mailinabox/management/templates/login.html

<style>
  .title {
    margin: 1em;
    text-align: center;
  }

  .subtitle {
    margin: 2em;
    text-align: center;
  }

  .login {
    margin: 0 auto;
    max-width: 32em;
  }

  .login #loginOtp {
    display: none;
  }

  #loginForm.is-twofactor #loginOtp {
    display: block
  }
</style>

<h1 class="title">{{hostname}}</h1>

{% if no_users_exist or no_admins_exist %}
<div class="row">
<div class="col-md-offset-2 col-md-8">
  {% if no_users_exist %}
  <p class="text-danger">There are no users on this system! To make an administrative user,
  log into this machine using SSH (like when you first set it up) and run:</p>
  <pre>cd mailinabox
sudo management/cli.py user add me@{{hostname}}
sudo management/cli.py user make-admin me@{{hostname}}</pre>
  {% else %}
  <p class="text-danger">There are no administrative users on this system! To make an administrative user,
  log into this machine using SSH (like when you first set it up) and run:</p>
  <pre>cd mailinabox
sudo management/cli.py user make-admin me@{{hostname}}</pre>
  {% endif %}
  <hr>
</div>
</div>
{% endif %}

<p class="subtitle">Log in here for your Mail-in-a-Box control panel.</p>

<div class="login">
  <form id="loginForm" class="form-horizontal" role="form" onsubmit="do_login(); return false;" method="get">
    <div class="form-group">
      <label for="inputEmail3" class="col-sm-3 control-label">Email</label>
      <div class="col-sm-9">
        <input name="email" type="email" class="form-control" id="loginEmail" placeholder="Email">
      </div>
    </div>
    <div class="form-group">
      <label for="inputPassword3" class="col-sm-3 control-label">Password</label>
      <div class="col-sm-9">
        <input name="password" type="password" class="form-control" id="loginPassword" placeholder="Password">
      </div>
    </div>
    <div class="form-group" id="loginOtp">
      <label for="loginOtpInput" class="col-sm-3 control-label">Code</label>
      <div class="col-sm-9">
          <input type="text" class="form-control" id="loginOtpInput" placeholder="6-digit code" autocomplete="off">
          <div class="help-block" style="margin-top: 5px; font-size: 90%">Enter the six-digit code generated by your two factor authentication app.</div>
      </div>
    </div>
    <div class="form-group">
      <div class="col-sm-offset-3 col-sm-9">
        <div class="checkbox">
          <label>
            <input name='remember' type="checkbox" id="loginRemember"> Remember me
          </label>
        </div>
      </div>
    </div>
    <div class="form-group">
      <div class="col-sm-offset-3 col-sm-9">
        <button type="submit" class="btn btn-default">Sign in</button>
      </div>
    </div>
  </form>
</div>

<script>
function do_login() {
  if ($('#loginEmail').val() == "") {
    show_modal_error("Login Failed", "Enter your email address.", function() {
      $('#loginEmail').focus();
    });
    return false;
  }

  if ($('#loginPassword').val() == "") {
    show_modal_error("Login Failed", "Enter your email password.", function() {
        $('#loginPassword').focus();
    });
    return false;
  }

  // Exchange the email address & password for an API key.
  api_credentials = { username: $('#loginEmail').val(), session_key: $('#loginPassword').val() }

  api(
  "/login",
  "POST",
  {},
  function(response) {
    // This API call always succeeds. It returns a JSON object indicating
    // whether the request was authenticated or not.
    if (response.status != 'ok') {
      if (response.status === 'missing-totp-token' || (response.status === 'invalid' && response.reason == 'invalid-totp-token')) {
        $('#loginForm').addClass('is-twofactor');
        if (response.reason === "invalid-totp-token") {
          show_modal_error("Login Failed", "Incorrect two factor authentication token.");
        } else {
          setTimeout(() => {
              $('#loginOtpInput').focus();
          });
        }
      } else {
        $('#loginForm').removeClass('is-twofactor');

        // Show why the login failed.
        show_modal_error("Login Failed", response.reason)

        // Reset any saved credentials.
        do_logout();
      }
    } else if (!("api_key" in response)) {
      // Login succeeded but user might not be authorized!
      show_modal_error("Login Failed", "You are not an administrator on this system.")

      // Reset any saved credentials.
      do_logout();

    } else {
      // Login succeeded.

