From 696fce5c8d4e480c6a731686c8952a4e7ace575f Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Mon, 1 Oct 2012 17:36:42 +0200 Subject: Configuration pages changed to use new FF extension browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1]. Old configuration method was moved to ssbrowser.html. Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config. The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps. Ticket: https://fedorahosted.org/freeipa/ticket/3094 [1] https://fedorahosted.org/freeipa/ticket/823 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383 --- freeipa.spec.in | 8 ++ install/html/Makefile.am | 2 + install/html/browserconfig.html | 84 +++++++++++++++++---- install/html/ffconfig.js | 116 +++++++++++++++++++++++++++++ install/html/ffconfig_page.js | 148 +++++++++++++++++++++++++++++++++++++ install/html/ipa_error.css | 6 ++ install/html/jsl.conf | 131 ++++++++++++++++++++++++++++++++ install/html/ssbrowser.html | 27 ++++++- install/html/unauthorized.html | 31 ++------ install/ui/ipa.css | 37 +++++++++- install/ui/ipa.js | 4 +- install/ui/test/data/ipa_init.json | 2 +- ipalib/plugins/internal.py | 2 +- 13 files changed, 550 insertions(+), 48 deletions(-) create mode 100644 install/html/ffconfig.js create mode 100644 install/html/ffconfig_page.js create mode 100644 install/html/jsl.conf diff --git a/freeipa.spec.in b/freeipa.spec.in index 136eea0d2..7c8314a04 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -398,6 +398,10 @@ mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade mkdir %{buildroot}%{_usr}/share/ipa/html/ +ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig.js \ + %{buildroot}%{_usr}/share/ipa/html/ffconfig.js +ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig_page.js \ + %{buildroot}%{_usr}/share/ipa/html/ffconfig_page.js ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \ %{buildroot}%{_usr}/share/ipa/html/ssbrowser.html ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \ @@ -625,6 +629,8 @@ fi %dir %{_usr}/share/ipa/ffextension/locale/en-US %{_usr}/share/ipa/ffextension/locale/en-US/kerberosauth.properties %dir %{_usr}/share/ipa/html +%{_usr}/share/ipa/html/ffconfig.js +%{_usr}/share/ipa/html/ffconfig_page.js %{_usr}/share/ipa/html/ssbrowser.html %{_usr}/share/ipa/html/browserconfig.html %{_usr}/share/ipa/html/unauthorized.html @@ -653,6 +659,8 @@ fi %{_usr}/share/ipa/ui/images/*.gif %dir %{_sysconfdir}/ipa %dir %{_sysconfdir}/ipa/html +%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js +%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js %config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html %config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html diff --git a/install/html/Makefile.am b/install/html/Makefile.am index 46e8683c8..0377ce755 100644 --- a/install/html/Makefile.am +++ b/install/html/Makefile.am @@ -2,6 +2,8 @@ NULL = appdir = $(IPA_SYSCONF_DIR)/html app_DATA = \ + ffconfig.js \ + ffconfig_page.js \ ssbrowser.html \ browserconfig.html \ unauthorized.html \ diff --git a/install/html/browserconfig.html b/install/html/browserconfig.html index aa978f040..046a82490 100644 --- a/install/html/browserconfig.html +++ b/install/html/browserconfig.html @@ -4,19 +4,15 @@ IPA: Identity Policy Audit - - + + + + + @@ -27,11 +23,71 @@ - diff --git a/install/html/ffconfig.js b/install/html/ffconfig.js new file mode 100644 index 000000000..3c9f34c77 --- /dev/null +++ b/install/html/ffconfig.js @@ -0,0 +1,116 @@ +/* Authors: + * Petr Vobornik + * + * Copyright (C) 2012 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +var IPA = IPA || {}; + +IPA.browser_config = { + + configure_firefox: function(domain) { + + var self = this; + + domain = domain || self.get_domain(); + + self.send_message({ + method: 'configure', + predefined: 'ipa', + trusted_uris: domain + }); + }, + + + get_configure_result: function() { + + var self = this; + + var el = self.get_data_element(); + + var answer = el.getAttribute('answer'); + + return answer; + }, + + get_domain: function() { + return "."