| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certificates are passed through the IPA XML-RPC and JSON as binary
data in DER X509 format. Queries peformed against the LDAP server
also return binary DER X509 format. In all cases the binary DER
data is base-64 encoded.
PEM is standard text format for certificates. It also uses base64 to
encode the binary DER data, but had specific formatting
requirements. The base64 data must be wrapped inside PEM delimiters
and the base64 data must be line wrapped at 64 characters.
Most external software which accepts certificates as input will only
accept DER or PEM format (e.g. openssl & NSS). Although base64 is
closely related to PEM it is not PEM unless the PEM delimters are
present and the base64 data is line wrapped at 64 characters.
We already convert binary DER certificates which have been passed as
base64 in other parts of the IPA code. However this conversion has not
been available in the web UI. When the web UI presented certificates
it did so by filling a dialog box with a single line of base64 data. A
user could not copy this data and use it as input to openssl or NSS
for example.
We resolve this problem by introducing new javascript functions in
certificate.js. IPA.cert.pem_cert_format(text) will examine the text
input and if it's already in PEM format just return it unmodified,
otherwise it will line wrap the base64 data and add the PEM
delimiters. Thus it is safe to call on either a previously formated
PEM cert or a binary DER cert encoded as base64. This applies to
pem_csr_format() as well for CSR's.
Because pem_cert_format() is safe to call on either format the web UI
will see the use of the flag add_pem_delimiters was eliminated except
in the one case where the IPA.cert.download_dialog() was being abused
to display PKCS12 binary data (pkcs12 is neither a cert nor a cert
request). Because of the abuse of the cert.download_dialog() for
pkcs12 it was necessary to retain the flag which in effect said "do
not treat the data as PEM".
Modify the CSR (Certificate Signing Request) dialog box to accept a
PEM formatted CSR. Remove the artifical PEM delimiters above and below
the dialog box which were used to suggest the input needed to be sans
the delimiters. The dialog box continues to accept bare base64 thus
allowing either text format.
Also note this solves the display of certificate data in the UI
without touching anything existing code in the server or command line,
thus it's isolated.
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1531
It's a fix for regression introduced by previous patch.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1565
The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems.
Additional changes:
* fixed whitespaces in ipa.css
* unified headings in config pages
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1531
Each entity is created together with its dependent objects (e.g. facets and dialog boxes). This causes a circular dependency problem because some of the objects need to obtain a reference to another entity that has not been created.
Currently this is handled by storing only the other entity name and resolve it when needed (e.g. during rendering stage). In IPA.search_facet this delays the creation of the table widget, making it more difficult to customize.
One solution is to do the object creation in 2 steps:
* create all entity objects only
* create the dependent objects in each entity
Implemented solution:
* all entities are created on application start
* dependant objects (facets and dialogs) are created at once on their first use in entity.
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1987
There is no way to add root or any external user as a RunAs User for a Sudo
Rule.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the webui for the case wherea user is not admin but has a role. In
that case, the UI should show the full administrative tabset, but was
instead limited to the selfservice tabset.
The problem was rolegroup had been renamed to role but the UI hadn't
been updated to reflect this.
Addresses
https://bugzilla.redhat.com/show_bug.cgi?id=745957
https://fedorahosted.org/freeipa/ticket/1970
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1944
No editable fields exist for "maxfail", "failinterval" "lockouttime" and "priority" in password policy page.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1933
Web UI init method was modified to get initialization data in 3 calls.
First call remains the same as before except that the json_metadata command
was removed.
JSON metadata are requested after successful response of the first batch command.
This approach should preserve functionality in IE (where request is missing after
authentication). Getting JSON metadata is split to two commands - this should prevent
the error in linked ticket. These two commands are paralelly executed by new
concurent_command object.
Concurrent command waits for all responses then it calls each command's success
handler.
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1933
Modified data files for offline testing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1932
Description of problem:
Title is missing while configuring browser for the first time.
Actual results:
There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not.
Expected results:
Title "Identity Management" is always present.