      // Save the new credentials.
      api_credentials = { username: response.email,
                          session_key: response.api_key,
                          privileges: response.privileges };

      // Try to wipe the username/password information.
      $('#loginEmail').val('');
      $('#loginPassword').val('');
      $('#loginOtpInput').val('');
      $('#loginForm').removeClass('is-twofactor');

      // Remember the credentials.
      if (typeof localStorage != 'undefined' && typeof sessionStorage != 'undefined') {
        if ($('#loginRemember').val()) {
          localStorage.setItem("miab-cp-credentials", JSON.stringify(api_credentials));
          sessionStorage.removeItem("miab-cp-credentials");
        } else {
          localStorage.removeItem("miab-cp-credentials");
          sessionStorage.setItem("miab-cp-credentials", JSON.stringify(api_credentials));
        }
      }

      // Toggle menus.
      show_hide_menus();

      // Open the next panel the user wants to go to. Do this after the XHR response
      // is over so that we don't start a new XHR request while this one is finishing,
      // which confuses the loading indicator.
      setTimeout(function() {
        if (window.location.hash) {
          var panelid = window.location.hash.substring(1);
          show_panel(panelid);
        } else {
          show_panel(
            !switch_back_to_panel || switch_back_to_panel == "login"
            ? 'welcome'
            : switch_back_to_panel)
        }
      }, 300);

    }
  },
  undefined,
  {
    'x-auth-token': $('#loginOtpInput').val()
  });
}

function show_login() {
  $('#loginForm').removeClass('is-twofactor');
  $('#loginOtpInput').val('');
  $('#loginEmail,#loginPassword').each(function() {
    var input = $(this);
    if (!$.trim(input.val())) {
      input.focus();
      return false;
    }
  });
}

function show_hide_menus() {
  var is_logged_in = (api_credentials != null);
  var privs = api_credentials ? api_credentials.privileges : [];
  $('.if-logged-in').toggle(is_logged_in);
  $('.if-logged-in-admin, .if-logged-in-not-admin').toggle(false);
  if (is_logged_in) {
    $('.if-logged-in-not-admin').toggle(true);
    privs.forEach(function(priv) {
      $('.if-logged-in-' + priv).toggle(true);
      $('.if-logged-in-not-' + priv).toggle(false);
    });
  }
  $('.if-not-logged-in').toggle(!is_logged_in);
}
</script>
implement two factor check during login 2020-09-02 15:23:32 +00:00			`<style>`
			`.title {`
			`margin: 1em;`
			`text-align: center;`
			`}`

			`.subtitle {`
			`margin: 2em;`
			`text-align: center;`
			`}`

			`.login {`
			`margin: 0 auto;`
			`max-width: 32em;`
			`}`

			`.login #loginOtp {`
			`display: none;`
			`}`

Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`#loginForm.is-twofactor #loginOtp {`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`display: block`
			`}`
			`</style>`

			`<h1 class="title">{{hostname}}</h1>`
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00
if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 11:11:41 +00:00			`{% if no_users_exist or no_admins_exist %}`
admin: there is no need to make each panel a separate bootstrap container * also fixes the footer alignment to be within a container rather than a container-fluid * this changed the width of the login form slightly, so am cleaning that up too see #244 2014-10-21 10:56:52 +00:00			`<div class="row">`
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00			`<div class="col-md-offset-2 col-md-8">`
if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 11:11:41 +00:00			`{% if no_users_exist %}`
			`<p class="text-danger">There are no users on this system! To make an administrative user,`
			`log into this machine using SSH (like when you first set it up) and run:</p>`
			`<pre>cd mailinabox`
Rename tools/mail.py to management/cli.py 2020-10-29 19:10:11 +00:00			`sudo management/cli.py user add me@{{hostname}}`
			`sudo management/cli.py user make-admin me@{{hostname}}</pre>`
if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 11:11:41 +00:00			`{% else %}`
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00			`<p class="text-danger">There are no administrative users on this system! To make an administrative user,`
			`log into this machine using SSH (like when you first set it up) and run:</p>`
			`<pre>cd mailinabox`
Rename tools/mail.py to management/cli.py 2020-10-29 19:10:11 +00:00			`sudo management/cli.py user make-admin me@{{hostname}}</pre>`
if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 11:11:41 +00:00			`{% endif %}`
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00			`<hr>`
			`</div>`
Add missing login form method to keep LastPass happy (#1565) 2019-05-12 12:10:34 +00:00			`</div>`
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00			`{% endif %}`

