diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2014-05-21 10:07:19 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-06-11 13:54:20 +0200 |
| commit | 905d58a2a4bb88ed77552e37782eb274d5398ba0 (patch) | |
| tree | f4a7af202b1b7c3f769aadf5430bf3b04ca5fd6d | |
| parent | 4b2d20a1f95edd2982fbb1901287f2bb2194c9db (diff) | |
| download | freeipa-905d58a2a4bb88ed77552e37782eb274d5398ba0.tar.gz freeipa-905d58a2a4bb88ed77552e37782eb274d5398ba0.tar.xz freeipa-905d58a2a4bb88ed77552e37782eb274d5398ba0.zip | |
webui: handle back button when unauthenticated
using browser history when unauthenticated causes transition to
the original and/or preceding facets. But nothing works since
all commands fail due to expired credentials in session.
These changes make sure that user stays on login screen if he misses
valid session credentials while he wants to switch to facet which
requires authentication.
https://fedorahosted.org/freeipa/ticket/4353
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
| -rw-r--r-- | install/ui/src/freeipa/Application_controller.js | 10 | ||||
| -rw-r--r-- | install/ui/src/freeipa/facet.js | 48 | ||||
| -rw-r--r-- | install/ui/src/freeipa/facets/Facet.js | 9 | ||||
| -rw-r--r-- | install/ui/src/freeipa/plugins/load_page.js | 1 | ||||
| -rw-r--r-- | install/ui/src/freeipa/plugins/login.js | 3 | ||||
| -rw-r--r-- | install/ui/src/freeipa/rpc.js | 2 |
6 files changed, 52 insertions, 21 deletions
diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js index f38a60dc3..7296aa4ca 100644 --- a/install/ui/src/freeipa/Application_controller.js +++ b/install/ui/src/freeipa/Application_controller.js @@ -27,6 +27,7 @@ define([ 'dojo/topic', 'dojo/query', 'dojo/dom-class', + './auth', './json2', './widgets/App', './widgets/FacetContainer', @@ -36,7 +37,7 @@ define([ './navigation/Router', './navigation/menu_spec' ], - function(declare, lang, array, Deferred, on, topic, query, dom_class, + function(declare, lang, array, Deferred, on, topic, query, dom_class, auth, JSON, App_widget, FacetContainer, IPA, reg, Menu, Router, menu_spec) { /** @@ -297,6 +298,12 @@ define([ show_facet: function(facet) { + // prevent changing facet when authenticating + if (this.current_facet && this.current_facet.name === 'login' && + !auth.current.authenticated && facet.requires_auth) { + return; + } + // choose container var container = this.containers[facet.preferred_container]; if (!container) container = this.containers.main; @@ -455,7 +462,6 @@ define([ var login_facet = reg.facet.get('login'); on.once(login_facet, "logged_in", function() { - if (facet) { self.show_facet(facet); } diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js index 46d72e7be..419011627 100644 --- a/install/ui/src/freeipa/facet.js +++ b/install/ui/src/freeipa/facet.js @@ -220,6 +220,13 @@ exp.facet = IPA.facet = function(spec, no_init) { */ that._needs_update = spec.needs_update; + + /** + * Facet is shown + * @property {Boolean} + */ + that.is_shown = false; + /** * Marks facet as expired - needs update * @@ -291,6 +298,13 @@ exp.facet = IPA.facet = function(spec, no_init) { */ that.redirect_info = spec.redirect_info; + + /** + * Facet requires authenticated user + * @type {Boolean} + */ + that.requires_auth = spec.requires_auth !