-       $("#local-pwp-form-header").html("<b>Edit Local Password Policy</b>");

+       $("#local-pwp-header").html("<b>Edit Local Password Policy</b>");

        $("#local-entry-dn").val(policy_name);

        // Set radio button for type of policy - TODO

  

@@ -354,7 +354,7 @@ 

  

        <div class="ds-inline">

          <h4><br>Password Syntax Settings</h4>

-         <hr class="ds-hr-pwp">

+         <hr class="ds-hr">

          <input type="checkbox" class="ds-config-checkbox" id="passwordchecksyntax" checked><label

            for="passwordchecksyntax" class="ds-label" title="Enable account lockout (passwordCheckSyntax).">Check Password Syntax</label>

          <div class="ds-container ds-expired-div" id="syntax-attrs">
@@ -384,10 +384,6 @@ 

                  "Reject passwords with fewer than this many lowercase characters (passwordMinLowers).">Minimum Lowercase Characters </label><input

                  class="ds-input" type="text" id="passwordminlowers" size="5"/>

              </div>

-           </div>

-           <div class="ds-divider"></div>

-          <div class="ds-divider"></div>

-           <div class="ds-inline">

              <div>

                <label for="passwordminspecials" class="ds-expire-label" title=

                  "Reject passwords with fewer than this many special non-alphanumeric characters (passwordMinSpecials).">Minimum Special Characters </label><input
@@ -399,11 +395,6 @@ 

                  class="ds-input" type="text" id="passwordmin8bit" size="5"/>

              </div>

              <div>

-               <label for="passwordmaxrepeats" class="ds-expire-label" title=

-                 "The maximum number of times the same character can sequentially appear in a password (passwordMaxRepeats).">Maximum Number Of Repeated Characters </label><input

-                 class="ds-input" type="text" id="passwordmaxrepeats" size="5"/>

-             </div>

-             <div>

                <label for="passwordmincategories" class="ds-expire-label" title=

                  "The minimum number of character categories that a password must contain (categories are upper, lower, digit, special, and 8-bit) (passwordMinCategories).">Minimum Required Character Categories </label><input

                  class="ds-input" type="text" id="passwordmincategories" size="5"/>
@@ -414,6 +405,50 @@ 

                  class="ds-input" type="text" id="passwordmintokenlength" size="5"/>

              </div>

            </div>

+           <div class="ds-divider"></div>

+           <div class="ds-divider"></div>

+           <div class="ds-inline">

+             <div>

+               <label for="passwordbadwords" class="ds-expire-label" title=

+                 "A space-separated list of words that are not allowed to be contained in the new password (passwordBadWords).">Reject Passwords That Contain These Words </label><input

+                 class="ds-input" type="text" id="passwordbadwords" size="20"/>

+             </div>

+             <div>

+               <label for="passworduserattributes" class="ds-expire-label" title=

+                 "A space-separated list of entry attributes to compare to the new password (passwordUserAttributes).">Entry Attributes To Compare </label><input

+                 class="ds-input" type="text" id="passworduserattributes" size="20"/>

+             </div>

+             <div>

+               <label for="passwordmaxrepeats" class="ds-expire-label" title=

+                 "The maximum number of times the same character can sequentially appear in a password (passwordMaxRepeats).">Maximum Number Of Repeated Characters </label><input

+                 class="ds-input" type="text" id="passwordmaxrepeats" size="5"/>

+             </div>

+             <div>

+               <label for="passwordmaxsequence" class="ds-expire-label" title=

+                 "The maximum number of allowed monotonic characters sequences (passwordMaxSequence).">Maximum Character Sequences </label><input

+                 class="ds-input" type="text" id="passwordmaxsequence" size="5"/>

+             </div>

+             <div>

+               <label for="passwordmaxseqsets" class="ds-expire-label" title=

+                 "The maximum number of allowed monotonic characters sequences that can appear more than once (passwordMaxSeqSets).">Maximum Character Sequence Sets </label><input

+                 class="ds-input" type="text" id="passwordmaxseqsets" size="5"/>

+             </div>

+             <div>

+               <label for="passwordmaxclasschars" class="ds-expire-label" title=

+                 "The maximum number of consecutive characters from the same character class/category (passwordMaxClassChars).">Maximum Consecutive Chars Per Char Class </label><input

+                 class="ds-input" type="text" id="passwordmaxclasschars" size="5"/>

