changepassword.js - mozsearch

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

"use strict";

const { XPCOMUtils } = ChromeUtils.importESModule(

  "resource://gre/modules/XPCOMUtils.sys.mjs"

);

ChromeUtils.defineLazyGetter(

  this,

  "l10n",

  () => new Localization(["security/pippki/pippki.ftl"], true)

);

var params;

var token;

var pw1;

function doPrompt(messageL10nId) {

  let msg = l10n.formatValueSync(messageL10nId);

  Services.prompt.alert(window, null, msg);

function onLoad() {

  document.getElementById("set_password").getButton("accept").disabled = true;

  document.addEventListener("dialogaccept", setPassword);

  pw1 = document.getElementById("pw1");

  params = window.arguments[0].QueryInterface(Ci.nsIDialogParamBlock);

  token = params.objects.GetElementAt(0).QueryInterface(Ci.nsIPK11Token);

  document.l10n.setAttributes(

    document.getElementById("tokenName"),

    "change-password-token",

    { tokenName: token.tokenName }

);

  process();

function process() {

  let bundle = document.getElementById("pippki_bundle");

  let oldpwbox = document.getElementById("oldpw");

  let msgBox = document.getElementById("message");

  // If the token is unitialized, don't use the old password box.

  // Otherwise, do.

  if ((token.needsLogin() && token.needsUserInit) || !token.needsLogin()) {

    oldpwbox.hidden = true;

    msgBox.setAttribute("value", bundle.getString("password_not_set"));

    msgBox.hidden = false;

    if (!token.needsLogin()) {

      oldpwbox.setAttribute("inited", "empty");

    } else {

      oldpwbox.setAttribute("inited", "true");

    // Select first password field

    document.getElementById("pw1").focus();

  } else {

    // Select old password field

    oldpwbox.hidden = false;

    msgBox.hidden = true;

    oldpwbox.setAttribute("inited", "false");

    oldpwbox.focus();

  // Return value 0 means "canceled"

  params.SetInt(1, 0);

  checkPasswords();

function setPassword(event) {

  var oldpwbox = document.getElementById("oldpw");

  var initpw = oldpwbox.getAttribute("inited");

  var success = false;

  if (initpw == "false" || initpw == "empty") {

    try {

      var oldpw = "";

      var passok = 0;

      if (initpw == "empty") {

        passok = 1;

      } else {

        oldpw = oldpwbox.value;

        passok = token.checkPassword(oldpw);

      if (passok) {

        if (initpw == "empty" && pw1.value == "") {

          // checkPasswords() should have prevented this path from being reached.

        } else {

          if (pw1.value == "") {

            var secmoddb = Cc[

              "@mozilla.org/security/pkcs11moduledb;1"

            ].getService(Ci.nsIPKCS11ModuleDB);

            if (secmoddb.isFIPSEnabled) {

              // empty passwords are not allowed in FIPS mode

              doPrompt("pippki-pw-change2empty-in-fips-mode");

              passok = 0;

          if (passok) {

            token.changePassword(oldpw, pw1.value);

            if (pw1.value == "") {

              doPrompt("pippki-pw-erased-ok");

            } else {

              doPrompt("pippki-pw-change-ok");

            success = true;

      } else {

        oldpwbox.focus();

        oldpwbox.setAttribute("value", "");

        doPrompt("pippki-incorrect-pw");

    } catch (e) {

      doPrompt("pippki-failed-pw-change");

  } else {

    token.initPassword(pw1.value);

    if (pw1.value == "") {

      doPrompt("pippki-pw-not-wanted");

    success = true;

  if (success && params) {

    // Return value 1 means "successfully executed ok"

    params.SetInt(1, 1);

  // Terminate dialog

  if (!success) {

    event.preventDefault();

function setPasswordStrength() {

  // We weigh the quality of the password by checking the number of:

  //  - Characters

  //  - Numbers

  //  - Non-alphanumeric chars

  //  - Upper and lower case characters

  let pw = document.getElementById("pw1").value;

  let pwlength = pw.length;

  if (pwlength > 5) {

    pwlength = 5;

  let numnumeric = pw.replace(/[0-9]/g, "");

  let numeric = pw.length - numnumeric.length;

  if (numeric > 3) {

    numeric = 3;

  let symbols = pw.replace(/\W/g, "");

  let numsymbols = pw.length - symbols.length;

  if (numsymbols > 3) {

    numsymbols = 3;

  let numupper = pw.replace(/[A-Z]/g, "");

  let upper = pw.length - numupper.length;

  if (upper > 3) {

    upper = 3;

  let pwstrength =

    pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;

  // Clamp strength to [0, 100].

  if (pwstrength < 0) {

    pwstrength = 0;

  if (pwstrength > 100) {

    pwstrength = 100;

  let meter = document.getElementById("pwmeter");

  meter.setAttribute("value", pwstrength);

function checkPasswords() {

  let pw1 = document.getElementById("pw1").value;

  let pw2 = document.getElementById("pw2").value;

  var oldpwbox = document.getElementById("oldpw");

  if (oldpwbox) {

    var initpw = oldpwbox.getAttribute("inited");

    if (initpw == "empty" && pw1 == "") {

      // The token has already been initialized, therefore this dialog

      // was called with the intention to change the password.

      // The token currently uses an empty password.

      // We will not allow changing the password from empty to empty.

      document

        .getElementById("set_password")

        .getButton("accept").disabled = true;

      return;

  document.getElementById("set_password").getButton("accept").disabled =

    pw1 != pw2;