Passwortanpassungen

dergel · dergel · commit f957ce15ad66 · 2024-08-28T18:01:08.000+02:00
#444
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
 Changelog
 =========
 
+Version 4.3.1 - xx.03.2024
+
+### Anpassungen
+
+* Referer to logout greift nur noch, wenn Article Logout vorhanden ist. Danke Julian Aliabadi, https://github.com/goldfoot
+* Verlinkung auf Docs angepasst
+* rexstan Satisfaction erhöht. Danke https://github.com/TobiasKrais
+* Doppelte Registrierung des yform template path entfernt. Danke https://github.com/tyrant88
+* Fehler bei Installation behoben. Passwortfeld wurde vorher nur nach Reinstall angelegt. 
+* Passwort autocomplete varianten eingebaut und in Doku sinnvoll ergänzt
+* CSP Header anpassungen. Passwortscript -CSP-fähig und relationsfähig gemacht.
+
 Version 4.3.0 - 14.03.2024
 --------------------------
 
diff --git a/docs/03_login_logout_profile_register.md b/docs/03_login_logout_profile_register.md
@@ -7,8 +7,8 @@
 
 ```text
 validate|ycom_auth|login|password|stayfield|warning_message_enterloginpsw|warning_message_login_failed
-text|login|Benutzername|
-password|password|Passwort
+text|login|Benutzername|||{"autocomplete":"username"}
+password|password|Passwort|||{"autocomplete":"current-password"}
 checkbox|stayfield|eingeloggt bleiben
 ycom_auth_returnto|returnTo|
 ```
@@ -22,8 +22,8 @@ $form->setValidateField('ycom_auth', ['login', 'password', null, 'warning_messag
 $form->setObjectparams('form_name', 'login_form');
 $form->setObjectparams('form_action', rex_getUrl());
 
-$form->setValueField('text', ['login', 'Benutzername']);
-$form->setValueField('password', ['password', 'Passwort']);
+$form->setValueField('text', ['login', 'Benutzername', '', '', '{"autocomplete":"username"}']);
+$form->setValueField('password', ['password', 'Passwort', '', '', '{"autocomplete":"current-password"}']);
 
 $form->setValidateField('empty', ['login', 'Bitte geben Sie Ihren Benutzernamen ein']);
 $form->setValidateField('empty', ['password', 'Bitte geben Sie Ihr Passwort ein']);
@@ -136,7 +136,7 @@ text|name|Nachname*
 validate|empty|name|Bitte geben Sie Ihren Nachnamen ein.
 
 ycom_auth_password|password|Ihr Passwort*|{"length":{"min":10},"letter":{"min":1},"lowercase":{"min":0},"uppercase":{"min":0},"digit":{"min":1},"symbol":{"min":0}}|Das Passwort muss mindestens 10 Zeichen lang sein und eine Ziffer enthalten.
-password|password_2|Passwort bestätigen*||no_db
+password|password_2|Passwort bestätigen*||no_db|{"autocomplete":"new-password"}
 
 checkbox|termsofuse_accepted|Ich habe die Nutzungsbedingungen akzeptiert.|0|0|
 
diff --git a/docs/05_passwords.md b/docs/05_passwords.md
@@ -35,7 +35,7 @@ Nun können Nutzer ihr Passwort selbständig ändern.
 1. Feld für altes Passwort und Validierung hinzufügen
 
 ```php
-password|old_password|Bisheriges Passwort||no_db
+password|old_password|Bisheriges Passwort||no_db|{"autocomplete":"current-password"}
 validate|empty|old_password|Bitte das bisherige Passwort angeben.
 validate|ycom_auth_password|old_password|Das bisherige Passwort ist nicht korrekt.
 ```
diff --git a/plugins/auth/ytemplates/bootstrap/value.ycom_password.tpl.php b/plugins/auth/ytemplates/bootstrap/value.ycom_password.tpl.php
@@ -38,9 +38,12 @@
     'type' => $type,
     'id' => $this->getFieldId(),
     'value' => $value,
-    'autocomplete' => 'new-password',
 ];
 
+if (rex::isFrontend()) {
+    $attributes['autocomplete'] = 'new-password';
+}
+
 $attributes = $this->getAttributeElements($attributes, ['autocomplete', 'pattern', 'required', 'disabled', 'readonly']);
 
 $span = '';
@@ -50,14 +53,23 @@
 if ($script) {
     $funcName = uniqid('rex_ycom_password_create' . $this->getId());
     $span = '<span class="input-group-btn">
-    <button type="button" class="btn btn-default getNewPass" onclick="' . $funcName . 'refresh(' . $this->getId() . ')"><span class="fa fa-refresh"></span></button>
+    <button type="button" class="btn btn-default getNewPass rex-ycom-password-refresh-button" data-myRules=\'' . json_encode($rules) . '\' data-myField="' . rex_escape($this->getFieldName()) . '"><span class="fa fa-refresh"></span></button>
     </span>';
 
