kallithea Changeset - 6eafa1e06d71

Changeset - 6eafa1e06d71

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 12 years ago 2014-07-18 19:22:01
madski@unity3d.com

passwords: disable autocomplete - admin's browser should not offer to store passwords

3 files changed with 4 insertions and 4 deletions:

kallithea/templates/admin/auth/auth_settings.html

kallithea/templates/admin/users/user_add.html

kallithea/templates/register.html

0 comments (0 inline, 0 general)

kallithea/templates/admin/auth/auth_settings.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Authentication Settings')}
     %if c.site_name:
         &middot; ${c.site_name}
     %endif
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Authentication')}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     ${h.form(url('auth_settings'))}
     <div class="form">
     ## enabled auth plugins
     <h1>${_('Authentication Plugins')}</h1>
     <div class="fields">
        <div class="field">
            <div class="label"><label for="auth_plugins">${_("Enabled Plugins")}</label></div>
            <div class="input">${h.text("auth_plugins", class_='large')}
            <span class="help-block">${_('Comma separated list of plugins. Order of plugins is also order in which Kallithea will try to authenticate user')}</span>
                <div style="padding:10px 0px 10px 0px;font-weight: bold">${_('Available built-in plugins')}</div>
                <ul>
                %for plugin_path in c.available_plugins:
                     <li>
                       <div style="padding:3px 0px 3px 0px">
                           <span style="margin: 0px 10px 0px 0px" plugin_id="${plugin_path}" class="toggle-plugin btn btn-mini ${'btn-success' if plugin_path in c.enabled_plugins else ''}">
                           ${_('enabled') if plugin_path in c.enabled_plugins else _('disabled')}</span>${plugin_path}
                       </div>
                     </li>
                %endfor
                </ul>
            </div>
        </div>
        <div class="buttons">
           ${h.submit('save',_('Save'),class_="btn")}
        </div>
     </div>
     %for cnt, module in enumerate(c.auth_plugins):
         <% pluginName = c.auth_plugins_shortnames[module] %>
         <h1>${_('Plugin')}: ${pluginName}</h1>
         <div class="fields">
         ## autoform generation, based on plugin definition from it's settings
         %for setting in c.plugin_settings[module]:
             <% fullsetting = "auth_%s_%s" % (pluginName, setting["name"]) %>
             <% displayname = (setting["formname"] if ("formname" in setting) else setting["name"]) %>
             %if setting["type"] == "password":
             <div class="field">
                 <div class="label"><label for="${fullsetting}">${_(displayname)}</label></div>
                 <div class="input">
                     ${h.password(fullsetting,class_='small')}
+                    ${h.password(fullsetting,class_='small',autocomplete="off")}
                     <span class="help-block">${setting["description"]}</span>
                 </div>
             </div>
             %elif setting["type"] in ["string", "int"]:
             <div class="field">
                 <div class="label"><label for="${fullsetting}">${_(displayname)}</label></div>
                 <div class="input">
                     ${h.text(fullsetting,class_='small')}
                     <span class="help-block">${setting["description"]}</span>
                 </div>
             </div>
             %elif setting["type"] == "bool":
             <div class="field">
                 <div class="label label-checkbox"><label for="${fullsetting}">${_(displayname)}</label></div>
                 <div class="checkboxes">
                     <div class="checkbox">${h.checkbox(fullsetting,True,class_='small')}</div>
                     <span class="help-block">${setting["description"]}</span>
                 </div>
             </div>
             %elif setting["type"] == "select":
             <div class="field">
                 <div class="label"><label for="${fullsetting}">${_(displayname)}</label></div>
                 <div class="select">
                     ${h.select(fullsetting,setting['values'][0],setting['values'],class_='small')}
                     <span class="help-block">${setting["description"]}</span>
                 </div>
             </div>
             %else:
             <div class="field">
                 <div class="label"><label for="${fullsetting}">${_(displayname)}</label></div>
                 <div class="input">This field is of type ${setting['type']}, which cannot be displayed. Must be one of [string|int|bool|select].</div>
                 <span class="help-block">${setting["description"]}</span>
             </div>
             %endif
         %endfor
         </div>
     %endfor
     </div>
     ${h.end_form()}
 </div>
 <script>
     YUE.on(YUQ('.toggle-plugin'),'click', function(e){
         var auth_plugins_input = YUD.get('auth_plugins');
         var notEmpty = function(element, index, array) {
             return (element != "");
+        }
         var elems = auth_plugins_input.value.split(',').filter(notEmpty);
         var cur_button = e.currentTarget;
         var plugin_id = YUD.getAttribute(cur_button, 'plugin_id');
         if(YUD.hasClass(cur_button, 'btn-success')){
             elems.splice(elems.indexOf(plugin_id), 1);
             auth_plugins_input.value = elems.join(',');
             YUD.removeClass(cur_button, 'btn-success');
             cur_button.innerHTML = _TM['disabled'];
+        }
         else{
             console.log(elems)
             if(elems.indexOf(plugin_id) == -1){
                elems.push(plugin_id);
+            }
             auth_plugins_input.value = elems.join(',');
             YUD.addClass(cur_button, 'btn-success');
             cur_button.innerHTML = _TM['enabled'];
+        }
     })
 </script>
 </%def>

