+[% USE raw %]
+[% USE Asset %]
+[% USE Koha %]
+[% USE Branches %]
+[% USE Desks %]
+[% USE Categories %]
+[% USE Registers %]
+[% USE AuthClient %]
+[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
-<title>Koha ›
- [% IF ( nopermission ) %]Access denied[% END %]
- [% IF ( timed_out ) %]Session timed out[% END %]
- [% IF ( different_ip ) %]IP address change[% END %]
- [% IF ( invalid_username_or_password ) %]Invalid username or password[% END %]
+<title>
+ [% IF TwoFA_prompt %]Two-factor authentication[% END %]
+ [% IF TwoFA_setup %]Two-factor authentication setup[% END %]
[% IF ( loginprompt ) %]Log in to Koha[% END %]
+ [% IF too_many_login_attempts %]This account has been locked.
+ [% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
+ [% IF ( different_ip ) %]IP address change[% END %]
+ [% IF ( timed_out ) %]Session timed out[% END %]
+ [% IF ( nopermission ) %]Access denied[% END %]
+ [% IF ( auth_error ) %]Error authenticating in external provider[% END %] › Koha
</title>
[% INCLUDE 'doc-head-close.inc' %]
+[% PROCESS 'auth-two-factor.inc' %]
</head>
-<body id="main_auth" class="main">
+<body id="main_auth" class="main_main-auth">
-<div id="doc" class="yui-t7">
- <div id="bd">
+<div class="main container-fluid">
<div id="login">
<h1><a href="http://koha-community.org">Koha</a></h1>
+[% IF (Koha.Preference('StaffLoginInstructions')) %]<div id="login_instructions">[% Koha.Preference('StaffLoginInstructions') | $raw %]</div>[% END %]
[% IF ( nopermission ) %]
-<div id="login_error"><strong>Error:</strong> You do not have permission to access this page. <a href="/cgi-bin/koha/mainpage.pl?logout.x=1">Click to log out</a></div>
+<div id="login_error">
+ <strong>Error:</strong>
+ You do not have permission to access this page.
+</div>
+<p><strong>Log in as a different user</strong></p></h2>
[% END %]
[% IF ( timed_out ) %]
[% END %]
[% IF ( wrongip ) %]
-<div id="login_error"><strong>Error: </strong>IndependentBranches and Autolocation are switched on and you are logging in with an IP address that doesn't match your library. </div>
+<div id="login_error"><strong>Error: </strong>Autolocation is switched on and you are logging in with an IP address that doesn't match your library. </div>
[% END %]
-[% IF ( invalid_username_or_password ) %]
+[% IF too_many_login_attempts %]
+ <div id="login_error"><strong>Error: </strong>This account has been locked!</div>
+ [% IF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
+ <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
+ [% END %]
+[% ELSIF password_has_expired %]
+ <div id="login_error"><strong>Error: </strong>Your password has expired!</div>
+ [% IF Koha.Preference('EnableExpiredPasswordReset') && Koha.Preference('OpacBaseURL') %]
+ <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-reset-password.pl">You must reset your password</a>.
+ [% ELSIF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
+ <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
+ [% ELSE %]
+ <p>You must contact the library to reset your password</p>
+ [% END %]
+[% ELSIF invalid_username_or_password %]
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
[% END %]
-<!-- login prompt time-->
-<form action="[% url %]" method="post" name="loginform" id="loginform">
- <input type="hidden" name="koha_login_context" value="intranet" />
-[% FOREACH INPUT IN INPUTS %]
- <input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
+[% IF auth_error %]
+ <div id="login_error" class="alert alert-danger">
+ <p>There was an error authenticating to external identity provider</p>
+ <p>[% auth_error | html %]</p>
+ </div>
+[% END %]
+
+[% IF (shibbolethAuthentication) %]
+<!-- This is what is displayed if shib login has failed -->
+[% IF (invalidShibLogin ) %]
+<div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
+[% END %]
+<p><a href="[% shibbolethLoginUrl | $raw %]">Log in using a Shibboleth account</a>.</p>
[% END %]
-<p><label for="userid">Username:</label>
