--- loncom/interface/lonpreferences.pm	2019/04/30 12:56:23	1.232
+++ loncom/interface/lonpreferences.pm	2021/03/06 19:44:12	1.238
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Preferences
 #
-# $Id: lonpreferences.pm,v 1.232 2019/04/30 12:56:23 raeburn Exp $
+# $Id: lonpreferences.pm,v 1.238 2021/03/06 19:44:12 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -363,7 +363,7 @@ $options.'
 &Apache::lonhtmlcommon::row_closure(1).
 &Apache::lonhtmlcommon::end_pick_box().'
 </div>');
-    if ($roles_check_list) { 
+    if ($roles_check_list) {
         $r->print('<div class="LC_left_float">
 <h4>'.&mt('Freeze Roles').'</h4>
 <p>'.&mt('The table below can be used to [_1]freeze[_2] '.$lc_role.'s in the Hotlist.','<q>','</q>').'<br />'.
@@ -627,7 +627,7 @@ sub icon_options {
 }
 
 sub icon_previews {
-     my %icon_text = (
+     my %icon_text = &Apache::lonlocal::texthash (
                       annotate => 'Notes',
                       wishlist => 'Stored Links',
                       catalog  => 'Info',
@@ -636,12 +636,12 @@ sub icon_previews {
                       printout => 'Print',
                      );
     my %inlinetools = (
-        printout => "s&8&3&prt.png&$icon_text{'printout'}&printout[_1]&gopost('/adm/printout',currentURL)&Prepare a printable document",
-        wishlist => "s&9&1&wishlist-link.png&$icon_text{'wishlist'}&wishlistlink[_2]&set_wishlistlink()&Save a link for this resource in your personal Stored Links repository",
-        evaluate => "s&8&1&eval.png&$icon_text{'evaluate'}&this[_1]&gopost('/adm/evaluate',currentURL,1)&Provide my evaluation of this resource",
-        feedback => "s&8&2&fdbk.png&$icon_text{'feedback'}&discuss[_1]&gopost('/adm/feedback',currentURL,1)&Provide feedback messages or contribute to the course discussion about this resource",
-        annotate => "s&9&3&anot.png&$icon_text{'annotate'}&tations[_1]&annotate()&Make notes and annotations about this resource",
-        catalog  => "s&6&3&catalog.png&$icon_text{'catalog'}&info[_1]&catalog_info()&Show Metadata",
+        printout => "s&8&3&prt.png&$icon_text{'printout'}&printout[_1]&gopost('/adm/printout',currentURL)&".&mt('Prepare a printable document'),
+        wishlist => "s&9&1&wishlist-link.png&$icon_text{'wishlist'}&wishlistlink[_2]&set_wishlistlink()&".&mt('Save a link for this resource in your personal Stored Links repository'),
+        evaluate => "s&8&1&eval.png&$icon_text{'evaluate'}&this[_1]&gopost('/adm/evaluate',currentURL,1)&".&mt('Provide my evaluation of this resource'),
+        feedback => "s&8&2&fdbk.png&$icon_text{'feedback'}&discuss[_1]&gopost('/adm/feedback',currentURL,1)&".&mt('Provide feedback messages or contribute to the course discussion about this resource'),
+        annotate => "s&9&3&anot.png&$icon_text{'annotate'}&tations[_1]&annotate()&".&mt('Make notes and annotations about this resource'),
+        catalog  => "s&6&3&catalog.png&$icon_text{'catalog'}&info[_1]&catalog_info()&".&mt('Show Metadata'),
     );
     my @toolsorder = qw(annotate wishlist evaluate feedback printout catalog);
     return (\%inlinetools,\@toolsorder);
@@ -1273,18 +1273,18 @@ sub passwordchanger {
         $r->print(Apache::loncommon::start_page('Personal Data'));
         $r->print(Apache::lonhtmlcommon::breadcrumbs('Change Password'));
     }
-    my ($blocked,$blocktext) =
-        &Apache::loncommon::blocking_status('passwd');
-    if ($blocked) {
-        $r->print('<p class="LC_warning">'.$blocktext.'</p>');
-        return;
-    }
     if ((!defined($caller)) || ($caller eq 'preferences')) {
         $user = $env{'user.name'};
         $domain = $env{'user.domain'};
         if (!defined($caller)) {
             $caller = 'preferences';
         }
+        my ($blocked,$blocktext) =
+            &Apache::loncommon::blocking_status('passwd');
+        if ($blocked) {
+            $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+            return;
+        }
     } elsif ($caller eq 'reset_by_email') {
         my %data = &Apache::lonnet::tmpget($mailtoken);
         if (keys(%data) == 0) {
@@ -1301,6 +1301,12 @@ sub passwordchanger {