+IPA_DOMAIN; + }, + + send_message: function(options) { + + options = options || {}; + + var self = this; + + self.clear_data_element(); + var opt_element = self.get_data_element(); + + for (var opt in options) { + opt_element.setAttribute(opt, options[opt]); + } + + var msg_evt = document.createEvent('HTMLEvents'); + msg_evt.initEvent('kerberos-auth-config', true, false); + opt_element.dispatchEvent(msg_evt); + }, + + get_data_element: function() { + + var els = document.getElementsByTagName('kerberosauthdataelement'); + var element; + + if (els.length === 0) { + element = document.createElement('kerberosauthdataelement'); + document.documentElement.appendChild(element); + } else { + element = els[0]; + } + + return element; + }, + + clear_data_element: function() { + + var self = this; + + var el = self.get_data_element(); + var to_remove = []; + + for (var i=0; i + * + * Copyright (C) 2012 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + + $(document).ready(function() { + + var set_enabled = function(steps, enabled) { + + var method; + + if (enabled) method = function(el) { el.removeClass('ui-state-disabled'); }; + else method = function(el) { el.addClass('ui-state-disabled'); }; + + for (var i=0; i b_num) return 1; + else if (a_num < b_num) return -1; + } + + if (a_parts.length !== b_parts.length) { + return a_parts.length > b_parts.length ? 1 : -1; + } + + return 0; + }; + + $('#install-link').click(install); + $('#reinstall-link').click(install); + $('#configure-link').click(configure); + + $('#notfirefox-link').button(); + $('#ca-link').button(); + $('#oldfirefox-link').button(); + $('#reinstall-link').button(); + $('#install-link').button(); + $('#configure-link').button(); + $('#return-link').button(); + + check_version(); + show_installed(IPA.browser_config.extension_installed()); +}); \ No newline at end of file diff --git a/install/html/ipa_error.css b/install/html/ipa_error.css index 60ad729e0..6cf70d885 100644 --- a/install/html/ipa_error.css +++ b/install/html/ipa_error.css @@ -18,6 +18,12 @@ margin-top: -3em; } + +.ssbrowser h3 { + font-size: 1.1em; + margin-bottom: 1em; +} + /* Browser configuration */ object.browser-config { diff --git a/install/html/jsl.conf b/install/html/jsl.conf new file mode 100644 index 000000000..b9a8a9780 --- /dev/null +++ b/install/html/jsl.conf @@ -0,0 +1,131 @@ +# +# Configuration File for JavaScript Lint 0.3.0 +# Developed by Matthias Miller (http://www.JavaScriptLint.com) +# +# This configuration file can be used to lint a collection of scripts, or to enable +# or disable warnings for scripts that are linted via the command line. +# + +### Warnings +# Enable or disable warnings based on requirements. +# Use "+WarningName" to display or "-WarningName" to suppress. +# ++no_return_value # function {0} does not always return a value ++duplicate_formal # duplicate formal argument {0} ++equal_as_assign # test for equality (==) mistyped as assignment (=)?{0} ++var_hides_arg # variable {0} hides argument ++redeclared_var # redeclaration of {0} {1} ++anon_no_return_value # anonymous function does not always return a value ++missing_semicolon # missing semicolon ++meaningless_block # meaningless block; curly braces have no impact ++comma_separated_stmts # multiple statements separated by commas (use semicolons?) ++unreachable_code # unreachable code ++missing_break # missing break statement ++missing_break_for_last_case # missing break statement for last case in switch ++comparison_type_conv # comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) ++inc_dec_within_stmt # increment (++) and decrement (--) operators used as part of greater statement ++useless_void # use of the void type may be unnecessary (void is always undefined) ++multiple_plus_minus # unknown order of operations for successive plus (e.g. x+++y) or minus (e.g. x---y) signs ++use_of_label # use of label +-block_without_braces # block statement without curly braces ++leading_decimal_point # leading decimal point may indicate a number or an object member ++trailing_decimal_point # trailing decimal point may indicate a number or an object member ++octal_number # leading zeros make an octal number ++nested_comment # nested comment ++misplaced_regex # regular expressions should be preceded by a left parenthesis, assignment, colon, or comma ++ambiguous_newline # unexpected end of line; it is ambiguous whether these lines are part of the same statement ++empty_statement # empty statement or extra semicolon +-missing_option_explicit # the "option explicit" control comment is missing ++partial_option_explicit # the "option explicit" control comment, if used, must be in the first script tag ++dup_option_explicit # duplicate "option explicit" control