From 90baf597ddfb6c435dc5e78d6917a28736abb8cf Mon Sep 17 00:00:00 2001 From: Adam Young Date: Fri, 5 Nov 2010 19:48:42 -0400 Subject: Ticket Expiration THis patch handles Kerberos ticket expiration in the UI. Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app Conflicts: install/static/ipa.js --- install/conf/ipa.conf | 11 +---------- install/static/ipa.js | 22 ++++++++++++++++++++-- ipalib/plugins/internal.py | 9 ++++++++- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 91e8373c4..bcf31cee3 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -89,20 +89,11 @@ Alias /ipa/ui "/usr/share/ipa/static" SetHandler None AllowOverride None + Satisfy Any Allow from all -# WebUI assets -Alias /ipa-assets/ "/var/cache/ipa/assets/" - - Allow from all - AllowOverride None - Options FollowSymLinks - ExpiresActive On - ExpiresDefault A31536000 - - # Protect our CGIs diff --git a/install/static/ipa.js b/install/static/ipa.js index be8e3b6ad..2cf858f89 100644 --- a/install/static/ipa.js +++ b/install/static/ipa.js @@ -23,7 +23,6 @@ /*Forward defined due to circular dependency with IPA.*/ var ipa_cmd; -var IPA_DEFAULT_JSON_URL = '/ipa/json'; var IPA = ( function () { var that = { @@ -119,6 +118,7 @@ var IPA = ( function () { * objname - name of an IPA object (optional) */ function ipa_cmd(name, args, options, win_callback, fail_callback, objname) { + var default_json_url = '/ipa/json'; function dialog_open(xhr, text_status, error_thrown) { var that = this; @@ -150,6 +150,24 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname) } function error_handler(xhr, text_status, error_thrown) { + if (!error_thrown){ + error_thrown = {name:'unknown'} + } + + if (xhr.status === 401){ + error_thrown.name = 'Kerberos ticket no longer valid.'; + if (IPA.messages && IPA.messages.ajax){ + error_thrown.message = IPA.messages.ajax["401"]; + }else{ + error_thrown.message = + "Your kerberos ticket no longer valid."+ + "Please run KInit and then click 'retry'"+ + "If this is your first time running the IPA Web UI"+ + " "+ + "Follow these directions to configure your browser." + } + } + error_thrown.title = 'AJAX Error: '+error_thrown.name; ajax_error_handler.call(this, xhr, text_status, error_thrown); } @@ -206,7 +224,7 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname) var url = IPA.json_url; if (!url){ - url = IPA_DEFAULT_JSON_URL; + url = default_json_url; } if (IPA.use_static_files){ diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index e950796b5..bf477b74b 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -58,7 +58,14 @@ class json_metadata(Command): "mailing":_("Mailing Address"), "employee":_(" Employee Information"), "misc":_("Misc. Information"), - "to_top":_("Back to Top")} + "to_top":_("Back to Top")}, + "ajax":{ + "401":_("Your kerberos ticket no longer valid."+ + "Please run KInit and then click 'retry'"+ + "If this is your first time running the IPA Web UI"+ + " "+ + "Follow these directions to configure your browser.") + } } takes_args = ( -- cgit