                 $user = $data{'username'};
                 $domain = $data{'domain'};
                 $currentpass = $data{'temppasswd'};
+                my ($blocked,$blocktext) =
+                    &Apache::loncommon::blocking_status('passwd',$user,$domain);
+                if ($blocked) {
+                    $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+                    return;
+                }
             } else {
                 $r->print(
                     '<p class="LC_warning">'
@@ -1360,7 +1366,7 @@ sub passwordchanger {
 	my $jsh=Apache::File->new($include."/londes.js");
 	$r->print(<$jsh>);
     }
-    $r->print(&jscript_send($caller,$extrafields));
+    $r->print(&jscript_send($caller,$domain,$currentauth,$extrafields));
     $r->print(<<ENDFORM);
 $errormessage
 
@@ -1377,11 +1383,105 @@ ENDFORM
 }
 
 sub jscript_send {
-    my ($caller,$extrafields) = @_;
+    my ($caller,$domain,$currentauth,$extrafields) = @_;
+    my ($min,$max,$rulestr,$numrules);
+    $min = $Apache::lonnet::passwdmin;
+    my %js_lt = &Apache::lonlocal::texthash(
+              uc => 'New password needs at least one upper case letter',
+              lc => 'New password needs at least one lower case letter',
+              num => 'New password needs at least one number',
+              spec => 'New password needs at least one non-alphanumeric',
+              blank1 => 'Empty Password field',
+              blank2 => 'Empty Confirm Password field',
+              mismatch => 'Contents of Password and Confirm Password fields must match',
+              fail => 'Please fix the following:',
+    );
+    &js_escape(\%js_lt);
+    if ($currentauth eq 'internal:') {
+        if ($domain ne '') {
+            my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+            if (keys(%passwdconf)) {
+                if ($passwdconf{min}) {
+                    $min = $passwdconf{min};
+                }
+                if ($passwdconf{max}) {
+                    $max = $passwdconf{max};
+                    $js_lt{'long'} = &js_escape(&mt('Maximum password length: [_1]',$max));
+                }
+                if (ref($passwdconf{chars}) eq 'ARRAY') {
+                    if (@{$passwdconf{chars}}) {
+                        $rulestr =  join('","',@{$passwdconf{chars}});
+                        $numrules = scalar(@{$passwdconf{chars}});
+                    }
+                }
+            }
+        }
+    }
+    $js_lt{'short'} = &js_escape(&mt('Minimum password length: [_1]',$min));
+
+    my $passwdcheck = <<"ENDJS";
+        var errors = new Array();
+        var min = parseInt("$min") || 0;
+        var currauth = "$currentauth";
+        if (this.document.client.elements.newpass_1.value == '') {
+            errors.push("$js_lt{'blank1'}");
+        }
+        if (this.document.client.elements.newpass_2.value == '') {
+            errors.push("$js_lt{'blank2'}");
+        }
+        if (errors.length == 0) {
+            if (this.document.client.elements.newpass_1.value !=  this.document.client.elements.newpass_2.value) {
+                errors.push("$js_lt{'mismatch'}");
+            }
+            var posspass = this.document.client.elements.newpass_1.value;
+            if (min > 0) {
+                if (posspass.length < min) {
+                    errors.push("$js_lt{'short'}");
+                }
+            }
+            if (currauth == 'internal:') {
+                var max = parseInt("$max") || 0;
+                if (max > 0) {
+                    if (posspass.length > max) {
+                        errors.push("$js_lt{'long'}");
+                    }
+                }
+                var numrules = parseInt("$numrules") || 0;
+                if (numrules > 0) {
+                    var rules = new Array("$rulestr");
+                    for (var i=0; i<rules.length; i++) {
+                        if (rules[i] == 'uc') {
+                            if (!posspass.match(/[A-Z]/)) {
+                                errors.push("$js_lt{'uc'}");
+                            }
