freeipa.git/install/html/unauthorized.html, branch fix_ber_scanf FreeIPA patches Fix javascript 'errors' found by jslint 2018-09-27T14:33:25+00:00 Stanislav Levin slev@altlinux.org 2018-09-26T20:12:55+00:00 54765474167f70f6ac09c8a41dea7a242b34ff7e There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com> 
There are several JavaScript errors, which have come with PRs:
2362, 2371, 2372.

JavaScript code have to follow jsl requires.

Fixes: https://pagure.io/freeipa/issue/7717
Fixes: https://pagure.io/freeipa/issue/7718
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Fix loading 'freeipa/text' at production mode 2018-09-26T11:50:11+00:00 Stanislav Levin slev@altlinux.org 2018-09-24T17:52:37+00:00 f658a3d107e0c1cb6a316b9e99e75027591b22f9 As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com> 
As for now 'ssbrowser.html' and 'unauthorized.html' pages are
loaded without JS error at development mode only.

There is no standalone 'freeipa/text' module as source at
production mode. Thus 'core' one have to be loaded first and
then 'text'.

Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Fix translation of "unauthorized.html" Web page 2018-09-12T08:44:37+00:00 Stanislav Levin slev@altlinux.org 2018-07-12T19:05:39+00:00 6f386f2e241294497db18284a1321335afa77a63 Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com> 
Make this page message translatable as other parts of IPA framework.

Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
browser config: cleanup after removal of Firefox extension 2017-09-21T08:27:14+00:00 Petr Vobornik pvoborni@redhat.com 2017-09-01T19:50:44+00:00 b0184d10aba3bd0302b4ef7bdcecb513ae00c54d Firefox extension which served for configuring Kerberos auth in Firefox until version which banned self-signed extensions was removed in commit 6c53765ac1746ea3cb82554775a37fe43af062e8. Given that configure.jar, even older Firefox config tool, was removed sometime before that, there is no use for signtool tool. It is good because it is removed from Fedora 27 anyway. So removing last unused function which calls it. The removal of FF extension was not exactly clean so removing also browserconfig.html which only purpose was to use the extension. Therefore also related JS files are removed. This removal requires unauthorized.html to be updated so that it doesn't point to non-existing page. And given that it now points only to single config page, we can change link in UI login page to this page (ssbrowser.html). While at it, improving buttons in ssbrowser.html. Btw, commit 6c53765ac1746ea3cb82554775a37fe43af062e8 removed also generation of krb.js. It had one perk - with that info ssbrowser.html could display real Kerberos domain instead of only 'example.com'. I don't have time to revert this change so removing traces of krb.js as well. https://pagure.io/freeipa/issue/7135 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> 
Firefox extension which served for configuring Kerberos auth in Firefox
until version which banned self-signed extensions was removed in commit
6c53765ac1746ea3cb82554775a37fe43af062e8.

Given that configure.jar, even older Firefox config tool, was removed
sometime before that, there is no use for signtool tool. It is good
because it is removed from Fedora 27 anyway. So removing last unused
function which calls it.

The removal of FF extension was not exactly clean so removing also
browserconfig.html which only purpose was to use the extension. Therefore
also related JS files are removed. This removal requires unauthorized.html
to be updated so that it doesn't point to non-existing page. And given that
it now points only to single config page, we can change link in UI login page
to this page (ssbrowser.html). While at it, improving buttons in ssbrowser.html.

Btw, commit 6c53765ac1746ea3cb82554775a37fe43af062e8 removed also generation of
krb.js. It had one perk - with that info ssbrowser.html could display real
Kerberos domain instead of only 'example.com'.  I don't have time to revert this
change so removing traces of krb.js as well.

https://pagure.io/freeipa/issue/7135

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
webui: apply PatternFly theme on config pages 2014-06-10T08:23:21+00:00 Petr Vobornik pvoborni@redhat.com 2014-03-31T12:03:28+00:00 1829fa2c1571428cb4318443387dde1707fc9641 https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4278

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Load updated Web UI files after server upgrade 2013-10-16T16:06:30+00:00 Petr Vobornik pvoborni@redhat.com 2013-08-29T13:19:02+00:00 b4fc6f4ba880c210cf1a439036db4695cc74c5ae Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798 
Issue:
* There was no caching policy specified.
* -> Browsers use their own default policy.
* -> After upgrade, some Web UI files might have been actualized some not.
* -> With schema change may result into weird bugs in Web UI

Solution considerations:

1. Detect server version change and hard-reload at runtime
Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it.

2. Application Cache
HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files).

Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail.

3. Set Expires to now() for everything
Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed.

Solution:
* Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded.
* The loader adds a version parameter (?v=__NUM_VERSION__) to all requests.
* Version is defined in the loader. It's set to current in `make version-update`.
* All static pages use this loader to fetch their resources.
* Version is also passed to dojo loader as cache-bust for the same effect.
* Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration).

Possible issues:
* Images are cached but not requested with version param.
  * Images with version and without are considered different
  * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS.
  * Proposed solution is to change image name when changing image. Image change is done rarely.
* Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins.
  * No action taken to address this issue yet.
  * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/)
  * or set expires to now for all plugins
* running `make version-update` is required in order to use static version of UI for testing

https://fedorahosted.org/freeipa/ticket/3798
Move of Web UI non AMD dep. libs to libs subdirectory 2013-01-18T14:10:36+00:00 Petr Vobornik pvoborni@redhat.com 2012-11-09T16:13:28+00:00 8f8e790d9468245c031320d6a506a420f486638f Third party JS libraries which are not AMD modules were moved to src/libs/ directory. Links in html files were changed accordingly. https://fedorahosted.org/freeipa/ticket/112 
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.

https://fedorahosted.org/freeipa/ticket/112
Configuration pages changed to use new FF extension 2012-10-04T22:08:26+00:00 Petr Vobornik pvoborni@redhat.com 2012-10-01T15:36:42+00:00 696fce5c8d4e480c6a731686c8952a4e7ace575f browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1]. Old configuration method was moved to ssbrowser.html. Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config. The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps. Ticket: https://fedorahosted.org/freeipa/ticket/3094 [1] https://fedorahosted.org/freeipa/ticket/823 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383 
browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1].

Old configuration method was moved to ssbrowser.html.

Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config.

The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps.

Ticket: https://fedorahosted.org/freeipa/ticket/3094

[1] https://fedorahosted.org/freeipa/ticket/823
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
Fixed inconsistent image names. 2011-10-27T14:05:12+00:00 Endi S. Dewata edewata@redhat.com 2011-10-26T21:06:17+00:00 52981883aba2a2ce7a0152c50ad94201f327f411 The images have been renamed to be more consistent and moved into the "images" directory to mimic the original jQuery UI structure. Ticket #1613 
The images have been renamed to be more consistent and moved into
the "images" directory to mimic the original jQuery UI structure.

Ticket #1613
Fixed: Duplicate CSS definitions 2011-10-19T12:44:44+00:00 Petr Vobornik pvoborni@redhat.com 2011-10-11T07:42:35+00:00 1dda03120e5873d231072468c5637c4718656ed3 https://fedorahosted.org/freeipa/ticket/1565 The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems. Additional changes: * fixed whitespaces in ipa.css * unified headings in config pages 
https://fedorahosted.org/freeipa/ticket/1565

The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems.

Additional changes:
* fixed whitespaces in ipa.css
* unified headings in config pages