[% USE Desks %]
[% USE Categories %]
[% USE Registers %]
+[% USE AuthClient %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>
[% IF TwoFA_prompt %]Two-factor authentication[% END %]
+ [% IF TwoFA_setup %]Two-factor authentication setup[% END %]
[% IF ( loginprompt ) %]Log in to Koha[% END %]
[% IF too_many_login_attempts %]This account has been locked.
[% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
[% IF ( different_ip ) %]IP address change[% END %]
[% IF ( timed_out ) %]Session timed out[% END %]
- [% IF ( nopermission ) %]Access denied[% END %] › Koha
+ [% IF ( nopermission ) %]Access denied[% END %]
+ [% IF ( auth_error ) %]Error authenticating in external provider[% END %] › Koha
</title>
[% INCLUDE 'doc-head-close.inc' %]
+[% PROCESS 'auth-two-factor.inc' %]
</head>
<body id="main_auth" class="main_main-auth">
[% END %]
[% ELSIF password_has_expired %]
<div id="login_error"><strong>Error: </strong>Your password has expired!</div>
- [% IF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
+ [% IF Koha.Preference('EnableExpiredPasswordReset') && Koha.Preference('OpacBaseURL') %]
+ <a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-reset-password.pl">You must reset your password</a>.
+ [% ELSIF Categories.can_any_reset_password && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') | url %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
[% ELSE %]
- <p>You must contact the library to have your password reset</p>
+ <p>You must contact the library to reset your password</p>
[% END %]
[% ELSIF invalid_username_or_password %]
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
[% END %]
+[% IF auth_error %]
+ <div id="login_error" class="alert alert-danger">
+ <p>There was an error authenticating to external identity provider</p>
+ <p>[% auth_error | html %]</p>
+ </div>
+[% END %]
+
[% IF (shibbolethAuthentication) %]
<!-- This is what is displayed if shib login has failed -->
[% IF (invalidShibLogin ) %]
<p><a href="[% shibbolethLoginUrl | $raw %]">Log in using a Shibboleth account</a>.</p>
[% END %]
-[% IF !TwoFA_prompt && !Koha.Preference('staffShibOnly') %]
+[% IF !TwoFA_prompt && !TwoFA_setup && !Koha.Preference('staffShibOnly') %]
<!-- login prompt time-->
+ [% SET auth_providers = AuthClient.get_providers('staff') %]
+ [% IF ( ! auth_providers.empty ) %]
+ [% FOREACH provider IN auth_providers %]
+ <p class="clearfix">
+ <a href="[% provider.url | url %]" class="btn btn-light col-xs-12" id="provider_[% provider.code | html %]">
+ [% IF provider.icon_url %]
+ <img src="[% provider.icon_url | url %]" style="max-height: 20px; max-width: 20px;"/>
+ [% ELSE %]
+ <i class="fa fa-user" aria-hidden="true"></i>
+ [% END %]
+ Log in with [% provider.description | html %]
+ </a>
+ </p>
+ [% END %]
+ <hr/>
+ <p>If you do not have an external account, but do have a local account, you can still log in: </p>
+ [% END # /IF auth_providers.size %]
+
<form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />
[% FOREACH INPUT IN INPUTS %]
<div id="login_error">Invalid two-factor code</div>
[% END %]
+ <div id="email_error" class="dialog alert" style="display: none;"></div>
+ <div id="email_success" class="dialog message" style="display: none;"></div>
<p>
<label for="otp_token">Two-factor authentication code:</label>
<input type="text" name="otp_token" id="otp_token" class="input focus" value="" size="20" tabindex="1" />
</p>
<p>
<input id="submit-button" type="submit" value="Verify code" />
+ <a class="send_otp" id="send_otp" href="#">Send the code by email</a>
<a class="cancel" id="logout" href="/cgi-bin/koha/mainpage.pl?logout.x=1">Cancel</a>
</p>
</form>
+[% ELSIF TwoFA_setup %]
+ [% PROCESS registration_form %]
[% END %]
[% IF ( nopermission ) %]
}
// Clear last borrowers, rememberd sql reports, carts, etc.
logOut();
+
+ $("#send_otp").on("click", function(e){
+ e.preventDefault();
+ [% UNLESS notice_email_address %]
+ alert("Cannot send the notice, you don't have an email address defined.")
+ [% ELSE %]
+ $("#email_success").hide();
+ $("#email_error").hide();
+ $.ajax({
+ url: '/api/v1/auth/otp/token_delivery',
+ type: 'POST',
+ success: function(data){
+ let message = _("The code has been sent by email, please check your inbox.")
+ $("#email_success").show().html(message);
+ },
+ error: function(data){
+ let error = data.responseJSON && data.responseJSON.error == "email_not_sent"
+ ? _("Email not sent, please contact the Koha administrator")
+ : _("Something wrong happened, please contact the Koha administrator");
+ $("#email_error").show().html(error);
+ }
+ });
+ [% END %]
+ });
+
+ if( $("#registration-form").length ) {
+ $.ajax({
+ data: {},
+ type: 'POST',
+ url: '/api/v1/auth/two-factor/registration',
+ success: function (data) {
+ $("#qr_code").attr('src', data.qr_code);
+ $("#secret32").val(data.secret32);
+ $("#issuer").html(data.issuer);
+ $("#key_id").html(data.key_id);
+ $("#registration-form").show();
+ },
+ error: function (data) {
+ alert(data);
+ },
+ });
+ };
+
+ $("#register-2FA").on("click", function(e){
+ e.preventDefault();
+ const data = {
+ secret32: $("#secret32").val(),
+ pin_code: $("#pin_code").val(),
+ };
+ if (!data.pin_code) return;
+
+ $.ajax({
+ data: data,
+ type: 'POST',
+ url: '/api/v1/auth/two-factor/registration/verification',
+ success: function (data) {
+ alert(_("Two-factor authentication correctly configured. You will be redirected to the login screen."));
+ window.location = "/cgi-bin/koha/mainpage.pl";
+ },
+ error: function (data) {
+ const error = data.responseJSON.error;
+ if ( error == 'Invalid pin' ) {
+ $("#errors").html(_("Invalid PIN code")).show();
+ } else {
+ alert(error);
+ }
+ },
+ });
+ });
+
});
</script>
[% END %]
projects / srvgit / blobdiff