+                        } else if (rules[i] == 'lc') {
+                            if (!posspass.match(/[a-z]/)) {
+                                errors.push("$js_lt{'lc'}");
+                            }
+                        } else if (rules[i] == 'num') {
+                            if (!posspass.match(/\\d/)) {
+                                errors.push("$js_lt{'num'}");
+                            }
+                        } else if (rules[i] == 'spec') {
+                            var pattern = /^[!@#$%^&*()_+\\-=\\[\\]{};':"\\\|,.<a>\\/?]/;
+                            if (!posspass.match(pattern)) {
+                                errors.push("$js_lt{'spec'}");
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        if (errors.length > 0) {
+            alert("$js_lt{'fail'}"+"\\n\\n"+errors.join("\\n"));
+            return;
+        }
+ENDJS
     my $output = qq|
 <script type="text/javascript" language="JavaScript">
 
     function send() {
+$passwdcheck
         uextkey=this.document.client.elements.ukey_cpass.value;
         lextkey=this.document.client.elements.lkey_cpass.value;
         initkeys();
@@ -1408,7 +1508,7 @@ sub jscript_send {
 |;
         }
         if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) {
-            $output .= qq| 
+            $output .= qq|
         this.document.pserver.elements.email.value =
                    this.document.client.elements.email.value;
 |;
@@ -1444,7 +1544,7 @@ sub client_form {
                       .&Apache::lonhtmlcommon::row_closure();
         }
         if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) {
-            $output .= &Apache::lonhtmlcommon::row_title(  
+            $output .= &Apache::lonhtmlcommon::row_title(
                        '<label for="uname">'.$lt{'username'}.'</label>')
                       .'<input type="text" name="uname" size="20" autocapitalize="off" autocorrect="off" />'
                       .&Apache::lonhtmlcommon::row_closure()
@@ -1522,14 +1622,8 @@ sub server_form {
 }
 
 sub verify_and_change_password {
-    my ($r,$caller,$mailtoken,$ended) = @_;
+    my ($r,$caller,$mailtoken,$timelimit,$extrafields,$ended) = @_;
     my ($user,$domain,$homeserver);
-    my ($blocked,$blocktext) =
-        &Apache::loncommon::blocking_status('passwd');
-    if ($blocked) {
-        $r->print('<p class="LC_warning">'.$blocktext.'</p>');
-        return;
-    }
     if ($caller eq 'reset_by_email') {
         $user       = $env{'form.uname'};
         $domain     = $env{'form.udom'};
@@ -1538,20 +1632,30 @@ sub verify_and_change_password {
             if ($homeserver eq 'no_host') {
         &passwordchanger($r,"<p>\n<span class='LC_error'>".
                          &mt("Invalid username and/or domain")."</span>\n</p>",
-                         $caller,$mailtoken);
-                return 1;
+                         $caller,$mailtoken,$timelimit,$extrafields);
+                return 'no_host';
             }
         } else {
             &passwordchanger($r,"<p>\n<span class='LC_error'>".
                              &mt("Username and domain were blank")."</span>\n</p>",
-                             $caller,$mailtoken);
-            return 1;
+                             $caller,$mailtoken,$timelimit,$extrafields);
+            return 'missingdata';
         }
     } else {
         $user       = $env{'user.name'};
         $domain     = $env{'user.domain'};
         $homeserver = $env{'user.home'};
     }
+    my ($blocked,$blocktext) =
+        &Apache::loncommon::blocking_status('passwd',$user,$domain);
+    if ($blocked) {
+        $r->print('<p class="LC_warning">'.$blocktext.'</p>');
+        if ($caller eq 'reset_by_email') {
+            return 'blocked';
+        } else {
+            return;
+        }
+    }
     my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
     # Check for authentication types that allow changing of the password.
     if ($currentauth !~ /^(unix|internal):/) {
@@ -1559,8 +1663,8 @@ sub verify_and_change_password {
             &passwordchanger($r,"<p>\n<span class='LC_error'>".
