summaryrefslogtreecommitdiffstats
path: root/toolkit/mozapps/preferences/changemp.js
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--toolkit/mozapps/preferences/changemp.js220
1 files changed, 220 insertions, 0 deletions
diff --git a/toolkit/mozapps/preferences/changemp.js b/toolkit/mozapps/preferences/changemp.js
new file mode 100644
index 0000000000..2062d497df
--- /dev/null
+++ b/toolkit/mozapps/preferences/changemp.js
@@ -0,0 +1,220 @@
+// -*- tab-width: 2; indent-tabs-mode: nil; js-indent-level: 2 -*-
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Ci.nsIPK11TokenDB;
+const nsIDialogParamBlock = Ci.nsIDialogParamBlock;
+const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
+const nsIPKCS11ModuleDB = Ci.nsIPKCS11ModuleDB;
+const nsIPKCS11Slot = Ci.nsIPKCS11Slot;
+const nsIPK11Token = Ci.nsIPK11Token;
+
+var params;
+var pw1;
+
+function init() {
+ pw1 = document.getElementById("pw1");
+
+ process();
+ document.addEventListener("dialogaccept", setPassword);
+}
+
+function process() {
+ // If the token is unitialized, don't use the old password box.
+ // Otherwise, do.
+
+ let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+ Ci.nsIPK11TokenDB
+ );
+ let token = tokenDB.getInternalKeyToken();
+ if (token) {
+ let oldpwbox = document.getElementById("oldpw");
+ let msgBox = document.getElementById("message");
+ if ((token.needsLogin() && token.needsUserInit) || !token.needsLogin()) {
+ oldpwbox.hidden = true;
+ msgBox.hidden = false;
+
+ if (!token.needsLogin()) {
+ oldpwbox.setAttribute("inited", "empty");
+ } else {
+ oldpwbox.setAttribute("inited", "true");
+ }
+
+ // Select first password field
+ document.getElementById("pw1").focus();
+ } else {
+ // Select old password field
+ oldpwbox.hidden = false;
+ msgBox.hidden = true;
+ oldpwbox.setAttribute("inited", "false");
+ oldpwbox.focus();
+ }
+ }
+
+ if (
+ !token.hasPassword &&
+ !Services.policies.isAllowed("removeMasterPassword")
+ ) {
+ document.getElementById("admin").hidden = false;
+ }
+
+ if (params) {
+ // Return value 0 means "canceled"
+ params.SetInt(1, 0);
+ }
+
+ checkPasswords();
+}
+
+async function createAlert(titleL10nId, messageL10nId) {
+ const [title, message] = await document.l10n.formatValues([
+ { id: titleL10nId },
+ { id: messageL10nId },
+ ]);
+ Services.prompt.alert(window, title, message);
+}
+
+function setPassword() {
+ var pk11db = Cc[nsPK11TokenDB].getService(nsIPK11TokenDB);
+ var token = pk11db.getInternalKeyToken();
+
+ var oldpwbox = document.getElementById("oldpw");
+ var initpw = oldpwbox.getAttribute("inited");
+
+ if (initpw == "false" || initpw == "empty") {
+ try {
+ var oldpw = "";
+ var passok = 0;
+
+ if (initpw == "empty") {
+ passok = 1;
+ } else {
+ oldpw = oldpwbox.value;
+ passok = token.checkPassword(oldpw);
+ }
+
+ if (passok) {
+ if (initpw == "empty" && pw1.value == "") {
+ // This makes no sense that we arrive here,
+ // we reached a case that should have been prevented by checkPasswords.
+ } else {
+ if (pw1.value == "") {
+ var secmoddb = Cc[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+ if (secmoddb.isFIPSEnabled) {
+ // empty passwords are not allowed in FIPS mode
+ createAlert(
+ "pw-change-failed-title",
+ "pp-change2empty-in-fips-mode"
+ );
+ passok = 0;
+ }
+ }
+ if (passok) {
+ token.changePassword(oldpw, pw1.value);
+ if (pw1.value == "") {
+ createAlert("pw-change-success-title", "settings-pp-erased-ok");
+ } else {
+ createAlert("pw-change-success-title", "pp-change-ok");
+ }
+ }
+ }
+ } else {
+ oldpwbox.focus();
+ oldpwbox.setAttribute("value", "");
+ createAlert("pw-change-failed-title", "incorrect-pp");
+ }
+ } catch (e) {
+ console.error(e);
+ createAlert("pw-change-failed-title", "failed-pp-change");
+ }
+ } else {
+ token.initPassword(pw1.value);
+ if (pw1.value == "") {
+ createAlert("pw-change-success-title", "settings-pp-not-wanted");
+ }
+ }
+}
+
+function setPasswordStrength() {
+ // Here is how we weigh the quality of the password
+ // number of characters
+ // numbers
+ // non-alpha-numeric chars
+ // upper and lower case characters
+
+ var pw = document.getElementById("pw1").value;
+
+ // length of the password
+ var pwlength = pw.length;
+ if (pwlength > 5) {
+ pwlength = 5;
+ }
+
+ // use of numbers in the password
+ var numnumeric = pw.replace(/[0-9]/g, "");
+ var numeric = pw.length - numnumeric.length;
+ if (numeric > 3) {
+ numeric = 3;
+ }
+
+ // use of symbols in the password
+ var symbols = pw.replace(/\W/g, "");
+ var numsymbols = pw.length - symbols.length;
+ if (numsymbols > 3) {
+ numsymbols = 3;
+ }
+
+ // use of uppercase in the password
+ var numupper = pw.replace(/[A-Z]/g, "");
+ var upper = pw.length - numupper.length;
+ if (upper > 3) {
+ upper = 3;
+ }
+
+ var pwstrength =
+ pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;
+
+ // make sure we're give a value between 0 and 100
+ if (pwstrength < 0) {
+ pwstrength = 0;
+ }
+
+ if (pwstrength > 100) {
+ pwstrength = 100;
+ }
+
+ var mymeter = document.getElementById("pwmeter");
+ mymeter.value = pwstrength;
+}
+
+function checkPasswords() {
+ var pw1 = document.getElementById("pw1").value;
+ var pw2 = document.getElementById("pw2").value;
+ var ok = document.getElementById("changemp").getButton("accept");
+
+ var oldpwbox = document.getElementById("oldpw");
+ if (oldpwbox) {
+ var initpw = oldpwbox.getAttribute("inited");
+
+ if (initpw == "empty" && pw1 == "") {
+ // The token has already been initialized, therefore this dialog
+ // was called with the intention to change the password.
+ // The token currently uses an empty password.
+ // We will not allow changing the password from empty to empty.
+ ok.setAttribute("disabled", "true");
+ return;
+ }
+ }
+
+ if (
+ pw1 == pw2 &&
+ (pw1 != "" || Services.policies.isAllowed("removeMasterPassword"))
+ ) {
+ ok.setAttribute("disabled", "false");
+ } else {
+ ok.setAttribute("disabled", "true");
+ }
+}