     $nonce = '';
     $nonce = ' nonce="' . rex_response::getNonce() . '"';
 
     ?><script type="text/javascript"<?= $nonce ?>>
 
+        $(document).on('rex:ready', function () {
+            $(".rex-ycom-password-refresh-button").each(function() {
+                $(this).off("click");
+                $(this).on("click", function() {
+                    rex_ycom_password_refresh(this);
+                });
+            });
+        });
+
         // Credit to @Blender https://stackoverflow.com/users/464744/blender
         String.prototype.pick = function(min, max) {
             var n, chars = '';
@@ -92,153 +104,155 @@
             return array.join('');
         };
 
-        function <?= $funcName . 'refresh' ?>(input) {
-
-            var rules = {
-                letter:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
-                uppercase:"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-                lowercase: "abcdefghijklmnopqrstuvwxyz",
-                digit: "0123456789",
-                symbol: "!@#$%^&*()_+{}:\"<>?\|[];',./`~",
-                all: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+{}:\"<>?|[];',./`~",
-            };
-            rules.letter = rules.uppercase + rules.lowercase;
-            rules.all = rules.uppercase + rules.lowercase + rules.digit + rules.symbol;
-
-            var ruleset = '';
-            var myRules = <?= json_encode($rules) ?>;
-            var myPassword = '';
-
-            if (typeof myRules.uppercase === "object") {
-                min = myRules.uppercase.min;
-                if (typeof myRules.uppercase.min === "undefined") {
-                    min = 1;
-                }
-                max = myRules.uppercase.max;
-                if (typeof myRules.uppercase.max === "undefined") {
-                    max = min;
-                }
-                generate = myRules.uppercase.generate;
-                if (typeof myRules.uppercase.generate !== "undefined") {
-                    min = generate;
-                    max = generate;
-                }
-                ruleset += rules.uppercase;
-                myPassword += rules.uppercase.pick(min,max);
-            }
-            if (typeof myRules.lowercase === "object") {
-                min = myRules.lowercase.min;
-                if (typeof myRules.lowercase.min === "undefined") {
-                    min = 1;
-                }
-                max = myRules.lowercase.max;
-                if (typeof myRules.lowercase.max === "undefined") {
-                    max = min;
-                }
-                generate = myRules.lowercase.generate;
-                if (typeof myRules.lowercase.generate !== "undefined") {
-                    min = generate;
-                    max = generate;
-                }
-                ruleset += rules.lowercase;
-                myPassword += rules.lowercase.pick(min,max);
-            }
-            if (typeof myRules.letter === "object") {
-                min = myRules.letter.min;
-                if (typeof myRules.letter.min === "undefined") {
-                    min = 1;
-                }
-                max = myRules.letter.max;
-                if (typeof myRules.letter.max === "undefined") {
-                    max = min;
-                }
-                if (min > myPassword.length) {
-                    min = min - myPassword.length;
-                } else {
-                    min = 0;
-                }
-                if (max > myPassword.length) {
-                    max = max - myPassword.length;
-                } else {
-                    min = 0;
+        if (typeof rex_ycom_password_refresh !== 'function') {
+            function rex_ycom_password_refresh(button) {
+
+                var rules = {
+                    letter: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+                    uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+                    lowercase: "abcdefghijklmnopqrstuvwxyz",
+                    digit: "0123456789",
+                    symbol: "!@#$%^&*()_+{}:\"<>?\|[];',./`~",
+                    all: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+{}:\"<>?|[];',./`~",
+                };
+                rules.letter = rules.uppercase + rules.lowercase;
+                rules.all = rules.uppercase + rules.lowercase + rules.digit + rules.symbol;
+
+                var ruleset = '';
+                var myRules = JSON.parse(decodeURIComponent(button.getAttribute('data-myRules')));
+                var myPassword = '';
+
+                if (typeof myRules.uppercase === "object") {
+                    min = myRules.uppercase.min;
+                    if (typeof myRules.uppercase.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.uppercase.max;
+                    if (typeof myRules.uppercase.max === "undefined") {
+                        max = min;
+                    }
+                    generate = myRules.uppercase.generate;
+                    if (typeof myRules.uppercase.generate !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    ruleset += rules.uppercase;
+                    myPassword += rules.uppercase.pick(min, max);
                 }
-                generate = myRules.letter.generate;
-                if (typeof myRules.letter.max !== "undefined") {
-                    min = generate;
-                    max = generate;
+                if (typeof myRules.lowercase === "object") {
+                    min = myRules.lowercase.min;
+                    if (typeof myRules.lowercase.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.lowercase.max;
+                    if (typeof myRules.lowercase.max === "undefined") {
+                        max = min;
+                    }
+                    generate = myRules.lowercase.generate;
+                    if (typeof myRules.lowercase.generate !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    ruleset += rules.lowercase;
+                    myPassword += rules.lowercase.pick(min, max);
                 }
-                myPassword += ruleset.pick(min,max);
+                if (typeof myRules.letter === "object") {
+                    min = myRules.letter.min;
+                    if (typeof myRules.letter.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.letter.max;
+                    if (typeof myRules.letter.max === "undefined") {
+                        max = min;
+                    }
+                    if (min > myPassword.length) {
+                        min = min - myPassword.length;
+                    } else {
+                        min = 0;
+                    }
+                    if (max > myPassword.length) {
+                        max = max - myPassword.length;
+                    } else {
+                        min = 0;
+                    }
+                    generate = myRules.letter.generate;
+                    if (typeof myRules.letter.max !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    myPassword += ruleset.pick(min, max);
 