                              &mt("Authentication type for this user can not be changed by this mechanism").
                              "</span>\n</p>",
-                              $caller,$mailtoken);
-            return 1;
+                              $caller,$mailtoken,$timelimit,$extrafields);
+            return 'otherauth';
         } else {
             return;
         }
@@ -1576,8 +1680,12 @@ sub verify_and_change_password {
 	    defined($newpass2)    ){
 	&passwordchanger($r,"<p>\n<span class='LC_error'>".
 			 &mt("One or more password fields were blank").
-                         "</span>\n</p>",$caller,$mailtoken);
-	return;
+                         "</span>\n</p>",$caller,$mailtoken,$timelimit,$extrafields);
+        if ($caller eq 'reset_by_email') {
+            return 'missingdata';
+        } else {
+            return;
+        }
     }
     # Get the keys
     my $lonhost = $r->dir_config('lonHostID');
@@ -1595,7 +1703,11 @@ sub verify_and_change_password {
 </p>
 ENDERROR
         # Probably should log an error here
-        return 1;
+        if ($caller eq 'reset_by_email') {
+            return 'internalerror';
+        } else {
+            return;
+        }
     }
     my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
     #
@@ -1609,101 +1721,52 @@ ENDERROR
             &passwordchanger($r,
                          '<span class="LC_error">'.
                          &mt('Could not verify current authentication.').'  '.
-                         &mt('Please try again.').'</span>',$caller,$mailtoken);
-            return 1;
+                         &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+            return 'emptydata';
         }
         if ($currentpass ne $data{'temppasswd'}) {
             &passwordchanger($r,
                          '<span class="LC_error">'.
                          &mt('Could not verify current authentication.').'  '.
-                         &mt('Please try again.').'</span>',$caller,$mailtoken);
-            return 1;
+                         &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+            return 'missingtemp';
         }
     }
     if ($newpass1 ne $newpass2) {
 	&passwordchanger($r,
 			 '<span class="LC_warning">'.
 			 &mt('The new passwords you entered do not match.').'  '.
-			 &mt('Please try again.').'</span>',$caller,$mailtoken);
-	return 1;
+			 &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+        if ($caller eq 'reset_by_email') {
+            return 'mismatch';
+        } else {
+            return;
+        }
     }
     if ($currentauth eq 'unix:') {
         if (length($newpass1) < 7) {
             &passwordchanger($r,
                              '<span class="LC_warning">'.
                              &mt('Passwords must be a minimum of 7 characters long.').'  '.
