Merge pull request #83 from ltb-project/autocomplete-password

Set autocomplete properties for password fields
ltb-project · Jul 11, 2024 · f022794 · f022794
2 parents c4a7efc + 2927e2e
commit f022794
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 2 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -155,6 +155,7 @@
 $custom_css = "";
 $display_footer = true;
 #$logout_link = "http://auth.example.com/logout";
+$fake_password_inputs = false;
 
 # Audit
 #$audit_log_file = "/var/log/service-desk/audit.log";

diff --git a/docs/general-parameters.rst b/docs/general-parameters.rst
@@ -128,6 +128,17 @@ You can hide the footer bar:
 
     $display_footer = false;
 
+Password inputs
+---------------
+
+When testing or resetting a password, the browser will prompt to remember the password. You can disable this behavior in your browser for Service Desk page, but if you need to change this on server side, a trick is needed. Password inputs are converted into text inputs but value is kept hidden.
+
+To enable this trick:
+
+.. code-block:: php
+
+   $fake_password_inputs = true;
+
 Debug
 -----
 

diff --git a/htdocs/index.php b/htdocs/index.php
@@ -72,6 +72,7 @@
 $smarty->assign('use_searchexpired',$use_searchexpired);
 $smarty->assign('use_searchwillexpire',$use_searchwillexpire);
 $smarty->assign('use_searchidle',$use_searchidle);
+$smarty->assign('fake_password_inputs',$fake_password_inputs);
 
