OAuthPwd.jsp revision e78f116e81dc52e943c0f8a304381e16d56e362f
<%--
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
Copyright � 2011-2012 ForgeRock Inc. All rights reserved.
The contents of this file are subject to the terms
of the Common Development and Distribution License
(the License). You may not use this file except in
compliance with the License.
You can obtain a copy of the License at
See the License for the specific language governing
permission and limitations under the License.
When distributing Covered Code, include this CDDL
Header Notice in each file and include the License file
If applicable, add the following below the CDDL Header,
with the fields enclosed by brackets [] replaced by
your own identifying information:
"Portions Copyrighted [year] [name of copyright owner]"
--%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<%@ page language="java"%>
<%@ page import="org.owasp.esapi.ESAPI" %>
<%@ page import="com.iplanet.am.util.SystemProperties" %>
<%@ page import="com.sun.identity.shared.Constants" %>
<%@ page import="static org.forgerock.openam.authentication.modules.oauth2.OAuthParam.*" %>
<%@ page import="java.util.ResourceBundle" %>
<%@ page import="java.util.MissingResourceException" %>
<%@ page import="java.util.Locale" %>
<%@ page import="org.forgerock.openam.authentication.modules.oauth2.OAuthUtil" %>
<% // Internationalization
String ServiceURI = SystemProperties.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
String termsAndConditionsPage = ServiceURI + "/tc.html";
String lang = request.getParameter("lang");
ResourceBundle resources;
Locale locale = null;
try {
if (lang != null && lang.length() != 0) {
locale = new Locale(lang);
} else {
locale = request.getLocale();
}
resources = ResourceBundle.getBundle("amAuthOAuth", locale);
OAuthUtil.debugMessage("OAuthPwd: obtained resource bundle with locale " + locale);
} catch (MissingResourceException mr) {
OAuthUtil.debugError("OAuthPwd: Resource Bundle not found", mr);
resources = ResourceBundle.getBundle("amAuthOAuth");
}
String logoutURL = request.getParameter(PARAM_GOTO);
if (logoutURL == null) {
logoutURL = ServiceURI;
} else {
boolean isValidURL = ESAPI.validator().
isValidInput("URLContext", logoutURL, "URL", 255, false);
if (!isValidURL) {
OAuthUtil.debugError("OAuthPwd: wrong logoutURL URL attempted to be used "
+ "in the OAuthPwd page: " + logoutURL);
logoutURL = ServiceURI;
}
}
String errLength = ESAPI.encoder().encodeForHTML(resources.getString("errLength"));
String errNumbers = ESAPI.encoder().encodeForHTML(resources.getString("errNumbers"));
String errLowercase = ESAPI.encoder().encodeForHTML(resources.getString("errLowercase"));
String errUppercase = ESAPI.encoder().encodeForHTML(resources.getString("errUppercase"));
String errInvalidPass = ESAPI.encoder().encodeForHTML(resources.getString("errInvalidPass"));
String errNoMatch = ESAPI.encoder().encodeForHTML(resources.getString("errNoMatch"));
String errEmptyPass = ESAPI.encoder().encodeForHTML(resources.getString("errEmptyPass"));
String emptyField = ESAPI.encoder().encodeForHTML("");
String errTandC = ESAPI.encoder().encodeForHTML(resources.getString("errTandC"));
String passwordSetMsg = resources.getString("passwordSetMsg");
String newPassLabel = resources.getString("newPassLabel");
String token1 = ESAPI.encoder().encodeForHTML(PARAM_TOKEN1);
String token2 = ESAPI.encoder().encodeForHTML(PARAM_TOKEN2);
String confirmPassLabel = resources.getString("confirmPassLabel");
String terms = ESAPI.encoder().encodeForHTML("terms");
String termsAndCondsLabel =resources.getString("termsAndCondsLabel");
String settingForm = ESAPI.encoder().encodeForHTML("settingForm");
String button1 = ESAPI.encoder().encodeForHTML("button1");
String submitValue = ESAPI.encoder().encodeForHTML(resources.getString("submit"));
String cancelValue = ESAPI.encoder().encodeForHTML(resources.getString("cancel"));
String accept = ESAPI.encoder().encodeForHTML("accept");
String outputField = ESAPI.encoder().encodeForHTML("output");
String passwordRules = resources.getString("passwordRules");
%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link href="<%= ServiceURI%>/css/new_style.css" rel="stylesheet" type="text/css" />
<!--[if IE 9]> <link href="<%= ServiceURI%>/css/ie9.css" rel="stylesheet" type="text/css"> <![endif]-->
<!--[if lte IE 7]> <link href="<%= ServiceURI%>/css/ie7.css" rel="stylesheet" type="text/css"> <![endif]-->
<script language="JavaScript" src="<%= ServiceURI %>/js/auth.js"></script>
<title>Password change</title>
<script type="text/javascript" language="JavaScript">
function validatePassword(form, token1, token2)
{
// The following are just example rules for a password
// For the implementation you can modify them to suit your needs