-<input type="text" name="userid" id="userid" class="input focus" value="[% userid %]" size="20" tabindex="1" />
-</p>
-<p><label for="password">Password:</label>
-<input type="password" name="password" id="password" class="input" value="" size="20" tabindex="2" />
-</p>
-
-[% IF ( AutoLocation ) %][% ELSE %]
-[% IF ( IndependantBranches ) %][% ELSE %]
-<p><label for="branch">Library:</label>
- <select name="branch" id="branch" class="input" tabindex="3">
- <option value="">My library</option>
- [% FOREACH branchloo IN branchloop %]
- <option value="[% branchloo.branchcode %]">[% branchloo.branchname %]</option>
+
+[% IF !TwoFA_prompt && !TwoFA_setup && !Koha.Preference('staffShibOnly') %]
+ <!-- login prompt time-->
+ [% SET auth_providers = AuthClient.get_providers('staff') %]
+ [% IF ( ! auth_providers.empty ) %]
+ [% FOREACH provider IN auth_providers %]
+ <p class="clearfix">
+ <a href="[% provider.url | url %]" class="btn btn-light col-xs-12" id="provider_[% provider.code | html %]">
+ [% IF provider.icon_url %]
+ <img src="[% provider.icon_url | url %]" style="max-height: 20px; max-width: 20px;"/>
+ [% ELSE %]
+ <i class="fa fa-user" aria-hidden="true"></i>
+ [% END %]
+ Log in with [% provider.description | html %]
+ </a>
+ </p>
+ [% END %]
+ <hr/>
+ <p>If you do not have an external account, but do have a local account, you can still log in: </p>
+ [% END # /IF auth_providers.size %]
+
+ <form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
+ <input type="hidden" name="koha_login_context" value="intranet" />
+ [% FOREACH INPUT IN INPUTS %]
+ <input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
+ [% END %]
+ <p><label for="userid">Username:</label>
+ <input type="text" name="userid" id="userid" class="input focus" value="[% userid | html %]" size="20" tabindex="1" autocomplete="off" />
+ </p>
+ <p><label for="password">Password:</label>
+ <input type="password" name="password" id="password" class="input" value="" size="20" tabindex="2" autocomplete="off" />
+ </p>
+
+ [% UNLESS IndependentBranches %]
+ <p>
+ <label for="branch">Library:</label>
+ <select name="branch" id="branch" class="input" tabindex="3">
+ <option value="">My library</option>
+ [% FOREACH l IN Branches.all( unfiltered => 1 ) %]
+ <option value="[% l.branchcode | html %]">[% l.branchname | html %]</option>
+ [% END %]
+ </select>
+ </p>
+
+ [% IF Koha.Preference('UseCirculationDesks') && Desks.all %]
+ <p>
+ <label for="desk">Desk:</label>
+ <select name="desk_id" id="desk_id" class="input" tabindex="3">
+ <option id="nodesk" value="">---</option>
+ [% FOREACH d IN Desks.all %]
+ <option class="[% d.branchcode | html %]" value="[% d.desk_id | html %]" disabled >[% d.desk_name | html %]</option>
+ [% END %]
+ </select>
+ </p>
+ [% END %]
+
+ [% IF Koha.Preference('UseCashRegisters') && Registers.all().size %]
+ <p>
+ <label for="register_id">Cash register:</label>
+ <select name="register_id" id="register_id" class="input" tabindex="4">
+ <option id="noregister" value="" selected="selected">Library default</option>
+ [% PROCESS options_for_registers registers => Registers.all() %]
+ </select>
+ </p>
+ [% END %]
+
[% END %]
- </select>
- </p>[% END %]
- [% END %]
-<!-- <p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />Remember me</label></p> -->
+ <!-- <p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />Remember me</label></p> -->
+
+ <p class="submit"><input id="submit-button" type="submit" value="Log in" tabindex="4" /></p>
+ </form>
+
+ [% IF ( casAuthentication ) %]
+ <h4>Cas login</h4>
+
+ [% IF ( invalidCasLogin ) %]
+ <!-- This is what is displayed if cas login has failed -->
+ <p>Sorry, the CAS login failed.</p>
+ [% END %]
+
+ [% IF ( casServerUrl ) %]
+ <p><a href="[% casServerUrl | $raw %]">If you have a CAS account, please click here to login</a>.<p>
+ [% END %]
+
+ [% IF ( casServersLoop ) %]
+ <p>If you have a CAS account, please choose against which one you would like to authenticate:</p>
+ <ul>
+ [% FOREACH casServer IN casServersLoop %]