+             </div>

+             <div>

+               <label for="passwordpalindrome" class="ds-expire-label" title=

+                 "Reject a password if it is a palindrome (passwordPalindrome).">Reject Passwords that Are Palindromes </label><input

+                 class="ds-checkbox-group" type="checkbox" id="passwordpalindrome"/>

+             </div>

+             <div>

+               <label for="passworddictcheck" class="ds-expire-label" title=

+                 "Check the password against the system's CrackLib dictionary (passwordDictCheck).">Check Password Contains Dictionary Word </label><input

+                 class="ds-checkbox-group" type="checkbox" id="passworddictcheck"/>

+             </div>

+           </div>

          </div>

          <div class="ds-footer">

            <button class="btn btn-primary save-button">Save</button>
@@ -1057,14 +1092,14 @@ 

  

  

    <!-- Create Local Password Policy -->

-   <div class="modal fade" id="local-pwp-form" data-backdrop="static" tabindex="-1" role="dialog" aria-labelledby="local-pwp-label" aria-hidden="true">

+   <div class="modal fade" id="local-pwp-form" data-backdrop="static" tabindex="-1" role="dialog" aria-labelledby="local-pwp-header" aria-hidden="true">

      <div class="modal-dialog ds-modal-wide">

        <div class="modal-content">

          <div class="modal-header">

            <button type="button" class="close" data-dismiss="modal" aria-hidden="true" aria-label="Close">

              <span class="pficon pficon-close"></span>

            </button>

-           <h4 class="modal-title" id="local-pwp-label">Create Local Password Policy</h4>

+           <h4 class="modal-title" id="local-pwp-header">Create Local Password Policy</h4>

          </div>

          <div class="modal-body">

            <form class="form-horizontal">
@@ -1203,38 +1238,59 @@ 

                <div>

                  <label for="local-passwordminlength" class="ds-expire-label" title=

                    "The minimum number of characters in the password (passwordMinLength).">Password Minimum Length </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordminlength" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordminlength" size="5"/>

                  <label for="local-passwordmindigits" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many digit characters (0-9) (passwordMinDigits).">Minimum Digit Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordmindigits" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmindigits" size="5"/>

                  <label for="local-passwordminalphas" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many alpha characters (passwordMinAlphas).">Minimum Alpha Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordminalphas" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordminalphas" size="5"/>

                  <label for="local-passwordminuppers" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many uppercase characters (passwordMinUppers).">Minimum Uppercase Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordminuppers" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordminuppers" size="5"/>

                  <label for="local-passwordminlowers" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many lowercase characters (passwordMinLowers).">Minimum Lowercase Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordminlowers" size="5"/>

-               </div>

-               <div class="ds-divider"></div>

-               <div class="ds-divider"></div>

-               <div>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordminlowers" size="5"/>

                  <label for="local-passwordminspecials" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many special non-alphanumeric characters (passwordMinSpecials).">Minimum Special Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordminspecials" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordminspecials" size="5"/>

                  <label for="local-passwordmin8bit" class="ds-expire-label" title=

                    "Reject passwords with fewer than this many 8-bit or multi-byte characters (passwordMin8Bit).">Minimum 8-bit Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordmin8bit" size="5"/>

-                 <label for="local-passwordmaxrepeats" class="ds-expire-label" title=

-                   "The maximum number of times the same character can sequentially appear in a password (passwordMaxRepeats).">Maximum Number Of Repeated Characters </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordmaxrepeats" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmin8bit" size="5"/>

                  <label for="local-passwordmincategories" class="ds-expire-label" title=

                    "The minimum number of character categories that a password must contain (categories are upper, lower, digit, special, and 8-bit) (passwordMinCategories).">Minimum Required Character Categories </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordmincategories" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmincategories" size="5"/>

                  <label for="local-passwordmintokenlength" class="ds-expire-label" title=

                    "The smallest attribute value used when checking if the password contains any of the user's account information (passwordMinTokenLength).">Minimum Token Length </label><input

-                   class="ds-input ds-pwp-input" type="text" id="local-passwordmintokenlength" size="5"/>

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmintokenlength" size="5"/>

+               </div>

+               <div class="ds-divider"></div>

+               <div class="ds-divider"></div>

+               <div>

+                 <label for="local-passwordbadwords" class="ds-pw-list-label" title=

+                   "A space-separated list of words that are not allowed to be contained in the new password (passwordBadWords).">Reject Passwords That Contain These Words </label><input

