| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address column in A, AAAA DNS records was exented of redirection capabilities.
Redirection dialog is shown after a click on a value.
Dialog does following steps:
1) fetch all dns zones
2) find most accurate reverse zone for IP address
2 -fail) show error message, stop
3) checks if target record exists in the zone
3 -fail) show 'dns record create link', stop
4) redirects
Click on 'dns record create link':
1) creates record
1 -fail) show error, stop
2) redirects
https://fedorahosted.org/freeipa/ticket/1975
|
|
|
|
|
|
|
|
| |
To user and host details pages was added ipasshpubkey attribute.
New widget for ssh public keys was created.
https://fedorahosted.org/freeipa/ticket/2340
|
|
|
|
|
|
|
| |
In user group adder dialog, the "Is this a POSIX group?" was replaced with "POSIX group".
In host search facet, the "Enrolled?" was replaced with "Enrolled".
https://fedorahosted.org/freeipa/ticket/2353
|
|
|
|
|
|
|
|
|
|
| |
Problem:
Entity link (eg: to hosts in dns record or to dns record in host) is not changing its state when linked record doesn't exist. The link can remain wrongly enabled from previous state.
Fixed:
The link is disabled when target doesn't exist.
https://fedorahosted.org/freeipa/ticket/2364
|
|
|
|
|
|
|
|
|
|
| |
The patch fixes a problem in error_handler_login() when it gets
an error other than 401.
The login_url is not needed for fixtures because it does not need
authentication.
The patch also fixes jslint warnings and formatting issues.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a session manager and support for caching
authentication in the session. Major elements of the patch are:
* Add a session manager to support cookie based sessions which
stores session data in a memcached entry.
* Add ipalib/krb_utils.py which contains functions to parse ccache
names, format principals, format KRB timestamps, and a KRB_CCache
class which reads ccache entry and allows one to extract information
such as the principal, credentials, credential timestamps, etc.
* Move krb constants defined in ipalib/rpc.py to ipa_krb_utils.py so
that all kerberos items are co-located.
* Modify javascript in ipa.js so that the IPA.command() RPC call
checks for authentication needed error response and if it receives
it sends a GET request to /ipa/login URL to refresh credentials.
* Add session_auth_duration config item to constants.py, used to
configure how long a session remains valid.
* Add parse_time_duration utility to ipalib/util.py. Used to parse the
session_auth_duration config item.
* Update the default.conf.5 man page to document session_auth_duration
config item (also added documentation for log_manager config items
which had been inadvertantly omitted from a previous commit).
* Add SessionError object to ipalib/errors.py
* Move Kerberos protection in Apache config from /ipa to /ipa/xml and
/ipa/login
* Add SessionCCache class to session.py to manage temporary Kerberos
ccache file in effect for the duration of an RPC command.
* Adds a krblogin plugin used to implement the /ipa/login
handler. login handler sets the session expiration time, currently
60 minutes or the expiration of the TGT, whichever is shorter. It
also copies the ccache provied by mod_auth_kerb into the session
data. The json handler will later extract and validate the ccache
belonging to the session.
* Refactored the WSGI handlers so that json and xlmrpc could have
independent behavior, this also moves where create and destroy
context occurs, now done in the individual handler rather than the
parent class.
* The json handler now looks up the session data, validates the ccache
bound to the session, if it's expired replies with authenicated
needed error.
* Add documentation to session.py. Fully documents the entire process,
got questions, read the doc.
* Add exclusions to make-lint as needed.
|
|
|
|
|
|
|
| |
Hard-coded labels in Automember UI have been moved into internal.py to
allow translation.
https://fedorahosted.org/freeipa/ticket/2195
|
|
|
|
|
|
|
|
| |
In this patch was implemented and added a control for defining default automember groups.
