From be144da672e0634f7aaeff69d662cbc4d11aff0f Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Thu, 9 Aug 2012 14:16:58 +0200
Subject: Handle case when trusted domain user access the Web UI

WebUI catches the fact that the user can't access LDAP server with a current ticket. It shows form-based auth login dialog. Previoustly an ugly error was returned on an almost empty page, and user had no recourse.

https://fedorahosted.org/freeipa/ticket/2897
---
 install/ui/ipa.js | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'install')

diff --git a/install/ui/ipa.js b/install/ui/ipa.js
index 92cd1dfd3..0c13e5e43 100644
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@@ -55,6 +55,8 @@ var IPA = function() {
 
     that.network_call_count = 0;
 
+    that.ui = {};
+
     /* initialize the IPA JSON-RPC helper */
     that.init = function(params) {
 
@@ -190,7 +192,10 @@ var IPA = function() {
                 objects,
                 commands
             ],
-            on_success: params.on_success,
+            on_success: function(data, text_status, xhr) {
+                IPA.ui.initialized = true;
+                params.on_success.call(this, data, text_status, xhr);
+            },
             on_error: params.on_error
         });
 
@@ -308,10 +313,12 @@ IPA.get_credentials = function() {
 
     function error_handler(xhr, text_status, error_thrown) {
         status = xhr.status;
+        IPA.ui.logged_kerberos = false;
     }
 
     function success_handler(data, text_status, xhr) {
         status = xhr.status;
+        IPA.ui.logged_kerberos = true;
     }
 
     var request = {
@@ -379,6 +386,7 @@ IPA.login_password = function(username, password) {
 
     function success_handler(data, text_status, xhr) {
         result = 'success';
+        IPA.ui.logged_password = true;
     }
 
     function error_handler(xhr, text_status, error_thrown) {
@@ -392,6 +400,8 @@ IPA.login_password = function(username, password) {
                 result = 'expired';
             }
         }
+
+        IPA.ui.logged_password = false;
     }
 
     var data = {
@@ -730,6 +740,16 @@ IPA.command = function(spec) {
                 error_thrown.message = error_msg;
             }
 
+            // global specical cases error handlers section
+
+            // With trusts, user from trusted domain can use his ticket but he
+            // doesn't have rights for LDAP modify. It will throw internal errror.
+            // We should offer form base login.
+            if (xhr.status === 500 && IPA.ui.logged_kerberos && !IPA.ui.initialized) {
+                auth_dialog_open(xhr, text_status, error_thrown);
+                return;
+            }
+
             if (that.retry) {
                 dialog_open.call(this, xhr, text_status, error_thrown);
 
-- 
cgit