== undefined ? spec.requires_auth : true; + /** * Public state * @property {facet.FacetState} @@ -480,7 +494,7 @@ exp.facet = IPA.facet = function(spec, no_init) { that.old_state = state; // we don't have to reflect any changes if facet dom is not yet created - if (!that.dom_node) { + if (!that.dom_node || !that.is_shown) { if (needs_update) that.set_expired_flag(); return; } @@ -651,30 +665,29 @@ exp.facet = IPA.facet = function(spec, no_init) { */ that.show = function() { + if (that.is_shown) return; + that.is_shown = true; + that.entity.facet = that; // FIXME: remove if (!that.dom_node) { that.create(); + } - var state = that.state.clone(); - var needs_update = that.needs_update(state); - that.old_state = state; + var state = that.state.clone(); + var needs_update = that.needs_update(state); + that.old_state = state; - if (needs_update) { - that.clear(); - } + if (needs_update) { + that.clear(); + } - that.dom_node.addClass('active-facet'); - that.show_content(); - that.header.select_tab(); + that.dom_node.addClass('active-facet'); + that.show_content(); + that.header.select_tab(); - if (needs_update) { - that.refresh(); - } - } else { - that.dom_node.addClass('active-facet'); - that.show_content(); - that.header.select_tab(); + if (needs_update) { + that.refresh(); } }; @@ -714,6 +727,7 @@ exp.facet = IPA.facet = function(spec, no_init) { * Un-mark itself as active facet */ that.hide = function() { + that.is_shown = false; that.dom_node.removeClass('active-facet'); }; diff --git a/install/ui/src/freeipa/facets/Facet.js b/install/ui/src/freeipa/facets/Facet.js index fe2e6631e..e015329c9 100644 --- a/install/ui/src/freeipa/facets/Facet.js +++ b/install/ui/src/freeipa/facets/Facet.js @@ -113,6 +113,12 @@ define(['dojo/_base/declare', redirect_info: null, /** + * Facet requires authenticated user + * @type {Boolean} + */ + requires_auth: true, + + /** * Public state * @property {facet.FacetState} * @protected @@ -323,6 +329,9 @@ define(['dojo/_base/declare', this.container_node = spec.container_node; this.dom_node = spec.dom_node; this.redirect_info = spec.redirect_info; + if (spec.requires_auth !== undefined) { + this.requires_auth = spec.requires_auth; + } this.state = new mod_facet.FacetState(); on(this.state, 'set', lang.hitch(this, this.on_state_set)); } diff --git a/install/ui/src/freeipa/plugins/load_page.js b/install/ui/src/freeipa/plugins/load_page.js index eb8f22acd..7d8a466bb 100644 --- a/install/ui/src/freeipa/plugins/load_page.js +++ b/install/ui/src/freeipa/plugins/load_page.js @@ -40,6 +40,7 @@ define([ load.facet_spec = { name: 'load', preferred_container: 'simple', + requires_auth: false, 'class': 'login-pf-body', widgets: [ { diff --git a/install/ui/src/freeipa/plugins/login.js b/install/ui/src/freeipa/plugins/login.js index a659faaa9..cf9e5bea8 100644 --- a/install/ui/src/freeipa/plugins/login.js +++ b/install/ui/src/freeipa/plugins/login.js @@ -43,6 +43,7 @@ define(['dojo/_base/declare', login.facet_spec = { name: 'login', preferred_container: 'simple', + requires_auth: false, widgets: [ { $type: 'activity', @@ -60,7 +61,7 @@ define(['dojo/_base/declare', login.LoginFacet = declare([Facet], { can_leave: function() { - return auth.authenticated; + return auth.current.authenticated; }, init: function() { diff --git a/install/ui/src/freeipa/rpc.js b/install/ui/src/freeipa/rpc.js index 3ad7e8b1b..981b0c783 100644 --- a/install/ui/src/freeipa/rpc.js +++ b/install/ui/src/freeipa/rpc.js @@ -289,7 +289,7 @@ rpc.command = function(spec) { // With trusts, user from trusted domain can use his ticket but he // doesn't have rights for LDAP modify. It will throw internal error. // We should offer form base login. - if (xhr.status === 500 && auth.authenticated_by === 'kerberos' && + if (xhr.status === 500 && auth.current.authenticated_by === 'kerberos' && !IPA.ui.initialized) { error_handler_auth(xhr, text_status, error_thrown); return; |