comment ++useless_assign # useless assignment ++ambiguous_nested_stmt # block statements containing block statements should use curly braces to resolve ambiguity ++ambiguous_else_stmt # the else statement could be matched with one of multiple if statements (use curly braces to indicate intent) ++missing_default_case # missing default case in switch statement ++duplicate_case_in_switch # duplicate case in switch statements ++default_not_at_end # the default case is not at the end of the switch statement ++legacy_cc_not_understood # couldn't understand control comment using /*@keyword@*/ syntax ++jsl_cc_not_understood # couldn't understand control comment using /*jsl:keyword*/ syntax ++useless_comparison # useless comparison; comparing identical expressions ++with_statement # with statement hides undeclared variables; use temporary variable instead ++trailing_comma_in_array # extra comma is not recommended in array initializers ++assign_to_function_call # assignment to a function call ++parseint_missing_radix # parseInt missing radix parameter + + +### Output format +# Customize the format of the error message. +# __FILE__ indicates current file path +# __FILENAME__ indicates current file name +# __LINE__ indicates current line +# __ERROR__ indicates error message +# +# Visual Studio syntax (default): ++output-format __FILE__(__LINE__): __ERROR__ +# Alternative syntax: +#+output-format __FILE__:__LINE__: __ERROR__ + + +### Context +# Show the in-line position of the error. +# Use "+context" to display or "-context" to suppress. +# ++context + + +### Semicolons +# By default, assignments of an anonymous function to a variable or +# property (such as a function prototype) must be followed by a semicolon. +# ++lambda_assign_requires_semicolon + + +### Control Comments +# Both JavaScript Lint and the JScript interpreter confuse each other with the syntax for +# the /*@keyword@*/ control comments and JScript conditional comments. (The latter is +# enabled in JScript with @cc_on@). The /*jsl:keyword*/ syntax is preferred for this reason, +# although legacy control comments are enabled by default for backward compatibility. +# ++legacy_control_comments + + +### JScript Function Extensions +# JScript allows member functions to be defined like this: +# function MyObj() { /*constructor*/ } +# function MyObj.prototype.go() { /*member function*/ } +# +# It also allows events to be attached like this: +# function window::onload() { /*init page*/ } +# +# This is a Microsoft-only JavaScript extension. Enable this setting to allow them. +# +-jscript_function_extensions + + +### Defining identifiers +# By default, "option explicit" is enabled on a per-file basis. +# To enable this for all files, use "+always_use_option_explicit" +#-always_use_option_explicit ++always_use_option_explicit + +# Define certain identifiers of which the lint is not aware. +# (Use this in conjunction with the "undeclared identifier" warning.) +# +# Common uses for webpages might be: ++define window ++define document ++define alert ++define $ ++define jQuery ++define IPA_DOMAIN ++define IPA_REALM ++define IPA + +### Files +# Specify which files to lint +# Use "+recurse" to enable recursion (disabled by default). +# To add a set of files, use "+process FileName", "+process Folder\Path\*.js", +# or "+process Folder\Path\*.htm". +# ++process ffconfig.js ++process ffconfig_page.js \ No newline at end of file diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html index f77402aa3..285b1d123 100644 --- a/install/html/ssbrowser.html +++ b/install/html/ssbrowser.html @@ -4,10 +4,22 @@ IPA: Identity Policy Audit - + + + + @@ -50,13 +62,20 @@
  • 1. In the address bar of Firefox, type about:config to display the list of current configuration options.
  • 2. In the Filter field, type negotiate to restrict the list of options.
  • 3. Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.
    • -
  • 4. Enter the name of the domain against which you want to authenticate, for example, .example.com.
    • -
  • 5. Repeat the above procedure for the network.negotiate-auth.delegation-uris entry, using the same domain.
    • +
  • 4. Enter the name of the domain against which you want to authenticate, for example, .example.com.
    • +
  • 5. Optional: Repeat the above procedure for the network.negotiate-auth.delegation-uris entry, using the same domain.

