Ticket Expiration

THis patch handles Kerberos ticket expiration in the UI. Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app Conflicts: install/static/ipa.js
2025-01-13 09:41:55 -06:00 · 2010-11-05 19:48:42 -04:00 · 2010-11-05 19:48:42 -04:00 · 90baf597dd
commit 90baf597dd
parent 29c9c70d46
3 changed files with 29 additions and 13 deletions
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@ -89,20 +89,11 @@ Alias /ipa/ui "/usr/share/ipa/static"
 <Directory "/usr/share/ipa/static">
  SetHandler None
  AllowOverride None
+  Satisfy Any
  Allow from all
 </Directory>


-# WebUI assets
-Alias /ipa-assets/ "/var/cache/ipa/assets/"
-<Directory "/var/cache/ipa/assets">
-  Allow from all
-  AllowOverride None
-  Options FollowSymLinks
-  ExpiresActive On
-  ExpiresDefault A31536000
-</Directory>
-

 # Protect our CGIs
 <Directory /var/www/cgi-bin>
--- a/install/static/ipa.js
+++ b/install/static/ipa.js
@ -23,7 +23,6 @@

 /*Forward defined due to circular dependency with IPA.*/
 var ipa_cmd;
-var IPA_DEFAULT_JSON_URL = '/ipa/json';
 var IPA = ( function () {

    var that = {
@ -119,6 +118,7 @@ var IPA = ( function () {
 *   objname - name of an IPA object (optional) */
 function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
 {
+    var default_json_url = '/ipa/json';

    function dialog_open(xhr, text_status, error_thrown) {
        var that = this;
@ -150,6 +150,24 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
    }

    function error_handler(xhr, text_status, error_thrown) {
+        if (!error_thrown){
+            error_thrown = {name:'unknown'}
+        }
+
+        if (xhr.status === 401){
+            error_thrown.name  = 'Kerberos ticket no longer valid.';
+            if (IPA.messages && IPA.messages.ajax){
+                error_thrown.message =  IPA.messages.ajax["401"];
+            }else{
+                error_thrown.message =
+                    "Your kerberos ticket no longer valid."+
+                    "Please run KInit and then click 'retry'"+
+                    "If this is your first time running the IPA Web UI"+
+                    "<a href='/ipa/errors/ssbrowser.html'> "+
+                    "Follow these directions</a> to configure your browser."
+            }
+        }
+
        error_thrown.title = 'AJAX Error: '+error_thrown.name;
        ajax_error_handler.call(this, xhr, text_status, error_thrown);
    }
@ -206,7 +224,7 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
    var url = IPA.json_url;

    if (!url){
-        url = IPA_DEFAULT_JSON_URL;
+        url = default_json_url;
    }

    if (IPA.use_static_files){
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@ -58,7 +58,14 @@ class json_metadata(Command):
            "mailing":_("Mailing Address"),
            "employee":_("      Employee Information"),
            "misc":_("Misc. Information"),
-            "to_top":_("Back to Top")}
+            "to_top":_("Back to Top")},
+        "ajax":{
+            "401":_("Your kerberos ticket no longer valid."+
+                "Please run KInit and then click 'retry'"+
+                "If this is your first time running the IPA Web UI"+
+                "<a href='/ipa/errors/ssbrowser.html'> "+
+                "Follow these directions</a> to configure your browser.")
+            }
        }

    takes_args = (