| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
action buttons associated with batch actions were enabled by default, but
they were disabled right after facet creation and a load of data. It caused
a visual flicker.
UX is enhanced by making them disabled by default.
|
|
|
|
|
|
| |
- save one click by opening edit dialog right after adding new row
- add margin between fingerprint and "show/edit" button
- fix honoring of writable/read-only flags upon row creation
|
|
|
|
|
|
|
|
|
| |
- category radio line has line-height large enough to contain
undo button -> content doesn't move several pixels on change
- remove vertical padding from btns in table headers to maintain
about the same height
- remove invisible border from link buttons to have the same height
for disabled and enabled button
|
| |
|
|
|
|
|
|
|
| |
After login, CI checks if password needs a reset by checking if
reset password fields are displayed. This check failed since
login facet was removed from DOM after successful auth. Weakening
the selector fixes it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Add 'Add OTP Token' action to user action menu.
This option is disabled in self-service when viewing other users.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Tooltips were added to "User authentication types" and "Default user
objectclasses" to describe their relationship and a meaning of
not-setting a value.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Disable automatic re-execution of command after pending authentication.
It's possible to enable it again globally by
'freeipa/config':`rpc_retry_auth`.
https://fedorahosted.org/freeipa/ticket/4374
|
|
|
|
|
|
|
|
|
|
| |
The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to
pass the validation tests, however, they are not implemented nor
checked by the 389 server plugin.
https://fedorahosted.org/freeipa/ticket/4323
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reset_password.html now redirects browser to URL specified in 'redirect'
uri component (if present).
The component has to be URI encoded. ie (in browser console):
$ encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging')
-->
"http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging"
-->
https://my.freeipa.server/ipa/ui/reset_password.html?redirect=http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging
https://fedorahosted.org/freeipa/ticket/4440
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
Buttons in hbactest check for 'action-button-disabled' but it's never set.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Detach/attach facet nodes when switching facets instead of
hiding/showing.
Keeps dom-tree more simple.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Fixed:
1. IE doesn't support value 'initial' in CSS rule.
2. setting innerHTML='' also destroys content of child nodes in
LoginScreen in IE -> reattached buttons have no text.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
Items nested in other items were created in root list instead of nested list.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Reproduction:
* add 'extensibleObject' object class to target object
https://fedorahosted.org/freeipa/ticket/4380
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Returning non-unicode causes serialization into base64 which causes havoc
in Web UI.
https://fedorahosted.org/freeipa/ticket/4454
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents the reuse of TOTP tokens by recording the last token
interval that was used. This will be replicated as normal. However,
this patch does not increase the number of writes to the database
in the standard authentication case. This is because it also
eliminates an unnecessary write during authentication. Hence, this
patch should be write-load neutral with the existing code.
Further performance enhancement is desired, but is outside the
scope of this patch.
https://fedorahosted.org/freeipa/ticket/4410
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Without nsslapd-allow-hashed-passwords being turned on, user password
migration fails.
https://fedorahosted.org/freeipa/ticket/4450
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.
https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
| |
Allow use of characters that no longer cause troubles. Check for
leading and trailing characters in case of 389 Direcory Manager password.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard
dependency.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
| |
LDAPRemoveReverseMember
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Record that pkicreate/pkispawn has been executed to allow cleanup even if the
installation did not finish correctly.
https://fedorahosted.org/freeipa/ticket/2796
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
| |
Previous versions of libkrb5 can't handle expired passwords
inside the FAST tunnel. This breaks the password change UI
in FreeIPA.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The preexisting code would execute two steps. First, it would perform a kinit.
If the kinit failed, it would attempt to bind using the same credentials to
determine if the password were expired. While this method is fairly ugly, it
mostly worked in the past.
However, with OTP this breaks. This is because the OTP code is consumed by
the kinit step. But because the password is expired, the kinit step fails.
When the bind is executed, the OTP token is already consumed, so bind fails.
This causes all password expirations to be reported as invalid credentials.
After discussion with MIT, the best way to handle this case with the standard
tools is to set LC_ALL=C and check the output from the command. This
eliminates the bind step altogether. The end result is that OTP works and
all password failures are more performant.
https://fedorahosted.org/freeipa/ticket/4412
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Nested options (MS-PAC and PAD) of service's PAC type should be
disabled if no value is supplied (default value is "Inherited
from server configuration"). That was not the case - regression.
This patch fixes it and along with it simplifies the update method
of option_widget_base to be more comprehensible.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
| |
User is not able to change Bind Rule Type if permission is already
member of a privilege. Let's disable it and don't confuse user.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Little regression - select widget could not handle empty or no array as an
input value.
It broke 'undo' operation in Permissions' 'Type' attribute while switching
between '' and some value.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Visible read-only fields are no longer displayed as disabled in
permission details facet.
https://fedorahosted.org/freeipa/ticket/4254
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The input-group class was added based on visibility of child elements.
This failed when it had to be determined *before* displaying the widget.
Now it's added if the buttons are not hidden by `display: none` CSS rule.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Separate update of read-only state from update of value.
It should be possible to switch from read-only UI to editable UI without
value change.
https://fedorahosted.org/freeipa/ticket/4254
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|