There is a difference from UXD spec. In the spec the control was placed below table in the search facet. This was not working well with the combobox in the control. Open combobox requires some space below it. As it was placed at the bottom of the page it created unwanted blank space and forced showing scrollbars. Moving the control above the table solves the problem without rewriting combobox logic. It can be rewritten and moved down later.
https://fedorahosted.org/freeipa/ticket/2195
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New UI for automember.
Implemented:
* search facet core
* rule details facet
* attribute_table_widget - new base class for tables which contains multivalued attribute with special add/remove commands
* adding/removing conditions in details facet
TODO:
* label translations
* UI for defining default rules
https://fedorahosted.org/freeipa/ticket/2195
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current implementation target facet of navigation(from menu) and redirection is always one exact facet per entity. There isn't a way to navigate to different facet from menu or redirect to different facets from various facets.
This patch adds:
* possibility to define menu items which can navigate to different facets of various entities. This also means that now current menu tree can contain leafs with the same entity.
* possibility to define redirection target per facet - it is needed to keep breadcrumb navigation consistent with various navigation tree patch leading to same entity leafs.
This functionality is needed for Automember UI. Automember UI is designed as if it was for two entities but it is in fact only one.
https://fedorahosted.org/freeipa/ticket/2195
|
|
|
|
|
|
|
|
|
|
|
| |
The user details page was modified to show the password expiration
date next to the existing password field.
Fixed problem resetting password in self-service mode. The JSON
interface for the passwd command requires the username to be
specified although the equivalent CLI command doesn't require it.
Ticket #2064
|
|
|
|
|
|
|
| |
The textareas used to display certificates were modified to use
fixed font.
Ticket #2017
|
|
|
|
|
|
|
| |
Users do not have add/delete permission in self-service mode, so
the search facet was modified to hide the Add/Delete buttons.
Ticket #2188
|
|
|
|
|
|
|
|
|
|
|
| |
The status formatter was modified to show enabled/disabled icon
before the status text.
The format classes were renamed to formatter to avoid confusion
with the format() method. A new parameter 'type' was added to the
formatter to determine the output type (e.g. text/html).
Ticket #1996
|
|
|
|
|
|
|
| |
The host managed-by adder dialog has been fixed to use the new
--not-man-hosts option to filter out hosts that are already added.
Ticket #1675
|
|
|
|
|
|
|
|
| |
Paging in DNS record search facet was disabled because there was a mismatch between primary keys sent by server and values displayed in the facet.
The facet was modified to enable paging. To preserve amount of information which was displayed before, current rows have variable height - they can contain more that one line depending on number of values in the record. Each record has a checkbox and indsname in its first line to distinguish one record from others. Because there is only one checkbox for record, delete command is called with --rem-all option which causes that entire record is removed. Individual values can be deleted in record's details facet.
https://fedorahosted.org/freeipa/ticket/2094
|
|
|
|
|
|
| |
DNS UI was modified to offer structured way of defining DNS records.
https://fedorahosted.org/freeipa/ticket/2208
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Web UI is caching records. Currently only possible ways how to display updated record which was changed elsewhere - ie. in CLI are:
* refresh page in browser (takes really long on slow vpns)
* search facet: change filter, find, change filter back, find
* entity details: go to search, select other entry, go back to search, select original entry
* association facet: same as entity details
These are unconvenient methods.
This patch adds Refresh button to search, details and association facet. This button executes facets refresh method.
https://fedorahosted.org/freeipa/ticket/2051
|
|
|
|
|
|
|
|
|
| |
This patch modifies the status attributes in users, DNS zones,
HBAC/sudo rules, HBAC test, and SELinux User Map to use the same
label (i.e. Status) and values (i.e. Enabled/Disabled). The method
to change the status will be modified separately.
Ticket #2247
|
|
|
|
|
|
|
|
| |
The users, HBAC/sudo rules, HBAC test, and SELinux list pages have
been modified to show disabled entries in gray. Icons will be added
separately.
Ticket #1996
|
|
|
|
|
|
|
|
|
|
|
| |
The automount keys search facet has been modified to support paging.