implement two factor check during login 2020-09-02 15:23:32 +00:00			`<p class="subtitle">Log in here for your Mail-in-a-Box control panel.</p>`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00
implement two factor check during login 2020-09-02 15:23:32 +00:00			`<div class="login">`
			`<form id="loginForm" class="form-horizontal" role="form" onsubmit="do_login(); return false;" method="get">`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<div class="form-group">`
admin: there is no need to make each panel a separate bootstrap container * also fixes the footer alignment to be within a container rather than a container-fluid * this changed the width of the login form slightly, so am cleaning that up too see #244 2014-10-21 10:56:52 +00:00			`<label for="inputEmail3" class="col-sm-3 control-label">Email</label>`
			`<div class="col-sm-9">`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<input name="email" type="email" class="form-control" id="loginEmail" placeholder="Email">`
			`</div>`
			`</div>`
			`<div class="form-group">`
admin: there is no need to make each panel a separate bootstrap container * also fixes the footer alignment to be within a container rather than a container-fluid * this changed the width of the login form slightly, so am cleaning that up too see #244 2014-10-21 10:56:52 +00:00			`<label for="inputPassword3" class="col-sm-3 control-label">Password</label>`
			`<div class="col-sm-9">`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<input name="password" type="password" class="form-control" id="loginPassword" placeholder="Password">`
			`</div>`
			`</div>`
Reorganize MFA front-end and add label column 2020-09-27 12:31:23 +00:00			`<div class="form-group" id="loginOtp">`
			`<label for="loginOtpInput" class="col-sm-3 control-label">Code</label>`
			`<div class="col-sm-9">`
Disable auto-complete for 2FA code in the control panel login form (#2013) 2021-07-28 20:39:40 +00:00			`<input type="text" class="form-control" id="loginOtpInput" placeholder="6-digit code" autocomplete="off">`
Reorganize MFA front-end and add label column 2020-09-27 12:31:23 +00:00			`<div class="help-block" style="margin-top: 5px; font-size: 90%">Enter the six-digit code generated by your two factor authentication app.</div>`
			`</div>`
			`</div>`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<div class="form-group">`
admin: there is no need to make each panel a separate bootstrap container * also fixes the footer alignment to be within a container rather than a container-fluid * this changed the width of the login form slightly, so am cleaning that up too see #244 2014-10-21 10:56:52 +00:00			`<div class="col-sm-offset-3 col-sm-9">`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<div class="checkbox">`
			`<label>`
			`<input name='remember' type="checkbox" id="loginRemember"> Remember me`
			`</label>`
			`</div>`
			`</div>`
			`</div>`
			`<div class="form-group">`
admin: there is no need to make each panel a separate bootstrap container * also fixes the footer alignment to be within a container rather than a container-fluid * this changed the width of the login form slightly, so am cleaning that up too see #244 2014-10-21 10:56:52 +00:00			`<div class="col-sm-offset-3 col-sm-9">`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`<button type="submit" class="btn btn-default">Sign in</button>`
			`</div>`
			`</div>`
			`</form>`
			`</div>`

			`<script>`
			`function do_login() {`
			`if ($('#loginEmail').val() == "") {`
Focus on fields in the login form This just makes life a little easier... Squashed the following commits: * Use $.trim() for better browser support 2015-08-27 20:06:14 +00:00			`show_modal_error("Login Failed", "Enter your email address.", function() {`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`$('#loginEmail').focus();`
Focus on fields in the login form This just makes life a little easier... Squashed the following commits: * Use $.trim() for better browser support 2015-08-27 20:06:14 +00:00			`});`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`return false;`
			`}`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`if ($('#loginPassword').val() == "") {`
Focus on fields in the login form This just makes life a little easier... Squashed the following commits: * Use $.trim() for better browser support 2015-08-27 20:06:14 +00:00			`show_modal_error("Login Failed", "Enter your email password.", function() {`
			`$('#loginPassword').focus();`
			`});`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`return false;`
			`}`

			`// Exchange the email address & password for an API key.`
Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00			`api_credentials = { username: $('#loginEmail').val(), session_key: $('#loginPassword').val() }`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00
			`api(`
Replace HMAC-based session API keys with tokens stored in memory in the daemon process Since the session cache clears keys after a period of time, this fixes #1821. Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so: Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com> Also fixes #2029 by not revealing through the login failure error message whether a user exists or not. 2021-08-22 20:07:16 +00:00			`"/login",`
			`"POST",`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`{},`
			`function(response) {`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`// This API call always succeeds. It returns a JSON object indicating`
			`// whether the request was authenticated or not.`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`if (response.status != 'ok') {`
Reorganize MFA front-end and add label column 2020-09-27 12:31:23 +00:00			`if (response.status === 'missing-totp-token' \|\| (response.status === 'invalid' && response.reason == 'invalid-totp-token')) {`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`$('#loginForm').addClass('is-twofactor');`
Reorganize MFA front-end and add label column 2020-09-27 12:31:23 +00:00			`if (response.reason === "invalid-totp-token") {`
			`show_modal_error("Login Failed", "Incorrect two factor authentication token.");`
			`} else {`
			`setTimeout(() => {`
			`$('#loginOtpInput').focus();`
			`});`
			`}`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`} else {`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`$('#loginForm').removeClass('is-twofactor');`
Reorganize MFA front-end and add label column 2020-09-27 12:31:23 +00:00
implement two factor check during login 2020-09-02 15:23:32 +00:00			`// Show why the login failed.`
			`show_modal_error("Login Failed", response.reason)`