var out = document.getElementById("msgcnt");
out.innerHTML = "";
if(form.elements[token1].value != '') {
if (form.elements[token1].value == form.elements[token2].value) {
if(form.elements[token1].value.length < 8) {
out.innerHTML = "<%= errLength %>";
form.elements[token1].focus();
return false;
}
var re = /[0-9]/; // Include numbers
if(!re.test(form.elements[token1].value)) {
out.innerHTML = "<%= errNumbers %>";
form.elements[token1].focus();
return false;
}
re = /[a-z]/; // Include lowercase
if(!re.test(form.elements[token1].value)) {
"<%= errLowercase %>";
form.elements[token1].focus();
return false;
}
re = /[A-Z]/; // Include Uppercase
if(!re.test(form.elements[token1].value)) {
out.innerHTML = "<%= errUppercase %>";
form.elements[token1].focus();
return false;
}
re = /^[a-zA-Z0-9.\\-\\/+=_ ]*$/ // Any of these
if(!re.test(form.elements[token1].value)) {
out.innerHTML = "<%= errInvalidPass %>";
form.elements[token1].focus();
return false;
}
} else {
out.innerHTML = "<%= errNoMatch %>";
form.elements[token1].focus();
return false;
}
out.innerHTML = "<%= emptyField %>";
return true;
} else {
form.elements[token1].focus();
out.innerHTML = "<%= errEmptyPass %>";
return false;
}
}
function validateTerms(form, terms)
{
var out = document.getElementById("msgcnt");
out.innerHTML = '';
if(form.elements[terms].checked == true) {
return true;
}
form.elements[terms].focus();
out.innerHTML = "<%= errTandC %>";
return false;
}
function validateButton(form, Login)
{
if(form.elements[Login].value == '<%= cancelValue %>') {
return false;
} else {
return true;
}
}
function adios() {
window.location = "<%= logoutURL %>";
}
function validateNow(form, token1, token2, terms, login) {
if (validatePassword(form, token1, token2)) {
if (validateTerms(form, terms)) {
if (validateButton(form, login)){
return true;
}
}
}
return false;
}
function newPopup(url) {
popupWindow = window.open(
url,'popUpWindow','height=500,width=600,left=10,top=10,\n\
resizable=yes,scrollbars=yes,toolbar=yes,menubar=no,location=no,directories=no,status=yes')
}
function toggleWdw(att)
{ var wdw=document.getElementById(att);
if (wdw.style.display == "none") {
wdw.style.display="block";
} else {
wdw.style.display="none";
}
}
function closeWindow(att){
var wdw=document.getElementById(att);
wdw.style.display="none";
}
</script>
</head>
<body>
<div class="container_12">
<div class="grid_4 suffix_8">
<a class="logo" href="<%= ServiceURI%>"></a>
</div>
<div class="box clear-float">
<div class="grid_3">
<div class="product-logo"></div>
</div>
<div class="grid_9 left-seperator">
<div class="box-content clear-float">
<h1>Password change</h1>
<p class="message"><a href="javascript:toggleWdw('rules');"><span class="icon info"></a></span><span id="msgcnt"><%= passwordSetMsg %></span>
<span id="rules" style="display:none; text-align: left; font-weight:400;"><%= passwordRules %></span></p>
<form name="<%= settingForm %>" method="POST" action="<%= emptyField %>"
onsubmit="return validateNow(this, '<%= token1 %>',
'<%= token2 %>','<%= terms %>','<%= button1 %>')">
<fieldset>
<div class="row"><label for="<%= token1 %>"><%= newPassLabel %></label><input class="textbox" type="password" id="<%= token1 %>" name="<%= token1 %>"/></div>
<div class="row"><label for="<%= token2 %>"><%= confirmPassLabel %></label><input class="textbox" type="password" id="<%= token2 %>" name="<%= token2 %>"/></div>
<div class="row">
<label>Terms</label>
<div class="checkbox">
<input type="checkbox" id="<%= terms %>" value="<%= accept%>" name="<%= terms %>"/><label for="<%= terms %>">I accept <a href="JavaScript:newPopup('<%= termsAndConditionsPage %>');"><%= termsAndCondsLabel %></a></label>
</div>
</div>
<div class="row">
<input type="submit" class="button primary" value="<%= submitValue %>" name="<%= button1 %>"/>
<input type="button" class="button" value="<%= cancelValue %>" name="<%= button1 %>" onclick="adios()"/>
</div>
</fieldset>
</form>
</div>
</div>
</div>
<div class="footer alt-color">
<div class="grid_3">
<p>Copyright © 2010 ForgeRock AS,<br />Philip Pedersens vei 1,<br />1366 Lysaker,<br />Norway.<br />All rights reserved.</p>
</div>
<div class="grid_6 suffix_3">
<p>Licensed for use under the Common Development and Distribution License (CDDL), see <a href="http://www.forgerock.com/license/CDDLv1.0.html">http://www.forgerock.com/license/CDDLv1.0.html</a> for details. This software is based on the OpenSSO/OpenAM open source project and the source includes the copyright works of other authors, granted for use under the CDDL. This distribution may include other materials developed by third parties. All Copyrights and Trademarks are property of their owners.</p>
</div>
</div>
</div>
</body>
</html>