Since the automountkey-find command doesn't support --pkey-only
option, the facet is configured such that during a refresh operation
it will retrieve all entries (including the key and info attributes)
and then display only the ones that are supposed to be visible in
the current page.
Ticket #2093
|
|
|
|
|
|
| |
This patch adds UI for SELinux user mapping. Its design is based on HBAC Rule design.
https://fedorahosted.org/freeipa/ticket/2145
|
|
|
|
|
|
|
|
| |
Paging has been enabled on self-service permissions and delegations
list pages. The search facet's get_pkeys() has been fixed to handle
non-array value. New test data files have been added as well.
Ticket #2092
|
|
|
|
|
|
|
|
|
| |
Due to a recent change the deleting automount keys and DNS records no
longer worked. The functions that are supposed to get the selected
values has been fixed to use the correct names and element type. They
also have been converted into methods of the search facets.
Ticket #2256
|
|
|
|
|
|
|
|
|
|
| |
The certificate request dialog box has been modified to show
the OpenSSL commands for generating a CSR.
The realm and entry names in the test data have been fixed to
be more consistent.
Ticket #1012
|
|
|
|
|
|
|
|
|
| |
Also fixed minor issues reagarding IP addresses or multivalued field:
- removed unnecessary method overrides from multivalued_field
- fixed extract_child_value method in multivalued_widget to return '' instead of empty arrays when value array is empty
- net.js - changed method name and error message from 'trailing zeros' to 'leading zeros'
https://fedorahosted.org/freeipa/ticket/1466
|
|
|
|
|
|
| |
The attribute was added to adder dialog and details facet. It uses entity select (group) widget.
https://fedorahosted.org/freeipa/ticket/2101
|
|
|
|
|
|
|
|
| |
The user details facet has been modified to load the user data,
password policy and Kerberos ticket policy in a single batch
command.
Ticket #703
|
|
|
|
|
|
|
|
| |
The user details page has been modified to show the password policy
and Kerberos ticket policy that apply to the user. The policies are
currently displayed as read-only.
Ticket #703
|
|
|
|
|
|
|
|
| |
The user search facet has been modified to show the account status.
The IPA.boolean_format has been converted into a class to allow
behavior customization.
Ticket #1996
|
|
|
|
|
|
| |
IPv6 parsing was incorrectly evaluating ':' as a valid IPv6 address.
https://fedorahosted.org/freeipa/ticket/1466
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1466
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1466
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current validation logic supports only validation based on metadata. It can be extended only by overriding field's validation method. This approach requires creating subclasses of field for each different format of desired value. It's inconvenient for cases like adding the same validation logic to two different subclasses of field.
This patch is adding support for creating custom validators.
Validator is an object which contains validation logic. Validation is executed in a validate(value, context) method. This method checks if the value is valid and returns a validation result. Validation result is a simple object which contains valid property and an error message if valid is false.
Field is extended by validators property. It can be set in spec object or later. It should contain instances of validators for the field. Validators are run in field's validation method.
This patch is a prerequisite for:
https://fedorahosted.org/freeipa/ticket/1466
|
|
|
|
|
|
|
|
|
|
| |
The JSON server has been modified to return the version number
in all responses. The UI has been modified to keep the version
obtained during env operation and check the version returned
in subsequent operations. If the version changes the UI will
reload itself.
Ticket #946
|
|
|
|
|
|
|
|
|
|
| |
The JSON server has been modified to return the principal name
in all responses. The UI has been modified to keep the principal
obtained during whoami operation and check the principal returned
in subsequent operations. If the principal changes the UI will
reload itself.
Ticket #1400
|
|
|
|
|
|
|
|
|
| |
Added support of parsing and validation of IPv4 and IPv6 addresses.
Class IP.address can also create reverse address from any valid IPv4 or IPv6 address.
