mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
WebUI: Make 'Unlock' option is available only on locked user page
The implementation includes checking password policy for selected user. 'Unlock' option is available only in case user reached a limit of login failures. Ticket: https://pagure.io/freeipa/issue/5062 Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Armando Neto <abiagion@redhat.com>
This commit is contained in:
parent
2e0850e70e
commit
123c93f92c
@ -445,7 +445,7 @@ return {
|
|||||||
label: '@i18n:objects.user.unlock',
|
label: '@i18n:objects.user.unlock',
|
||||||
needs_confirm: true,
|
needs_confirm: true,
|
||||||
hide_cond: ['preserved-user'],
|
hide_cond: ['preserved-user'],
|
||||||
disable_cond: ['no-password'],
|
enable_cond: ['is-locked'],
|
||||||
confirm_msg: '@i18n:objects.user.unlock_confirm'
|
confirm_msg: '@i18n:objects.user.unlock_confirm'
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -481,7 +481,7 @@ return {
|
|||||||
},
|
},
|
||||||
IPA.user.self_service_other_user_evaluator,
|
IPA.user.self_service_other_user_evaluator,
|
||||||
IPA.user.preserved_user_evaluator,
|
IPA.user.preserved_user_evaluator,
|
||||||
IPA.user.no_password_evaluator,
|
IPA.user.is_locked_evaluator,
|
||||||
IPA.object_class_evaluator,
|
IPA.object_class_evaluator,
|
||||||
IPA.cert.certificate_evaluator
|
IPA.cert.certificate_evaluator
|
||||||
],
|
],
|
||||||
@ -1120,15 +1120,21 @@ IPA.user.deleter_dialog = function(spec) {
|
|||||||
return that;
|
return that;
|
||||||
};
|
};
|
||||||
|
|
||||||
IPA.user.no_password_evaluator = function(spec) {
|
IPA.user.is_locked_evaluator = function(spec) {
|
||||||
|
|
||||||
spec = spec || {};
|
spec = spec || {};
|
||||||
spec.event = spec.event || 'post_load';
|
spec.event = spec.event || 'post_load';
|
||||||
|
|
||||||
var that = IPA.state_evaluator(spec);
|
var that = IPA.state_evaluator(spec);
|
||||||
that.name = spec.name || 'no_password_evaluator';
|
that.name = spec.name || 'is_locked_evaluator';
|
||||||
that.param = spec.param || 'has_password';
|
that.user_adapter = builder.build('adapter', {
|
||||||
that.adapter = builder.build('adapter', { $type: 'adapter'}, { context: that });
|
$type: 'object_adapter',
|
||||||
|
result_index: 0
|
||||||
|
}, {});
|
||||||
|
that.pw_policy_adapter = builder.build('adapter', {
|
||||||
|
$type: 'object_adapter',
|
||||||
|
result_index: 1
|
||||||
|
}, {});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Evaluates if user has no password
|
* Evaluates if user has no password
|
||||||
@ -1138,9 +1144,17 @@ IPA.user.no_password_evaluator = function(spec) {
|
|||||||
var old_state = that.state;
|
var old_state = that.state;
|
||||||
that.state = [];
|
that.state = [];
|
||||||
|
|
||||||
var has_password = that.adapter.load(data)[0];
|
var user = that.user_adapter.get_record(data);
|
||||||
if (!has_password) {
|
var pw_policy = that.pw_policy_adapter.get_record(data);
|
||||||
that.state.push('no-password');
|
|
||||||
|
if (user.krbloginfailedcount) {
|
||||||
|
// In case there is no permission to check password policy we
|
||||||
|
// allow to unlock user even if he has only one failed login.
|
||||||
|
var max_failure = pw_policy ? pw_policy.krbpwdmaxfailure[0] : 1;
|
||||||
|
|
||||||
|
if (user.krbloginfailedcount[0] >= max_failure) {
|
||||||
|
that.state.push('is-locked');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
that.notify_on_change(old_state);
|
that.notify_on_change(old_state);
|
||||||
|
@ -211,7 +211,8 @@ class test_user(user_tasks):
|
|||||||
self.reset_password_action(pwd)
|
self.reset_password_action(pwd)
|
||||||
self.assert_text_field('has_password', '******')
|
self.assert_text_field('has_password', '******')
|
||||||
|
|
||||||
self.action_list_action('unlock')
|
# unlock option should be disabled for new user
|
||||||
|
self.assert_action_list_action('unlock', enabled=False)
|
||||||
|
|
||||||
# delete
|
# delete
|
||||||
self.delete_action(user.ENTITY, user.PKEY, action='delete_active_user')
|
self.delete_action(user.ENTITY, user.PKEY, action='delete_active_user')
|
||||||
|
Loading…
Reference in New Issue
Block a user