6 files changed, 52 insertions, 21 deletions

diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js
index f38a60dc3..7296aa4ca 100644
--- a/install/ui/src/freeipa/Application_controller.js
+++ b/install/ui/src/freeipa/Application_controller.js
@@ -27,6 +27,7 @@ define([
         'dojo/topic',
         'dojo/query',
         'dojo/dom-class',
+        './auth',
         './json2',
         './widgets/App',
         './widgets/FacetContainer',
@@ -36,7 +37,7 @@ define([
         './navigation/Router',
         './navigation/menu_spec'
        ],
-       function(declare, lang, array, Deferred, on, topic, query, dom_class,
+       function(declare, lang, array, Deferred, on, topic, query, dom_class, auth,
             JSON, App_widget, FacetContainer, IPA, reg, Menu, Router, menu_spec) {
 
     /**
@@ -297,6 +298,12 @@ define([
 
         show_facet: function(facet) {
 
+            // prevent changing facet when authenticating
+            if (this.current_facet && this.current_facet.name === 'login' &&
+                !auth.current.authenticated && facet.requires_auth) {
+                return;
+            }
+
             // choose container
             var container = this.containers[facet.preferred_container];
             if (!container) container = this.containers.main;
@@ -455,7 +462,6 @@ define([
                 var login_facet = reg.facet.get('login');
 
                 on.once(login_facet, "logged_in", function() {
-
                     if (facet) {
                         self.show_facet(facet);
                     }
diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js
index 46d72e7be..419011627 100644
--- a/install/ui/src/freeipa/facet.js
+++ b/install/ui/src/freeipa/facet.js
@@ -220,6 +220,13 @@ exp.facet = IPA.facet = function(spec, no_init) {
      */
     that._needs_update = spec.needs_update;
 
+
+    /**
+     * Facet is shown
+     * @property {Boolean}
+     */
+    that.is_shown = false;
+
     /**
      * Marks facet as expired - needs update
      *
@@ -291,6 +298,13 @@ exp.facet = IPA.facet = function(spec, no_init) {
      */
     that.redirect_info = spec.redirect_info;
 
+
+    /**
+     * Facet requires authenticated user
+     * @type {Boolean}
+     */
+    that.requires_auth = spec.requires_auth !== undefined ? spec.requires_auth : true;
+
     /**
      * Public state
      * @property {facet.FacetState}
@@ -480,7 +494,7 @@ exp.facet = IPA.facet = function(spec, no_init) {
         that.old_state = state;
 
         // we don't have to reflect any changes if facet dom is not yet created
-        if (!that.dom_node) {
+        if (!that.dom_node || !that.is_shown) {
             if (needs_update) that.set_expired_flag();
             return;
         }
@@ -651,30 +665,29 @@ exp.facet = IPA.facet = function(spec, no_init) {
      */
     that.show = function() {
 
+        if (that.is_shown) return;
+        that.is_shown = true;
+
         that.entity.facet = that; // FIXME: remove
 
         if (!that.dom_node) {
             that.create();
+        }
 
-            var state = that.state.clone();
-            var needs_update = that.needs_update(state);
-            that.old_state = state;
+        var state = that.state.clone();
+        var needs_update = that.needs_update(state);
+        that.old_state = state;
 
-            if (needs_update) {
-                that.clear();
-            }
+        if (needs_update) {
+            that.clear();
+        }
 
-            that.dom_node.addClass('active-facet');
-            that.show_content();
-            that.header.select_tab();
+        that.dom_node.addClass('active-facet');
+        that.show_content();
+        that.header.select_tab();
 
-            if (needs_update) {
-                that.refresh();
-            }
-        } else {
-            that.dom_node.addClass('active-facet');
-            that.show_content();
-            that.header.select_tab();
+        if (needs_update) {
+            that.refresh();
         }
     };
 
@@ -714,6 +727,7 @@ exp.facet = IPA.facet = function(spec, no_init) {
      * Un-mark itself as active facet
      */
     that.hide = function() {
+        that.is_shown = false;
         that.dom_node.removeClass('active-facet');
     };
 
diff --git a/install/ui/src/freeipa/facets/Facet.js b/install/ui/src/freeipa/facets/Facet.js
index fe2e6631e..e015329c9 100644
--- a/install/ui/src/freeipa/facets/Facet.js
+++ b/install/ui/src/freeipa/facets/Facet.js
@@ -113,6 +113,12 @@ define(['dojo/_base/declare',
         redirect_info: null,
 
         /**
+         * Facet requires authenticated user
+         * @type {Boolean}
+         */
+        requires_auth: true,
+
+        /**
          * Public state
          * @property {facet.FacetState}
          * @protected
@@ -323,6 +329,9 @@ define(['dojo/_base/declare',
             this.container_node = spec.container_node;
             this.dom_node = spec.dom_node;
             this.redirect_info = spec.redirect_info;
+            if (spec.requires_auth !== undefined) {
+                this.requires_auth = spec.requires_auth;
+            }
             this.state = new mod_facet.FacetState();
             on(this.state, 'set', lang.hitch(this, this.on_state_set));
         }
diff --git a/install/ui/src/freeipa/plugins/load_page.js b/install/ui/src/freeipa/plugins/load_page.js
index eb8f22acd..7d8a466bb 100644
--- a/install/ui/src/freeipa/plugins/load_page.js
+++ b/install/ui/src/freeipa/plugins/load_page.js
@@ -40,6 +40,7 @@ define([
     load.facet_spec = {
         name: 'load',
         preferred_container: 'simple',
+        requires_auth: false,
         'class': 'login-pf-body',
         widgets: [
             {
diff --git a/install/ui/src/freeipa/plugins/login.js b/install/ui/src/freeipa/plugins/login.js
index a659faaa9..cf9e5bea8 100644
--- a/install/ui/src/freeipa/plugins/login.js
+++ b/install/ui/src/freeipa/plugins/login.js
@@ -43,6 +43,7 @@ define(['dojo/_base/declare',
     login.facet_spec = {
         name: 'login',
         preferred_container: 'simple',
+        requires_auth: false,
         widgets: [
             {
                 $type: 'activity',
@@ -60,7 +61,7 @@ define(['dojo/_base/declare',
     login.LoginFacet = declare([Facet], {
 
         can_leave: function() {
-            return auth.authenticated;
+            return auth.current.authenticated;
         },
 
         init: function() {
diff --git a/install/ui/src/freeipa/rpc.js b/install/ui/src/freeipa/rpc.js
index 3ad7e8b1b..981b0c783 100644
--- a/install/ui/src/freeipa/rpc.js
+++ b/install/ui/src/freeipa/rpc.js
@@ -289,7 +289,7 @@ rpc.command = function(spec) {
             // With trusts, user from trusted domain can use his ticket but he
             // doesn't have rights for LDAP modify. It will throw internal error.
             // We should offer form base login.
-            if (xhr.status === 500 && auth.authenticated_by === 'kerberos' &&
+            if (xhr.status === 500 && auth.current.authenticated_by === 'kerberos' &&
                 !IPA.ui.initialized) {
                 error_handler_auth(xhr, text_status, error_thrown);
                 return;