Fixed:
* modified paths to images
* fixed padding in ssbrowser.html
* moved browser icons to ui folder
* deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed)
whitespaces
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When adding a non-posix group from the UI, unchecking the "Is this a POSIX group?:" box should disable the "GID:" field.
|
| |
|
|
|
|
|
|
| |
The radio buttons in association facet and radio widget are now
linked to their labels so that they can be selected by clicking
the labels.
Ticket #1782
|
| |
|
|
|
|
|
| |
The adder dialog has been modified to show a confirmation message
after each successful addition.
Ticket #1786
|
| |
|
|
|
|
|
| |
The Delete button for sudo options in sudo rule details page now
will only work if there is at least one row selected.
Ticket #1896
|
| |
|
|
|
|
|
| |
The hard-coded 'undo' and 'undo all' labels have been moved into
internal.py to allow translation.
Ticket #1897
|
| |
|
|
|
|
|
| |
The config default page has been fixed to provide a field for the
ipadefaultloginshell attribute.
Ticket #1895
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1454
The following widgets should call create_error_link() to create a space to show validation error messages:
IPA.checkbox_widget
IPA.checkboxes_widget
IPA.radio_widget
IPA.select_widget
IPA.table_widget
IPA.attributes_widget
IPA.rights_widget
IPA.target_section (it's a widget)
Solution:
* added call to checkbox, checkboxes, radio, select, table, attributes widget
* rights_widget inherits it from checkboxes_widget.
* target_section IS NOT a widget as it doesn't inherit from widget. It's still a section, which shows different widgets based on its state.
* table_widget displays error_link between pagination and summary.
Additional:
* added padding and unified font-weight for error message
|
| |
|
|
|
|
|
|
|
|
| |
A new IPA.dialog_button class has been added to encapsulate the
buttons in the dialog box so they can be managed more easily.
The adder dialog has been modified to disable the enroll button if
there is no entries selected.
Ticket #1856
|
| |
|
|
|
|
|
| |
The service type field in the service adder dialog has been modified
to use an editable combobox.
Ticket #1633.
|
| |
|
|
|
|
|
|
|
|
| |
The width of the 1st level tab has been modified to expand according
to the size of the tab label.
The width of the adder dialogs have been increased to allow longer
button labels.
Ticket #1825
|
| |
|
|
|
|
| |
The UI background has been replaced with new images from UXD.
Ticket #1842
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1883
It's a regression introduced by patch for #1797
Reproduce:
* show user group foo
* click on user groups tab
* click on enroll button
Result:
User group 'foo' is listed in available list.
Expected result:
User group 'foo' is not listed in available list.
|
| |
|
|
|
|
|
| |
The IPA.association_adder_dialog has been modified not to show
search results that are already selected to prevent duplicates.
Ticket #1859
|
| |
|
|
|
|
|
| |
The IPA.adder_dialog has been modified such that it shows the >>
arrow first then the << arrow.
Ticket #1858
|
| |
|
|
| |
Ticket #1783
|
| |
|
|
|
|
|
|
| |
The DNS zone details page has been modified to use radio buttons for
active zone and dynamic update fields, and text area for BIND update
policy field.
Ticket #1781, #1785
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1841
The column header for the attributes table (IPA.attributes_widget) does not cover the entire width of the table. This problem appears in the adder dialog and details page for permissions, self-service permissions, and delegations.
|
| |
|
|
|
|
|
|
| |
Some jQuery objects in various locations have been modified to use
text() to show values obtained from the server (except messages).
The text() will automatically encode special characters.
Ticket #1798
|
| |
|
|
|
|
|
|
|
|
|
| |
The IPA.combobox_widget has been modified such that if the drop-down
list doesn't contain the stored value (due to search limit) it will
not select anything from the list.
The widget has also been modified not to select the value that matches
the filter automatically because that might not be the user's intention.
Ticket #1819
|
| |
|
|
|
|
|
| |
Since the undo flag is now automatically set to false in dialogs,
it's no longer necessary to specify it in the field specs.
Ticket #1394
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPA.dialog has been modified to store sections instead of fields.
If there is no sections specified, it will create a default section.