+ <li><a href="[% casServer.value | $raw %]">[% casServer.name | html %]</a></li>
+ [% END %]
+ [% END %]
+ [% END %]
+[% ELSIF TwoFA_prompt %]
+ <form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
+ <input type="hidden" name="koha_login_context" value="intranet" />
+ [% FOREACH INPUT IN INPUTS %]
+ <input type="hidden" name="[% INPUT.name | html %]" value="[% INPUT.value | html %]" />
+ [% END %]
+ [% IF invalid_otp_token %]
+ <div id="login_error">Invalid two-factor code</div>
+ [% END %]
+
+ <div id="email_error" class="dialog alert" style="display: none;"></div>
+ <div id="email_success" class="dialog message" style="display: none;"></div>
+ <p>
+ <label for="otp_token">Two-factor authentication code:</label>
+ <input type="text" name="otp_token" id="otp_token" class="input focus" value="" size="20" tabindex="1" />
+ </p>
+ <p>
+ <input id="submit-button" type="submit" value="Verify code" />
+ <a class="send_otp" id="send_otp" href="#">Send the code by email</a>
+ <a class="cancel" id="logout" href="/cgi-bin/koha/mainpage.pl?logout.x=1">Cancel</a>
+ </p>
+
+ </form>
+[% ELSIF TwoFA_setup %]
+ [% PROCESS registration_form %]
+[% END %]
+
+[% IF ( nopermission ) %]
+ <p><a id="previous_page" href="javascript:window.history.back()">[Previous page]</a>
+ <a id="mainpage" href="/">[Main page]</a></p>
+[% END %]
+
-<p class="submit"><input id="submit" type="submit" value="Login" tabindex="4" /></p>
-</form>
<!--<ul> -->
<!-- <li><a href="/cgi-bin/koha/lostpassword.pl" title="Password lost and found">Lost your password?</a></li> -->
<!-- </ul> -->
</div>
-</div>
+[% MACRO jsinclude BLOCK %]
+ [% Asset.js("js/desk_selection.js") | $raw %]
+ [% Asset.js("js/register_selection.js") | $raw %]
+ <script>
+ $(document).ready( function() {
+ if ( document.location.hash ) {
+ $( '#loginform' ).append( '<input name="auth_forwarded_hash" type="hidden" value="' + document.location.hash + '"/>' );
+ }
+ // Clear last borrowers, rememberd sql reports, carts, etc.
+ logOut();
+
+ $("#send_otp").on("click", function(e){
+ e.preventDefault();
+ [% UNLESS notice_email_address %]
+ alert("Cannot send the notice, you don't have an email address defined.")
+ [% ELSE %]
+ $("#email_success").hide();
+ $("#email_error").hide();
+ $.ajax({
+ url: '/api/v1/auth/otp/token_delivery',
+ type: 'POST',
+ success: function(data){
+ let message = _("The code has been sent by email, please check your inbox.")
+ $("#email_success").show().html(message);
+ },
+ error: function(data){
+ let error = data.responseJSON && data.responseJSON.error == "email_not_sent"
+ ? _("Email not sent, please contact the Koha administrator")
+ : _("Something wrong happened, please contact the Koha administrator");
+ $("#email_error").show().html(error);
+ }
+ });
+ [% END %]
+ });
+
+ if( $("#registration-form").length ) {
+ $.ajax({
+ data: {},
+ type: 'POST',
+ url: '/api/v1/auth/two-factor/registration',
+ success: function (data) {
+ $("#qr_code").attr('src', data.qr_code);
+ $("#secret32").val(data.secret32);
+ $("#issuer").html(data.issuer);
+ $("#key_id").html(data.key_id);
+ $("#registration-form").show();
+ },
+ error: function (data) {
+ alert(data);
+ },
+ });
+ };
+
+ $("#register-2FA").on("click", function(e){
+ e.preventDefault();
+ const data = {
+ secret32: $("#secret32").val(),
+ pin_code: $("#pin_code").val(),
+ };
+ if (!data.pin_code) return;
+
+ $.ajax({
+ data: data,
+ type: 'POST',
+ url: '/api/v1/auth/two-factor/registration/verification',
+ success: function (data) {
+ alert(_("Two-factor authentication correctly configured. You will be redirected to the login screen."));
+ window.location = "/cgi-bin/koha/mainpage.pl";
+ },
+ error: function (data) {
+ const error = data.responseJSON.error;
+ if ( error == 'Invalid pin' ) {
+ $("#errors").html(_("Invalid PIN code")).show();
+ } else {
+ alert(error);
+ }
+ },
+ });
+ });
+
+ });
+ </script>
+[% END %]
+<!-- the main div is closed in intranet-bottom.inc -->
[% INCLUDE 'intranet-bottom.inc' %]
projects / srvgit / blobdiff