+                   class="ds-pw-list-input ds-pwp-input" type="text" id="local-passwordbadwords"/>

+                 <label for="local-passworduserattributes" class="ds-pw-list-label" title=

+                   "A space-separated list of entry attributes to compare to the new password (passwordUserAttributes).">Entry Attributes To Compare </label><input

+                   class="ds-pw-list-input ds-pwp-input" type="text" id="local-passworduserattributes"/>

+                 <label for="local-passwordmaxrepeats" class="ds-expire-label" title=

+                   "The maximum number of times the same character can sequentially appear in a password (passwordMaxRepeats).">Maximum Number Of Repeated Characters </label><input

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmaxrepeats"/>

+                 <label for="local-passwordmaxsequence" class="ds-expire-label" title=

+                   "The maximum number of allowed monotonic characters sequences (passwordMaxSequence).">Maximum Character Sequences </label><input

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmaxsequence"/>

+                 <label for="local-passwordmaxseqsets" class="ds-expire-label" title=

+                   "The maximum number of allowed monotonic characters sequences that can appear more than once (passwordMaxSeqSets).">Maximum Character Sequence Sets </label><input

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmaxseqsets"/>

+                 <label for="local-passwordmaxclasschars" class="ds-expire-label" title=

+                   "The maximum number of consecutive characters from the same character class/category (passwordMaxClassChars).">Maximum Consecutive Chars Per Char Class </label><input

+                   class="ds-pw-input ds-pwp-input" type="text" id="local-passwordmaxclasschars"/>

+                 <label for="local-passwordpalindrome" class="ds-expire-label" title=

+                   "Reject a password if it is a palindrome (passwordPalindrome).">Reject Passwords that Are Palindromes </label><input

+                   class="ds-checkbox-group ds-pwp-checkbox" type="checkbox" id="local-passwordpalindrome"/>

+                 <label for="local-passworddictcheck" class="ds-expire-label" title=

+                   "Check the password against the system's CrackLib dictionary (passwordDictCheck).">Check Password Contains Dictionary Word </label><input

+                   class="ds-checkbox-group ds-pwp-checkbox" type="checkbox" id="local-passworddictcheck"/>

                </div>

              </div>

            </form>

Description: Added new password policy features to UI.

          Also made change to instance creation to line up
          with changes going on in lib389

https://pagure.io/389-ds-base/issue/49837

Reviewed by: ?

rebased onto f2a849a31ca17a3d8e15138c372b458c8c68f89b

5 years ago

Very strange issue appears if we open Cockpit UI while no instances are created.
If we go to 389 Directory Server, we see Database management UI and it blocks the adility to create a new instance.

Maybe the PR is dependent on another PR here, and it is just a temporary bug.
I think we can merge the PRs and fix the issues on the way. Main part of the code here looks good to me.

Might be taking a totally different approach to password policy in 1.4.0 - this is now on hold and might be discarded...

Actually, this PR is still valid. The major password policy changes I previously mentioned are not going to make it into 1.4.0, but hopefully 1.4.1 instead. So this still needs to be reviewed...

rebased onto 984d8a5587bd9a92eec4e0ad6690200c4287fb74

5 years ago

rebased onto 484c6b38e98f428093d0e8e3c458efc4c65baaa4

5 years ago

Mark, does this depend on PR#49836 to be functional?

Mark, does this depend on PR#49836 to be functional?

Yes :-)

Ok, I could't apply this on top of 49836 because of merge conflicts.

Ok, I could't apply this on top of 49836 because of merge conflicts.

I'm not surprised - all my patches overlap, so they constantly have to be rebased :-( This is the problem when the these patches lay around, but development continues in other areas. Anyway I'm not complaining about you, it's just a nagging problem with developing UI features. I'll get it rebased right away!

rebased onto 7bc98f37c07fe11b0aeba466e0ea5670037ef205

5 years ago

rebased onto 169bd9ddffb09e5af9f3d89b43d74eedc3c02903

5 years ago

This should be working in the UI global policy, but local password policies are not working in the UI yet - because dsconf doesn't have that functionality yet (WIP).

@vashirov - this patch should apply cleanly now...

It is possible to set the attributes in Global password policy.
LGTM. Ack

It is possible to set the attributes in Global password policy.

Yes that has been working for a while now, and the new attributes should also be working

rebased onto 7e49dec

5 years ago

Pull-Request has been merged by mreynolds

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/2898

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

3 years ago