 # Assign messages
 $smarty->assign('lang',$lang);

diff --git a/htdocs/js/index.php b/htdocs/js/index.php
@@ -0,0 +1,118 @@
+<?php
+
+#==============================================================================
+# Version
+#==============================================================================
+$version = 0.4;
+
+#==============================================================================
+# Configuration
+#==============================================================================
+require_once("../conf/config.inc.php");
+
+#==============================================================================
+# Language
+#==============================================================================
+require_once("../lib/detectbrowserlanguage.php");
+# Available languages
+$files = glob("../lang/*.php");
+$languages = str_replace(".inc.php", "", $files);
+$lang = detectLanguage($lang, $languages);
+require_once("../lang/$lang.inc.php");
+if (file_exists("../conf/$lang.inc.php")) {
+    require_once("../conf/$lang.inc.php");
+}
+
+#==============================================================================
+# Smarty
+#==============================================================================
+require_once(SMARTY);
+
+$compile_dir = isset($smarty_compile_dir) && $smarty_compile_dir ? $smarty_compile_dir : "../templates_c/" ;
+$cache_dir = isset($smarty_cache_dir) && $smarty_cache_dir ? $smarty_cache_dir : "../cache/";
+
+$smarty = new Smarty();
+$smarty->escape_html = true;
+$smarty->setTemplateDir('../templates/');
+$smarty->setCompileDir($compile_dir);
+$smarty->setCacheDir($cache_dir);
+$smarty->debugging = $smarty_debug;
+
+error_reporting(0);
+if ($debug) {
+    error_reporting(E_ALL);
+    # Set debug for LDAP
+    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
+}
+
+# Assign configuration variables
+$smarty->assign("page_title", false);
+$smarty->assign('ldap_params',array('ldap_url' => $ldap_url, 'ldap_starttls' => $ldap_starttls, 'ldap_binddn' => $ldap_binddn, 'ldap_bindpw' => $ldap_bindpw, 'ldap_user_base' => $ldap_user_base, 'ldap_user_filter' => $ldap_user_filter));
+$smarty->assign('logo',$logo);
+$smarty->assign('background_image',$background_image);
+$smarty->assign('custom_css',$custom_css);
+$smarty->assign('attributes_map',$attributes_map);
+$smarty->assign('date_specifiers',$date_specifiers);
+if (is_array($datatables_page_length_choices)) $datatables_page_length_choices = implode(', ', $datatables_page_length_choices);
+$smarty->assign('datatables_page_length_choices', $datatables_page_length_choices);
+$smarty->assign('datatables_page_length_default', $datatables_page_length_default);
+$smarty->assign('datatables_auto_print', $datatables_auto_print);
+$smarty->assign('version',$version);
+$smarty->assign('display_footer',$display_footer);
+$smarty->assign('logout_link',isset($logout_link) ? $logout_link : false);
+$smarty->assign('use_checkpassword',$use_checkpassword);
+$smarty->assign('use_resetpassword',$use_resetpassword);
+$smarty->assign('use_resetpassword_resetchoice',$use_resetpassword_resetchoice);
+$smarty->assign('resetpassword_reset_default',$resetpassword_reset_default);
+$smarty->assign('use_unlockaccount',$use_unlockaccount);
+$smarty->assign('use_lockaccount',$use_lockaccount);
+$smarty->assign('display_password_expiration_date',$display_password_expiration_date);
+$smarty->assign('use_searchlocked',$use_searchlocked);
+$smarty->assign('use_searchexpired',$use_searchexpired);
+$smarty->assign('use_searchwillexpire',$use_searchwillexpire);
+$smarty->assign('use_searchidle',$use_searchidle);
+$smarty->assign('fake_password_inputs',$fake_password_inputs);
+
+# Assign messages
+$smarty->assign('lang',$lang);
+foreach ($messages as $key => $message) {
+    $smarty->assign('msg_'.$key,$message);
+}
+
+# Other assignations
+$search = "";
+if (isset($_REQUEST["search"]) and $_REQUEST["search"]) { $search = htmlentities($_REQUEST["search"]); }
+$smarty->assign('search',$search);
+
+# Register plugins
+require_once("../lib/smarty.inc.php");
+$smarty->registerPlugin("function", "get_attribute", "get_attribute");
+$smarty->registerPlugin("function", "convert_ldap_date", "convert_ldap_date");
+$smarty->registerPlugin("function", "convert_bytes", "convert_bytes");
+
+#==============================================================================
+# Route to page
+#==============================================================================
+$result = "";
+$page = "welcome";
+if (isset($_GET["page"]) and $_GET["page"]) { $page = $_GET["page"]; }
+if ( $page === "checkpassword" and !$use_checkpassword ) { $page = "welcome"; }
+if ( $page === "resetpassword" and !$use_resetpassword ) { $page = "welcome"; }
+if ( $page === "unlockaccount" and !$use_unlockaccount ) { $page = "welcome"; }
+if ( $page === "searchlocked" and !$use_searchlocked ) { $page = "welcome"; }
+if ( $page === "searchexpired" and !$use_searchexpired ) { $page = "welcome"; }
+if ( $page === "searchwillexpire" and !$use_searchwillexpire ) { $page = "welcome"; }
+if ( $page === "searchidle" and !$use_searchidle ) { $page = "welcome"; }
+if ( file_exists($page.".php") ) { require_once($page.".php"); }
+$smarty->assign('page',$page);
+
+if ($result) {
+    $smarty->assign('error',$messages[$result]);
+} else {
+    $smarty->assign('error',"");
+}
+
+# Display
+$smarty->display('index.tpl');
+
+?>
diff --git a/htdocs/js/service-desk.js b/htdocs/js/service-desk.js
@@ -0,0 +1,6 @@
+$(document).ready(function(){
+    $("input.fake-password").one("click", function(event) {
+        $(this).removeAttr("placeholder");
+        $(this).css("-webkit-text-security","circle");
+    });
+});
diff --git a/templates/display.tpl b/templates/display.tpl
@@ -123,7 +123,11 @@
                      <input type="hidden" name="dn" value="{$dn}" />
                      <div class="input-group mb-3">
                         <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
-                        <input type="password" name="currentpassword" id="currentpassword" class="form-control" placeholder="{$msg_currentpassword}" />
+                        {if $fake_password_inputs}
+                            <input type="text" name="currentpassword" id="currentpassword" autocomplete="current-password" class="form-control fake-password" placeholder="{$msg_currentpassword}" />
+                        {else}
+                            <input type="password" name="currentpassword" id="currentpassword" autocomplete="current-password" class="form-control" placeholder="{$msg_currentpassword}" />
+                        {/if}
                      </div>
                      <button type="submit" class="btn btn-success">
                         <i class="fa fa-fw fa-check-square-o"></i> {$msg_submit}
@@ -163,7 +167,11 @@
                      <input type="hidden" name="dn" value="{$dn}" />
                      <div class="input-group mb-3">
                         <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
-                        <input type="password" name="newpassword" id="newpassword" class="form-control" placeholder="{$msg_newpassword}" />
+                        {if $fake_password_inputs}
+                           <input type="text" name="newpassword" id="newpassword" autocomplete="new-password" class="form-control fake-password" placeholder="{$msg_newpassword}" />
+                        {else}
+                           <input type="password" name="newpassword" id="newpassword" autocomplete="new-password" class="form-control" placeholder="{$msg_newpassword}" />
+                        {/if}
                      </div>
                      {if $use_resetpassword_resetchoice}
                      <div class="form-check form-switch mb-3">

diff --git a/templates/footer.tpl b/templates/footer.tpl
@@ -10,6 +10,7 @@
 <script src="vendor/datatables/dataTables.bootstrap5.min.js"></script>
 <script src="vendor/datatables/dataTables.buttons.min.js"></script>
 <script src="vendor/datatables/buttons.bootstrap5.min.js"></script>
+<script src="js/service-desk.js"></script>
 
 {literal}
     <script type="text/javascript">