  • You are all set.
- +

Automatic Configuration of older versions

+

You can configure older versions of Firefox (up to version 14) using signed code. Use Firefox configuration page for newer versions.

+
    +
  • 1. Import CA certificate. Make sure you checked all three checkboxes.
    • +
  • 2. Click on "Configure Browser" button below.
    • + +
diff --git a/install/html/unauthorized.html b/install/html/unauthorized.html index 00d795077..5bff2d28b 100644 --- a/install/html/unauthorized.html +++ b/install/html/unauthorized.html @@ -9,16 +9,6 @@ - - @@ -32,24 +22,19 @@

Unable to verify your Kerberos credentials

- Please make sure that you have valid Kerberos tickets (obtainable via kinit), + Please make sure that you have valid Kerberos tickets (obtainable via kinit), and that you have configured your browser correctly.

-
- If this is your first time: - -
+

Browser configuration

-
diff --git a/install/ui/ipa.css b/install/ui/ipa.css index c8a220e78..bc971dce4 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -4,6 +4,7 @@ * Adam Young * Endi Sukma Dewata * Kyle Baker +* Petr Vobornik * * Copyright (C) 2010 Red Hat */ @@ -846,7 +847,6 @@ ul#viewtype li a { h1 { font-family: "Overpass Bold","Liberation Sans", Arial, sans-serif; font-size: 1.5em; - font-weight: normal; color: #555555; text-transform: uppercase; text-shadow: 1px 1px 0 #FFFFFF; @@ -856,7 +856,6 @@ h1 { h2 { font-family: "Overpass Bold","Liberation Sans", Arial, sans-serif; font-size: 1.5em; - font-weight: normal; color: #333333; text-transform: uppercase; margin-left: 1em; @@ -1351,9 +1350,23 @@ body.info-page { background: url(images/static-background.png) repeat-x scroll left top #EDEDED; } +.info-page p { + margin: 0.5em 0em 1em 0em; +} + +.info-page h1, .info-page h2, .info-page h3 { + font-family: "Overpass", "Liberation Sans", Arial, sans-serif; + margin-left: 0px; + font-weight: normal; + color: #555555; +} + .info-page h1 { - color: #333333; - margin-bottom: 1.5em; + font-size: 2em; +} + +.info-page h2 { + margin-top: 2em; } .info-page .container_1 { @@ -1398,6 +1411,22 @@ body.info-page { margin-right: 0px; } +/* Browser config page */ + + +.info-page .browser-config h1, +.info-page .browser-config h2, +.info-page .browser-config h3, +.info-page .browser-config.textblockkrb { + text-align: center; +} + +.browser-config h2 { + margin-left: 0em; + margin-top: 2em; + +} + /* ---- HBAC Test ---- */ .hbac-test-header { diff --git a/install/ui/ipa.js b/install/ui/ipa.js index bd25aeae2..45195bc49 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -1670,9 +1670,11 @@ IPA.unauthorized_dialog = function(spec) { that.krb_auth_msg = spec.krb_auth_msg || IPA.get_message('login.krb_auth_msg', " To login with Kerberos, please make sure you" + " have valid tickets (obtainable via kinit) and " + - "configured" + + "configured" + " the browser correctly, then click Login. "); + that.krb_auth_msg = that.krb_auth_msg.replace('${host}', window.location.hostname); + that.form_auth_failed = "

Please re-enter your username or password

" + "

The password or username you entered is incorrect. " + "Please try again (make sure your caps lock is off).

" + diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 0d94d9b02..8a1c9a1b1 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -134,7 +134,7 @@ "login": { "form_auth": "To login with username and password, enter them in the fields below then click Login.", "header": "Logged In As", - "krb_auth_msg": "To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured the browser correctly, then click Login.", + "krb_auth_msg": "To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured the browser correctly, then click Login.", "login": "Login", "logout": "Logout", "logout_error": "Logout error", diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index 4dc409cd3..1e21e8116 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -269,7 +269,7 @@ class i18n_messages(Command): "login": { "form_auth": _("To login with username and password, enter them in the fields below then click Login."), "header": _("Logged In As"), - "krb_auth_msg": _("To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured the browser correctly, then click Login."), + "krb_auth_msg": _("To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and configured the browser correctly, then click Login."), "login": _("Login"), "logout": _("Logout"), "logout_error": _("Logout error"), -- cgit