Repository: incubator-trafficcontrol
Updated Branches:
  refs/heads/master 77c0dae32 -> c4c18c55e


throws 403 (rather than 404) if user is ldap-only (has no user entry in tm_user 
table) and allows for a customizable message that can be defined in cdn.conf


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/b7b27f98
Tree: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/b7b27f98
Diff: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/b7b27f98

Branch: refs/heads/master
Commit: b7b27f9840156e60159e2a176c7f47f330059857
Parents: 77c0dae
Author: Jeremy Mitchell <mitchell...@gmail.com>
Authored: Wed Aug 9 11:33:21 2017 -0600
Committer: Dan Kirkwood <dang...@gmail.com>
Committed: Thu Aug 10 15:12:59 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/conf/cdn.conf                |  5 ++--
 traffic_ops/app/lib/API/Cdn.pm               |  7 +++++-
 traffic_ops/app/lib/TrafficOps.pm            |  3 +++
 traffic_ops/app/lib/TrafficOpsRoutes.pm      | 10 +++++---
 traffic_ops/app/templates/no_account.html.ep | 30 +++++++++++++++++++++++
 5 files changed, 49 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/b7b27f98/traffic_ops/app/conf/cdn.conf
----------------------------------------------------------------------
diff --git a/traffic_ops/app/conf/cdn.conf b/traffic_ops/app/conf/cdn.conf
index d685fde..11404bd 100644
--- a/traffic_ops/app/conf/cdn.conf
+++ b/traffic_ops/app/conf/cdn.conf
@@ -13,8 +13,9 @@
                access_control_allow_origin => '*'
        },
        to => {
-               base_url   => 'http://localhost:3000',                    # 
this is where traffic ops app resides
-               email_from => 'no-re...@traffic-ops-domain.com'           # 
traffic ops email address
+               base_url               => 'http://localhost:3000', # this is 
where traffic ops app resides
+               email_from             => 'no-re...@traffic-ops-domain.com', # 
traffic ops email address
+               no_account_found_msg   => 'A Traffic Ops user account is 
required for access. Please contact your Traffic Ops user administrator.' # 
message to display if no TO account is found in tm_user
        },
        portal => {
                base_url   => 'http://localhost:8080',                    # 
this is where the traffic portal resides (a javascript client that consumes the 
TO API)

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/b7b27f98/traffic_ops/app/lib/API/Cdn.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/API/Cdn.pm b/traffic_ops/app/lib/API/Cdn.pm
index c0e2e9e..a495d59 100644
--- a/traffic_ops/app/lib/API/Cdn.pm
+++ b/traffic_ops/app/lib/API/Cdn.pm
@@ -1460,7 +1460,12 @@ sub catch_all {
        my $mimetype = $self->req->headers->content_type;
 
        if ( defined( $self->current_user() ) ) {
-               return $self->not_found();
+               if ( &UI::Utils::is_ldap( $self ) ) {
+                       my $config = $self->app->config;
+                       return $self->forbidden( 
$config->{'to'}{'no_account_found_msg'} );
+               } else {
+                       return $self->not_found();
+               }
        }
        else {
                return $self->unauthorized();

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/b7b27f98/traffic_ops/app/lib/TrafficOps.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/TrafficOps.pm 
b/traffic_ops/app/lib/TrafficOps.pm
index 3695031..c6bcf6c 100644
--- a/traffic_ops/app/lib/TrafficOps.pm
+++ b/traffic_ops/app/lib/TrafficOps.pm
@@ -239,6 +239,9 @@ sub setup_mojo_plugins {
        $self->helper( db => sub { $self->schema } );
        $config = $self->plugin('Config');
 
+       # setting a default message if no user account is found in tm_user. 
this default can be overriden in cdn.conf
+       $config->{'to'}{'no_account_found_msg'} //= "A Traffic Ops user account 
is required for access. Please contact your Traffic Ops user administrator.";
+
        if ( !defined $ENV{MOJO_INACTIVITY_TIMEOUT} ) {
                $ENV{MOJO_INACTIVITY_TIMEOUT} = $config->{inactivity_timeout} 
// 60;
                print( "Setting mojo inactivity timeout to " . 
$ENV{MOJO_INACTIVITY_TIMEOUT} . "\n" );

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/b7b27f98/traffic_ops/app/lib/TrafficOpsRoutes.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/TrafficOpsRoutes.pm 
b/traffic_ops/app/lib/TrafficOpsRoutes.pm
index c24a0c6..fde225f 100644
--- a/traffic_ops/app/lib/TrafficOpsRoutes.pm
+++ b/traffic_ops/app/lib/TrafficOpsRoutes.pm
@@ -982,9 +982,13 @@ sub catch_all {
                        my $self = shift;
 
                        if ( defined( $self->current_user() ) ) {
-                               $self->render( template => "not_found", status 
=> 404 );
-                       }
-                       else {
+                               if ( &UI::Utils::is_ldap( $self ) ) {
+                                       my $config = $self->app->config;
+                                       $self->render( template => 
"no_account", no_account_found_msg => $config->{'to'}{'no_account_found_msg'}, 
status => 403 );
+                               } else {
+                                       $self->render( template => "not_found", 
status => 404 );
+                               }
+                       } else {
                                $self->flash( login_msg => "Unauthorized . 
Please log in ." );
                                $self->render( controller => 'cdn', action => 
'loginpage', layout => undef, status => 401 );
                        }

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/b7b27f98/traffic_ops/app/templates/no_account.html.ep
----------------------------------------------------------------------
diff --git a/traffic_ops/app/templates/no_account.html.ep 
b/traffic_ops/app/templates/no_account.html.ep
new file mode 100644
index 0000000..caee549
--- /dev/null
+++ b/traffic_ops/app/templates/no_account.html.ep
@@ -0,0 +1,30 @@
+<!--
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+
+<html>
+  <body>
+  <meta http-equiv="refresh">
+  <div id="accordion">
+       <div>
+       <h3><a href="#">Account Not Found</a></h3>
+         <div>
+            <div style="margin-bottom: 10px;" class="field-with-error"><%= 
$no_account_found_msg %></div>
+                 <div style="margin-top:20px;clear:both;">
+                               <h2><a href="/">Click here to navigate to the 
main site if you so desire.</a></h2>
+                 </div>
+         </div>
+       </div>
+  </div>
+  </body>
+</html>
\ No newline at end of file

Reply via email to