kallithea/templates/admin/users/user_add.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Add user')}
     %if c.site_name:
         &middot; ${c.site_name}
     %endif
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Users'),h.url('users'))}
     &raquo;
     ${_('Add User')}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('users'))}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('username',class_='small')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password">${_('Password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password',class_='small')}
+                    ${h.password('password',class_='small',autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password_confirmation">${_('Password confirmation')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password_confirmation',class_="small",autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="firstname">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_='small')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='small')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='small')}
                     ${h.hidden('extern_name', c.default_extern_type)}
                     ${h.hidden('extern_type', c.default_extern_type)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True,checked='checked')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="btn")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>
 <script>
     $(document).ready(function(){
         $('#username').focus();
     })
 </script>

kallithea/templates/register.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="base/root.html"/>
 <%def name="title()">
     ${_('Sign Up')}
     %if c.site_name:
         &middot; ${c.site_name}
     %endif
 </%def>
 <div id="header">
     <div id="header-inner" class="title">
         <div id="logo">
             <div class="header">
                 <a href="${h.url('home')}" style="display: block;"><img src="${h.url('/images/kallithea-logo.svg')}" onerror="this.src='${h.url('/images/kallithea-logo.png')}'" alt="Kallithea"/></a>
             </div>
             %if c.site_name:
              <div class="branding">- ${c.site_name}</div>
             %endif
         </div>
     </div>
 </div>
 <div id="register">
     <%include file="/base/flash_msg.html"/>
     <div class="title withlogo">
         %if c.site_name:
             <h5>${_('Sign Up to %s') % c.site_name}</h5>
         %else:
             <h5>${_('Sign Up')}</h5>
         %endif
     </div>
     <div class="inner">
         ${h.form(url('register'))}
         <div class="form">
             <!-- fields -->
             <div class="fields">
                 <div class="field">
                     <div class="label">
                         <label for="username">${_('Username')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('username',class_="medium")}
                     </div>
                 </div>
                 <div class="field">
                     <div class="label">
                         <label for="password">${_('Password')}:</label>
                     </div>
                     <div class="input">
                         ${h.password('password',class_="medium")}
+                        ${h.password('password',class_="medium",autocomplete="off")}
                     </div>
                 </div>
                 <div class="field">
                     <div class="label">
                         <label for="password">${_('Re-enter password')}:</label>
                     </div>
                     <div class="input">
                         ${h.password('password_confirmation',class_="medium")}
+                        ${h.password('password_confirmation',class_="medium",autocomplete="off")}
                     </div>
                 </div>
                 <div class="field">
                     <div class="label">
                         <label for="firstname">${_('First Name')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('firstname',class_="medium")}
                     </div>
                 </div>
                 <div class="field">
                     <div class="label">
                         <label for="lastname">${_('Last Name')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('lastname',class_="medium")}
                     </div>
                 </div>
                 <div class="field">
                     <div class="label">
                         <label for="email">${_('Email')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('email',class_="medium")}
                     </div>
                 </div>
                 %if c.captcha_active:
                 <div class="field">
                     <div class="label">
                         <label for="email">${_('Captcha')}:</label>
                     </div>
                     <div class="input">
                         ${h.hidden('recaptcha_field')}
                         <div id="recaptcha"></div>
                     </div>
                 </div>
                 %endif
                 <div class="buttons">
                     <div class="nohighlight">
                       ${h.submit('sign_up',_('Sign Up'),class_="btn")}
                       %if c.auto_active:
                           <div class="activation_msg">${_('Your account will be activated right after registration')}</div>
                       %else:
                           <div class="activation_msg">${_('Your account must wait for activation by administrator')}</div>
                       %endif
                     </div>
                 </div>
             </div>
         </div>
         ${h.end_form()}
         %if c.captcha_active:
         <script type="text/javascript" src="https://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
         %endif
         <script type="text/javascript">
         $(document).ready(function(){
             $('#username').focus();
             %if c.captcha_active:
             Recaptcha.create("${c.captcha_public_key}", "recaptcha",
+                {
                   theme: "white",
+                }
             );
             %endif
         });
         </script>
     </div>
  </div>

0 comments (0 inline, 0 general)