mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
webui: handle back button when unauthenticated
using browser history when unauthenticated causes transition to the original and/or preceding facets. But nothing works since all commands fail due to expired credentials in session. These changes make sure that user stays on login screen if he misses valid session credentials while he wants to switch to facet which requires authentication. https://fedorahosted.org/freeipa/ticket/4353 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This commit is contained in:
parent
4b2d20a1f9
commit
905d58a2a4
@ -27,6 +27,7 @@ define([
|
||||
'dojo/topic',
|
||||
'dojo/query',
|
||||
'dojo/dom-class',
|
||||
'./auth',
|
||||
'./json2',
|
||||
'./widgets/App',
|
||||
'./widgets/FacetContainer',
|
||||
@ -36,7 +37,7 @@ define([
|
||||
'./navigation/Router',
|
||||
'./navigation/menu_spec'
|
||||
],
|
||||
function(declare, lang, array, Deferred, on, topic, query, dom_class,
|
||||
function(declare, lang, array, Deferred, on, topic, query, dom_class, auth,
|
||||
JSON, App_widget, FacetContainer, IPA, reg, Menu, Router, menu_spec) {
|
||||
|
||||
/**
|
||||
@ -297,6 +298,12 @@ define([
|
||||
|
||||
show_facet: function(facet) {
|
||||
|
||||
// prevent changing facet when authenticating
|
||||
if (this.current_facet && this.current_facet.name === 'login' &&
|
||||
!auth.current.authenticated && facet.requires_auth) {
|
||||
return;
|
||||
}
|
||||
|
||||
// choose container
|
||||
var container = this.containers[facet.preferred_container];
|
||||
if (!container) container = this.containers.main;
|
||||
@ -455,7 +462,6 @@ define([
|
||||
var login_facet = reg.facet.get('login');
|
||||
|
||||
on.once(login_facet, "logged_in", function() {
|
||||
|
||||
if (facet) {
|
||||
self.show_facet(facet);
|
||||
}
|
||||
|
@ -220,6 +220,13 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
||||
*/
|
||||
that._needs_update = spec.needs_update;
|
||||
|
||||
|
||||
/**
|
||||
* Facet is shown
|
||||
* @property {Boolean}
|
||||
*/
|
||||
that.is_shown = false;
|
||||
|
||||
/**
|
||||
* Marks facet as expired - needs update
|
||||
*
|
||||
@ -291,6 +298,13 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
||||
*/
|
||||
that.redirect_info = spec.redirect_info;
|
||||
|
||||
|
||||
/**
|
||||
* Facet requires authenticated user
|
||||
* @type {Boolean}
|
||||
*/
|
||||
that.requires_auth = spec.requires_auth !== undefined ? spec.requires_auth : true;
|
||||
|
||||
/**
|
||||
* Public state
|
||||
* @property {facet.FacetState}
|
||||
@ -480,7 +494,7 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
||||
that.old_state = state;
|
||||
|
||||
// we don't have to reflect any changes if facet dom is not yet created
|
||||
if (!that.dom_node) {
|
||||
if (!that.dom_node || !that.is_shown) {
|
||||
if (needs_update) that.set_expired_flag();
|
||||
return;
|
||||
}
|
||||
@ -651,30 +665,29 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
||||
*/
|
||||
that.show = function() {
|
||||
|
||||
if (that.is_shown) return;
|
||||
that.is_shown = true;
|
||||
|
||||
that.entity.facet = that; // FIXME: remove
|
||||
|
||||
if (!that.dom_node) {
|
||||
that.create();
|
||||
}
|
||||
|
||||
var state = that.state.clone();
|
||||
var needs_update = that.needs_update(state);
|
||||
that.old_state = state;
|
||||
var state = that.state.clone();
|
||||
var needs_update = that.needs_update(state);
|
||||
that.old_state = state;
|
||||
|
||||
if (needs_update) {
|
||||
that.clear();
|
||||
}
|
||||
if (needs_update) {
|
||||
that.clear();
|
||||
}
|
||||
|
||||
that.dom_node.addClass('active-facet');
|
||||
that.show_content();
|
||||
that.header.select_tab();
|
||||
that.dom_node.addClass('active-facet');
|
||||
that.show_content();
|
||||
that.header.select_tab();
|
||||
|
||||
if (needs_update) {
|
||||
that.refresh();
|
||||
}
|
||||
} else {
|
||||
that.dom_node.addClass('active-facet');
|
||||
that.show_content();
|
||||
that.header.select_tab();
|
||||
if (needs_update) {
|
||||
that.refresh();
|
||||
}
|
||||
};
|
||||
|
||||
@ -714,6 +727,7 @@ exp.facet = IPA.facet = function(spec, no_init) {
|
||||
* Un-mark itself as active facet
|
||||
*/
|
||||
that.hide = function() {
|
||||
that.is_shown = false;
|
||||
that.dom_node.removeClass('active-facet');
|
||||
};
|
||||
|
||||
|
@ -112,6 +112,12 @@ define(['dojo/_base/declare',
|
||||
*/
|
||||
redirect_info: null,
|
||||
|
||||
/**
|
||||
* Facet requires authenticated user
|
||||
* @type {Boolean}
|
||||
*/
|
||||
requires_auth: true,
|
||||
|
||||
/**
|
||||
* Public state
|
||||
* @property {facet.FacetState}
|
||||
@ -323,6 +329,9 @@ define(['dojo/_base/declare',
|
||||
this.container_node = spec.container_node;
|
||||
this.dom_node = spec.dom_node;
|
||||
this.redirect_info = spec.redirect_info;
|
||||
if (spec.requires_auth !== undefined) {
|
||||
this.requires_auth = spec.requires_auth;
|
||||
}
|
||||
this.state = new mod_facet.FacetState();
|
||||
on(this.state, 'set', lang.hitch(this, this.on_state_set));
|
||||
}
|
||||
|
@ -40,6 +40,7 @@ define([
|
||||
load.facet_spec = {
|
||||
name: 'load',
|
||||
preferred_container: 'simple',
|
||||
requires_auth: false,
|
||||
'class': 'login-pf-body',
|
||||
widgets: [
|
||||
{
|
||||
|
@ -43,6 +43,7 @@ define(['dojo/_base/declare',
|
||||
login.facet_spec = {
|
||||
name: 'login',
|
||||
preferred_container: 'simple',
|
||||
requires_auth: false,
|
||||
widgets: [
|
||||
{
|
||||
$type: 'activity',
|
||||
@ -60,7 +61,7 @@ define(['dojo/_base/declare',
|
||||
login.LoginFacet = declare([Facet], {
|
||||
|
||||
can_leave: function() {
|
||||
return auth.authenticated;
|
||||
return auth.current.authenticated;
|
||||
},
|
||||
|
||||
init: function() {
|
||||
|
@ -289,7 +289,7 @@ rpc.command = function(spec) {
|
||||
// With trusts, user from trusted domain can use his ticket but he
|
||||
// doesn't have rights for LDAP modify. It will throw internal error.
|
||||
// We should offer form base login.
|
||||
if (xhr.status === 500 && auth.authenticated_by === 'kerberos' &&
|
||||
if (xhr.status === 500 && auth.current.authenticated_by === 'kerberos' &&
|
||||
!IPA.ui.initialized) {
|
||||
error_handler_auth(xhr, text_status, error_thrown);
|
||||
return;
|
||||
|
Loading…
Reference in New Issue
Block a user