The adder dialog for automount map has been modified such that the
fields related to indirect map are stored in a section which will
only be visible when the map type is set to indirect.
The adder dialog for host has been modified such that it uses a
custom section for hostname and DNS zone and standard section for
the other fields.
Ticket #1394
|
| |
|
|
|
|
|
|
|
|
| |
The IPA.association_adder_dialog has been modified to use an exclusion
list to hide entries that are already enrolled.
The IPA.adder_dialog has been modified to store the columns directly
in the available & selected tables.
Ticket #1797
|
| |
|
|
|
|
|
| |
The details facet for DNS zone has been modified to use dnszone-
enable/disable for idnszoneactive and dnszone-mod for other fields.
Ticket #1813
|
| |
|
|
|
|
|
| |
The host unprovisioning dialog has been modified to provide a cancel
button.
Ticket #1811
|
| |
|
|
|
|
|
| |
HBAC rule type has been removed from the list page and details page
because it is no longer supported in IPA 3.0.
Ticket #1795
|
| |
|
|
|
|
|
|
| |
The following list pages were modified to show these columns only:
* HBAC rules: name, type, enabled, description
* Sudo rules: name, enabled, description
Ticket #1796
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the adder dialog for groups the checkbox has been modified to use
the correct field name "nonposix" and be checked by default.
Note: This is a temporary fix to minimize the changes due to release
schedule. Eventually the field label will be changed into "Non-POSIX
group" and the checkbox will be unchecked by default, which is more
consistent with CLI.
Ticket #1799
|
| |
|
|
| |
Ticket #1806
|
| |
|
|
|
|
|
|
| |
The hidden fqdn field in the host adder dialog has been changed to
use a generic widget instead of text widget to avoid null pointer
error since the UI elements are never created.
Ticket #1788
|
| |
|
|
|
|
|
| |
The labels for the run-as users and groups tables in sudo rule details
page have been modified to improve the clarity.
Ticket #1752
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1788
Removed code duplication of undo links.
Simplified code of widget creation to be more readable.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The optional uid field in user's adder dialog did not appear when
the link is clicked to show the field. This is a regression introduced
in the patch for ticket #1648.
The click handler for the link field has been moved into a new closure
so that the variables point to the correct elements.
Note: the duplicate code in IPA.details_table_section.create() and
IPA.dialog.create() will be addressed separately in ticket #1394.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1640
On the HBAC Rules page, where the rules are listed, if no rule is selected, the "Delete" button is not enabled, and cannot be clicked on.
But edit a Rule, and Delete button is enabled in the available sections - regardless of, if an object is selected to be deleted or not, or even if there is no object to be selected to delete.
One can click on this button...but then - there is no message indicating that something should be selected for deletion for this button to do anything.
Notes:
* fixed association_table_widget and association_facet
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The adder dialog for the user and host tables in sudo rule details
page have been fixed to use --not-in-sudorules to avoid showing
entries that are already added into the rule either directly or
indirectly via groups.
This does not apply to the command and run-as tables because they
do not support such option.
Ticket #1768
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In order to maintain consistent layout between details page and dialog
boxes the IPA.details_list_section has been replaced with
IPA.details_table_section which is based on table.
The IPA.target_section and other subclasses of IPA.details_list_section
have been converted to use IPA.details_table_section as well.
The unit tests have been updated accordingly.
Ticket #1648
|
| |
|
|
|
| |
The unit test for IPA.entity_select_widget has been fixed to check
the options after loading the record.
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1767
Opening IPA Server/Entitlements causes: "Uncaught TypeError: Cannot call method 'addClass' of undefined" error - Details.js:489
Introduced by patch for #1697
Cause: Details facet of entitlements doesn't contain Reset and Update buttons
|
| |
|
|
|
|
| |
Fix "The the" and "classses" in FreeIPA code and messages.
https://fedorahosted.org/freeipa/ticket/1480
|
| |
|
|
|
|
|
| |
The IPA.combobox_widget has been temporarily fixed to support automation
using Sahi.
Ticket #1754
|