			`// Reset any saved credentials.`
			`do_logout();`
			`}`
split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism This was done to pave the way for two-factor authentication, but that's still a ways off. 2014-11-30 15:43:07 +00:00			`} else if (!("api_key" in response)) {`
			`// Login succeeded but user might not be authorized!`
			`show_modal_error("Login Failed", "You are not an administrator on this system.")`

			`// Reset any saved credentials.`
			`do_logout();`

web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`} else {`
			`// Login succeeded.`

			`// Save the new credentials.`
Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00			`api_credentials = { username: response.email,`
			`session_key: response.api_key,`
			`privileges: response.privileges };`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00
			`// Try to wipe the username/password information.`
			`$('#loginEmail').val('');`
			`$('#loginPassword').val('');`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`$('#loginOtpInput').val('');`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`$('#loginForm').removeClass('is-twofactor');`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00
			`// Remember the credentials.`
			`if (typeof localStorage != 'undefined' && typeof sessionStorage != 'undefined') {`
			`if ($('#loginRemember').val()) {`
Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00			`localStorage.setItem("miab-cp-credentials", JSON.stringify(api_credentials));`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`sessionStorage.removeItem("miab-cp-credentials");`
			`} else {`
			`localStorage.removeItem("miab-cp-credentials");`
Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00			`sessionStorage.setItem("miab-cp-credentials", JSON.stringify(api_credentials));`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`}`
			`}`

Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00			`// Toggle menus.`
			`show_hide_menus();`

delay an ajax call to see if this fixes the problem of the loading indicator not going away after showing the user a panel after login 2014-10-11 16:41:42 +00:00			`// Open the next panel the user wants to go to. Do this after the XHR response`
			`// is over so that we don't start a new XHR request while this one is finishing,`
			`// which confuses the loading indicator.`
Improve control panel panel switching behaviour by using the URL fragment (#2252) 2023-05-13 10:49:34 +00:00			`setTimeout(function() {`
			`if (window.location.hash) {`
			`var panelid = window.location.hash.substring(1);`
			`show_panel(panelid);`
			`} else {`
			`show_panel(`
			`!switch_back_to_panel \|\| switch_back_to_panel == "login"`
			`? 'welcome'`
			`: switch_back_to_panel)`
			`}`
			`}, 300);`

web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`}`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`},`
			`undefined,`
			`{`
			`'x-auth-token': $('#loginOtpInput').val()`
			`});`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`}`

Focus on fields in the login form This just makes life a little easier... Squashed the following commits: * Use $.trim() for better browser support 2015-08-27 20:06:14 +00:00			`function show_login() {`
Autofocus otp input when logging in, update layout 2020-09-02 18:30:08 +00:00			`$('#loginForm').removeClass('is-twofactor');`
implement two factor check during login 2020-09-02 15:23:32 +00:00			`$('#loginOtpInput').val('');`
Focus on fields in the login form This just makes life a little easier... Squashed the following commits: * Use $.trim() for better browser support 2015-08-27 20:06:14 +00:00			`$('#loginEmail,#loginPassword').each(function() {`
			`var input = $(this);`
			`if (!$.trim(input.val())) {`
			`input.focus();`
			`return false;`
			`}`
			`});`
			`}`
Allow non-admin login to the control panel and show/hide menu items depending on the login state * When logged out, no menu items are shown. * When logged in, Log Out is shown. * When logged in as an admin, the remaining menu items are also shown. * When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown. Fixes #1987 2021-08-22 20:40:07 +00:00
			`function show_hide_menus() {`
			`var is_logged_in = (api_credentials != null);`
			`var privs = api_credentials ? api_credentials.privileges : [];`
			`$('.if-logged-in').toggle(is_logged_in);`
			`$('.if-logged-in-admin, .if-logged-in-not-admin').toggle(false);`
			`if (is_logged_in) {`
			`$('.if-logged-in-not-admin').toggle(true);`
			`privs.forEach(function(priv) {`
			`$('.if-logged-in-' + priv).toggle(true);`
			`$('.if-logged-in-not-' + priv).toggle(false);`
			`});`
			`}`
			`$('.if-not-logged-in').toggle(!is_logged_in);`
			`}`
web-based administrative UI closes #19 2014-08-17 22:43:57 +00:00			`</script>`