Handle case when trusted domain user access the Web UI

WebUI catches the fact that the user can't access LDAP server with a current ticket. It shows form-based auth login dialog. Previoustly an ugly error was returned on an almost empty page, and user had no recourse. https://fedorahosted.org/freeipa/ticket/2897
2025-02-25 18:55:28 -06:00 · 2012-08-09 14:16:58 +02:00 · 2012-08-09 14:16:58 +02:00 · be144da672
commit be144da672
parent ade68ec94f
1 changed files with 21 additions and 1 deletions
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@ -55,6 +55,8 @@ var IPA = function() {

    that.network_call_count = 0;

+    that.ui = {};
+
    /* initialize the IPA JSON-RPC helper */
    that.init = function(params) {

@ -190,7 +192,10 @@ var IPA = function() {
                objects,
                commands
            ],
-            on_success: params.on_success,
+            on_success: function(data, text_status, xhr) {
+                IPA.ui.initialized = true;
+                params.on_success.call(this, data, text_status, xhr);
+            },
            on_error: params.on_error
        });

@ -308,10 +313,12 @@ IPA.get_credentials = function() {

    function error_handler(xhr, text_status, error_thrown) {
        status = xhr.status;
+        IPA.ui.logged_kerberos = false;
    }

    function success_handler(data, text_status, xhr) {
        status = xhr.status;
+        IPA.ui.logged_kerberos = true;
    }

    var request = {
@ -379,6 +386,7 @@ IPA.login_password = function(username, password) {

    function success_handler(data, text_status, xhr) {
        result = 'success';
+        IPA.ui.logged_password = true;
    }

    function error_handler(xhr, text_status, error_thrown) {
@ -392,6 +400,8 @@ IPA.login_password = function(username, password) {
                result = 'expired';
            }
        }
+
+        IPA.ui.logged_password = false;
    }

    var data = {
@ -730,6 +740,16 @@ IPA.command = function(spec) {
                error_thrown.message = error_msg;
            }

+            // global specical cases error handlers section
+
+            // With trusts, user from trusted domain can use his ticket but he
+            // doesn't have rights for LDAP modify. It will throw internal errror.
+            // We should offer form base login.
+            if (xhr.status === 500 && IPA.ui.logged_kerberos && !IPA.ui.initialized) {
+                auth_dialog_open(xhr, text_status, error_thrown);
+                return;
+            }
+
            if (that.retry) {
                dialog_open.call(this, xhr, text_status, error_thrown);