-            }
-            if (typeof myRules.digit === "object") {
-                min = myRules.digit.min;
-                if (typeof myRules.digit.min === "undefined") {
-                    min = 1;
-                }
-                max = myRules.digit.max;
-                if (typeof myRules.digit.max === "undefined") {
-                    max = min;
                 }
-                generate = myRules.digit.generate;
-                if (typeof myRules.digit.max !== "undefined") {
-                    min = generate;
-                    max = generate;
-                }
-                ruleset += rules.digit;
-                myPassword += rules.digit.pick(min,max);
-            }
-            if (typeof myRules.symbol === "object") {
-                min = myRules.symbol.min;
-                if (typeof myRules.symbol.min === "undefined") {
-                    min = 1;
+                if (typeof myRules.digit === "object") {
+                    min = myRules.digit.min;
+                    if (typeof myRules.digit.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.digit.max;
+                    if (typeof myRules.digit.max === "undefined") {
+                        max = min;
+                    }
+                    generate = myRules.digit.generate;
+                    if (typeof myRules.digit.max !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    ruleset += rules.digit;
+                    myPassword += rules.digit.pick(min, max);
                 }
-                max = myRules.symbol.max;
-                if (typeof myRules.symbol.max === "undefined") {
-                    max = min;
+                if (typeof myRules.symbol === "object") {
+                    min = myRules.symbol.min;
+                    if (typeof myRules.symbol.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.symbol.max;
+                    if (typeof myRules.symbol.max === "undefined") {
+                        max = min;
+                    }
+                    generate = myRules.symbol.generate;
+                    if (typeof myRules.symbol.max !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    ruleset += rules.symbol;
+                    myPassword += rules.symbol.pick(min, max);
                 }
-                generate = myRules.symbol.generate;
-                if (typeof myRules.symbol.max !== "undefined") {
-                    min = generate;
-                    max = generate;
-                }
-                ruleset += rules.symbol;
-                myPassword += rules.symbol.pick(min,max);
-            }
 
-            if (typeof myRules.length === "object") {
-                min = myRules.length.min;
-                if (typeof myRules.length.min === "undefined") {
-                    min = 1;
-                }
-                max = myRules.length.max;
-                if (typeof myRules.length.max === "undefined") {
-                    max = min;
-                }
-                if (min > myPassword.length) {
-                    min = min - myPassword.length;
-                } else {
-                    min = 0;
-                }
-                if (max > myPassword.length) {
-                    max = max - myPassword.length;
-                } else {
-                    min = 0;
-                }
-                generate = myRules.length.generate;
-                if (typeof myRules.length.max !== "undefined") {
-                    min = generate;
-                    max = generate;
-                }
-                myPassword += ruleset.pick(min,max);
+                if (typeof myRules.length === "object") {
+                    min = myRules.length.min;
+                    if (typeof myRules.length.min === "undefined") {
+                        min = 1;
+                    }
+                    max = myRules.length.max;
+                    if (typeof myRules.length.max === "undefined") {
+                        max = min;
+                    }
+                    if (min > myPassword.length) {
+                        min = min - myPassword.length;
+                    } else {
+                        min = 0;
+                    }
+                    if (max > myPassword.length) {
+                        max = max - myPassword.length;
+                    } else {
+                        min = 0;
+                    }
+                    generate = myRules.length.generate;
+                    if (typeof myRules.length.max !== "undefined") {
+                        min = generate;
+                        max = generate;
+                    }
+                    myPassword += ruleset.pick(min, max);
 
-            }
+                }
 
-            var item = document.getElementsByName('<?= $this->getFieldName() ?>').item(0);
-            var name = item.getAttribute('name');
-            var type = item.getAttribute('value');
+                var item = document.getElementsByName(button.getAttribute('data-myField')).item(0);
+                var name = item.getAttribute('name');
+                var type = item.getAttribute('value');
 
-            item.value = myPassword;
+                item.value = myPassword;
 
+            }
         }
     </script><?php
 
