diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2012-08-09 14:16:58 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-08-14 08:20:46 +0200 |
commit | be144da672e0634f7aaeff69d662cbc4d11aff0f (patch) | |
tree | a154838c5a2c4e1cac60b8b260b15447bf24ec24 /install/ui/ipa.js | |
parent | ade68ec94f00f69033b310c74467c4e5c1dda35c (diff) | |
download | freeipa-be144da672e0634f7aaeff69d662cbc4d11aff0f.tar.gz freeipa-be144da672e0634f7aaeff69d662cbc4d11aff0f.tar.xz freeipa-be144da672e0634f7aaeff69d662cbc4d11aff0f.zip |
Handle case when trusted domain user access the Web UI
WebUI catches the fact that the user can't access LDAP server with a current ticket. It shows form-based auth login dialog. Previoustly an ugly error was returned on an almost empty page, and user had no recourse.
https://fedorahosted.org/freeipa/ticket/2897
Diffstat (limited to 'install/ui/ipa.js')
-rw-r--r-- | install/ui/ipa.js | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 92cd1dfd3..0c13e5e43 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -55,6 +55,8 @@ var IPA = function() { that.network_call_count = 0; + that.ui = {}; + /* initialize the IPA JSON-RPC helper */ that.init = function(params) { @@ -190,7 +192,10 @@ var IPA = function() { objects, commands ], - on_success: params.on_success, + on_success: function(data, text_status, xhr) { + IPA.ui.initialized = true; + params.on_success.call(this, data, text_status, xhr); + }, on_error: params.on_error }); @@ -308,10 +313,12 @@ IPA.get_credentials = function() { function error_handler(xhr, text_status, error_thrown) { status = xhr.status; + IPA.ui.logged_kerberos = false; } function success_handler(data, text_status, xhr) { status = xhr.status; + IPA.ui.logged_kerberos = true; } var request = { @@ -379,6 +386,7 @@ IPA.login_password = function(username, password) { function success_handler(data, text_status, xhr) { result = 'success'; + IPA.ui.logged_password = true; } function error_handler(xhr, text_status, error_thrown) { @@ -392,6 +400,8 @@ IPA.login_password = function(username, password) { result = 'expired'; } } + + IPA.ui.logged_password = false; } var data = { @@ -730,6 +740,16 @@ IPA.command = function(spec) { error_thrown.message = error_msg; } + // global specical cases error handlers section + + // With trusts, user from trusted domain can use his ticket but he + // doesn't have rights for LDAP modify. It will throw internal errror. + // We should offer form base login. + if (xhr.status === 500 && IPA.ui.logged_kerberos && !IPA.ui.initialized) { + auth_dialog_open(xhr, text_status, error_thrown); + return; + } + if (that.retry) { dialog_open.call(this, xhr, text_status, error_thrown); |