-                             &mt('Please try again.').'</span>',$caller,$mailtoken);
-            return 1;
-        }
-    } else {
-        my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
-        my ($min,$max,@chars,@brokerule);
-        if (ref($passwdconf{'chars'}) eq 'ARRAY') {
-            if ($passwdconf{'min'} =~ /^\d+$/) {
-                $min = $passwdconf{'min'};
-            }
-            if ($passwdconf{'max'} =~ /^\d+$/) {
-                $max = $passwdconf{'max'};
-            }
-            @chars = @{$passwdconf{'chars'}};
-        } else {
-            $min = 7;
-        }
-        if (($min) && (length($newpass1) < $min)) {
-            push(@brokerule,'min');
-        }
-        if (($max) && (length($newpass1) > $max)) {
-            push(@brokerule,'max');
-        }
-        if (@chars) {
-            my %rules;
-            map { $rules{$_} = 1; } @chars;
-            if ($rules{'uc'}) {
-                unless ($newpass1 =~ /[A-Z]/) {
-                    push(@brokerule,'uc');
-                }
-            }
-            if ($rules{'lc'}) {
-                unless ($newpass1 =~ /a-z/) {
-                    push(@brokerule,'lc');
-                }
-            }
-            if ($rules{'num'}) {
-                unless ($newpass1 =~ /\d/) {
-                    push(@brokerule,'num');
-                }
-            }
-            if ($rules{'spec'}) {
-                unless ($newpass1 =~ /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{|}~]/) {
-                    push(@brokerule,'spec');
-                }
+                             &mt('Please try again.').'</span>',$caller,$mailtoken,$timelimit,$extrafields);
+            if ($caller eq 'reset_by_email') {
+                return 'length';
+            } else {
+                return;
             }
         }
-        if (@brokerule) {
-            my %rulenames = &Apache::lonlocal::texthash(
-                uc   => 'At least one upper case letter',
-                lc   => 'At least one lower case letter',
-                num  => 'At least one number',
-                spec => 'At least one non-alphanumeric',
-            );
-            $rulenames{'uc'} .= ': ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-            $rulenames{'lc'} .= ': abcdefghijklmnopqrstuvwxyz';
-            $rulenames{'num'} .= ': 0123456789';
-            $rulenames{'spec'} .= ': !&quot;\#$%&amp;\'()*+,-./:;&lt;=&gt;?@[\]^_\`{|}~';
-            $rulenames{'min'} = &mt('Minimum password length: [_1]',$min);
-            $rulenames{'max'} = &mt('Maximum password length: [_1]',$max);
-            my $warning = &mt('Password did not satisfy the following:').'<ul>';
-            foreach my $rule ('min','max','uc','ls','num','spec') {
-                if (grep(/^$rule$/,@brokerule)) {
-                    $warning .= '<li>'.$rulenames{$rule}.'</li>';
-                }
-            }
-            $warning .= '</ul>';
+    } else {
+        my $warning = &Apache::loncommon::check_passwd_rules($domain,$newpass1);
+        if ($warning) {
             &passwordchanger($r,'<span class="LC_warning">'.
                             $warning.
                             &mt('Please try again.').'</span>',
-                            $caller,$mailtoken);
-            return 1;
+                            $caller,$mailtoken,$timelimit,$extrafields);
+            if ($caller eq 'reset_by_email') {
+                return 'rules';
+            } else {
+                return;
+            }
         }
     }
     #
@@ -1723,8 +1786,12 @@ ENDERROR
 ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~
 </pre></span>
 ENDERROR
-        &passwordchanger($r,$errormessage,$caller,$mailtoken);
-        return 1;
+        &passwordchanger($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields);
+        if ($caller eq 'reset_by_email') {
+            return 'badchars';
+        } else {
+            return;
+        }
     }
     # 
     # Change the password (finally)
@@ -1747,7 +1814,7 @@ ENDERROR
 	# error error: run in circles, scream and shout
         if ($caller eq 'reset_by_email') {
             if (!$result) {
-                return 1;
+                return 'error';
             } else {
                 return $result;
             }
@@ -2367,7 +2434,7 @@ sub handler {
     } else {
         $brlink ='/adm/preferences';
         $brtxt = 'Set User Preferences';
-        $brhelp = 'Prefs_About_Me,Prefs_Language,Prefs_Screen_Name_Nickname,Change_Colors,Change_Password,Prefs_Messages,Change_Discussion_Display';   
+        $brhelp = 'Prefs_About_Me,Prefs_Language,Prefs_Screen_Name_Nickname,Change_Colors,Change_Password,Prefs_Messages,Change_Discussion_Display';
     }
     Apache::lonhtmlcommon::add_breadcrumb
         ({href => $brlink,
@@ -2379,7 +2446,7 @@ sub handler {
     }elsif($env{'form.action'} eq 'changepass'){
         &passwordchanger($r);
     }elsif($env{'form.action'} eq 'verify_and_change_pass'){
-        &verify_and_change_password($r,'preferences','',\$ended);
+        &verify_and_change_password($r,'preferences','','','',\$ended);
     }elsif($env{'form.action'} eq 'changescreenname'){
         &screennamechanger($r);
     }elsif($env{'form.action'} eq 'verify_and_change_screenname'){