summaryrefslogtreecommitdiffstats
path: root/security/manager/pki/resources/content/changepassword.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/pki/resources/content/changepassword.js')
-rw-r--r--security/manager/pki/resources/content/changepassword.js212
1 files changed, 212 insertions, 0 deletions
diff --git a/security/manager/pki/resources/content/changepassword.js b/security/manager/pki/resources/content/changepassword.js
new file mode 100644
index 0000000000..e3d6b118bf
--- /dev/null
+++ b/security/manager/pki/resources/content/changepassword.js
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const { XPCOMUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/XPCOMUtils.sys.mjs"
+);
+
+XPCOMUtils.defineLazyGetter(
+ this,
+ "l10n",
+ () => new Localization(["security/pippki/pippki.ftl"], true)
+);
+
+var params;
+var token;
+var pw1;
+
+function doPrompt(messageL10nId) {
+ let msg = l10n.formatValueSync(messageL10nId);
+ Services.prompt.alert(window, null, msg);
+}
+
+function onLoad() {
+ document.getElementById("set_password").getButton("accept").disabled = true;
+ document.addEventListener("dialogaccept", setPassword);
+
+ pw1 = document.getElementById("pw1");
+ params = window.arguments[0].QueryInterface(Ci.nsIDialogParamBlock);
+ token = params.objects.GetElementAt(0).QueryInterface(Ci.nsIPK11Token);
+
+ document.l10n.setAttributes(
+ document.getElementById("tokenName"),
+ "change-password-token",
+ { tokenName: token.tokenName }
+ );
+ process();
+}
+
+function process() {
+ let bundle = document.getElementById("pippki_bundle");
+ let oldpwbox = document.getElementById("oldpw");
+ let msgBox = document.getElementById("message");
+ // If the token is unitialized, don't use the old password box.
+ // Otherwise, do.
+ if ((token.needsLogin() && token.needsUserInit) || !token.needsLogin()) {
+ oldpwbox.hidden = true;
+ msgBox.setAttribute("value", bundle.getString("password_not_set"));
+ msgBox.hidden = false;
+
+ if (!token.needsLogin()) {
+ oldpwbox.setAttribute("inited", "empty");
+ } else {
+ oldpwbox.setAttribute("inited", "true");
+ }
+
+ // Select first password field
+ document.getElementById("pw1").focus();
+ } else {
+ // Select old password field
+ oldpwbox.hidden = false;
+ msgBox.hidden = true;
+ oldpwbox.setAttribute("inited", "false");
+ oldpwbox.focus();
+ }
+
+ // Return value 0 means "canceled"
+ params.SetInt(1, 0);
+
+ checkPasswords();
+}
+
+function setPassword(event) {
+ var oldpwbox = document.getElementById("oldpw");
+ var initpw = oldpwbox.getAttribute("inited");
+
+ var success = false;
+
+ if (initpw == "false" || initpw == "empty") {
+ try {
+ var oldpw = "";
+ var passok = 0;
+
+ if (initpw == "empty") {
+ passok = 1;
+ } else {
+ oldpw = oldpwbox.value;
+ passok = token.checkPassword(oldpw);
+ }
+
+ if (passok) {
+ if (initpw == "empty" && pw1.value == "") {
+ // checkPasswords() should have prevented this path from being reached.
+ } else {
+ if (pw1.value == "") {
+ var secmoddb = Cc[
+ "@mozilla.org/security/pkcs11moduledb;1"
+ ].getService(Ci.nsIPKCS11ModuleDB);
+ if (secmoddb.isFIPSEnabled) {
+ // empty passwords are not allowed in FIPS mode
+ doPrompt("pippki-pw-change2empty-in-fips-mode");
+ passok = 0;
+ }
+ }
+ if (passok) {
+ token.changePassword(oldpw, pw1.value);
+ if (pw1.value == "") {
+ doPrompt("pippki-pw-erased-ok");
+ } else {
+ doPrompt("pippki-pw-change-ok");
+ }
+ success = true;
+ }
+ }
+ } else {
+ oldpwbox.focus();
+ oldpwbox.setAttribute("value", "");
+ doPrompt("pippki-incorrect-pw");
+ }
+ } catch (e) {
+ doPrompt("pippki-failed-pw-change");
+ }
+ } else {
+ token.initPassword(pw1.value);
+ if (pw1.value == "") {
+ doPrompt("pippki-pw-not-wanted");
+ }
+ success = true;
+ }
+
+ if (success && params) {
+ // Return value 1 means "successfully executed ok"
+ params.SetInt(1, 1);
+ }
+
+ // Terminate dialog
+ if (!success) {
+ event.preventDefault();
+ }
+}
+
+function setPasswordStrength() {
+ // We weigh the quality of the password by checking the number of:
+ // - Characters
+ // - Numbers
+ // - Non-alphanumeric chars
+ // - Upper and lower case characters
+
+ let pw = document.getElementById("pw1").value;
+
+ let pwlength = pw.length;
+ if (pwlength > 5) {
+ pwlength = 5;
+ }
+
+ let numnumeric = pw.replace(/[0-9]/g, "");
+ let numeric = pw.length - numnumeric.length;
+ if (numeric > 3) {
+ numeric = 3;
+ }
+
+ let symbols = pw.replace(/\W/g, "");
+ let numsymbols = pw.length - symbols.length;
+ if (numsymbols > 3) {
+ numsymbols = 3;
+ }
+
+ let numupper = pw.replace(/[A-Z]/g, "");
+ let upper = pw.length - numupper.length;
+ if (upper > 3) {
+ upper = 3;
+ }
+
+ let pwstrength =
+ pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;
+
+ // Clamp strength to [0, 100].
+ if (pwstrength < 0) {
+ pwstrength = 0;
+ }
+ if (pwstrength > 100) {
+ pwstrength = 100;
+ }
+
+ let meter = document.getElementById("pwmeter");
+ meter.setAttribute("value", pwstrength);
+}
+
+function checkPasswords() {
+ let pw1 = document.getElementById("pw1").value;
+ let pw2 = document.getElementById("pw2").value;
+
+ var oldpwbox = document.getElementById("oldpw");
+ if (oldpwbox) {
+ var initpw = oldpwbox.getAttribute("inited");
+
+ if (initpw == "empty" && pw1 == "") {
+ // The token has already been initialized, therefore this dialog
+ // was called with the intention to change the password.
+ // The token currently uses an empty password.
+ // We will not allow changing the password from empty to empty.
+ document
+ .getElementById("set_password")
+ .getButton("accept").disabled = true;
+ return;
+ }
+ }
+
+ document.getElementById("set_password").getButton("accept").disabled =
+ pw1 != pw2;
+}