This functionality is needed for tickets:
https://fedorahosted.org/freeipa/ticket/1466
https://fedorahosted.org/freeipa/ticket/1975
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPA.get_entity() has been modified to accept either entity name
or entity object. If it receives an entity object it will return
the object itself. Otherwise, it will resolve the name in the entity
registry.
The other_entity variables have been modified to store a reference
to the entity object instead of its name. The test cases have been
modified to use real entity objects instead of just the names.
Ticket #2042
|
|
|
|
|
|
| |
Fixed regression in labels introduced by refactoring #1515.
https://fedorahosted.org/freeipa/ticket/1515
|
|
|
|
|
|
|
|
| |
Columns can have width set or not. Without setting the width it was computed based on tbody width and number of columns. This method is working well if no column has width set. The disadvantage of this approach is that all columns have the same width and so they are not reflecting their possible usage. Flag columns such as 'external' in rule association tables or various 'enable' flags in search facets can be narrower. If we set them fixed small width it will have different size because this width is not currently added to the computation.
This is fixing this problem so dynamic and fixed width can be combined and the columns have desired width.
https://fedorahosted.org/freeipa/ticket/2200
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem:
Rule association widget was displaying standard records with external records in one table. User couldn't distinguish the values. When clicking on the external record link it navigated to appropriate page for that entity. But for external value there is no record to show so it displayed error.
Solution:
* For tables with possible external values a 'external' column was added. It displays "True" if the value is external and nothing if not. Displaying nothing is intentional. If user sees some text in external column he imidiately knows that the record is external without even reading the "True" text.
* Rows with external values don't have a link for navigating to record page. This prevents showing the error as no record exists.
Additional changes:
* Association table widget was stripped of get_records method. Loading records isn't its resposibility it's a resposibility of field.
* Column was extended by possible suppressing of link creation. It's done by optional suppress_link argument in setup method.
* To allow setting suppress_link attribute in inherited tables a new overridable method was created - setup_column.
Posible future improvements:
* Table is using dynamic setting of width for columns. Each column has the same width. For flag columns such as 'external' the width of the column is too big. It would be better to be able to set smaller fixed width and the rest of the columns width (without the width set) would be computed (to fit the table).
* When a table has displayed buttons in its last column header the cells in column header have different vertical alignmnent. It should be united.
https://fedorahosted.org/freeipa/ticket/1993
|
|
|
|
|
|
| |
It's a fix for regression introduced by widget refactoring #2040.
https://fedorahosted.org/freeipa/ticket/2040
|
|
|
|
|
|
| |
Facet tabs are now colored according to their group.
https://fedorahosted.org/freeipa/ticket/1976
|
|
|
|
|
|
|
|
| |
This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.
Checkingi and working with the actual rights would require significantly bigger effort.
https://fedorahosted.org/freeipa/ticket/1972
|
|
|
|
|
|
|
| |
A recent CSS change inadvertently changes position of the combobox
search icon. This has been fixed now.
Ticket #388
|
|
|
|
|
|
|
| |
A recent CSS change inadvertently changes position of the combobox
icon. This has been fixed now.
Ticket #388
|
|
|
|
|
|
| |
The name of the Unmatched checkbox in HBAC Test has been corrected.
Ticket #388
|
|
|
|
|
|
|
|
|
| |
Facets in ACI have new order:
* Roles: members, privileges, settings
* Privileges: permissions, settings, roles
* Permissions: settings, privileges
https://fedorahosted.org/freeipa/ticket/2104
|
|
|
|
|
|
|
|
| |
- facet group headers, error dialog, non-scrollable tables, can manage long names
Size calculation of scrollable and non-scrollable tables was united. Now these types of tables differ only by style.
https://fedorahosted.org/freeipa/ticket/1821
|
|
|
|
|
|
|
|
| |
The DNS records list page was not loaded correctly due to a recent
change in HBAC Test. The page has been updated to use the load_all()
to show all records in the zone.
Ticket #388
|