Ticket Expiration
    This patch handles Kerberos ticket expiration in the UI.
Additionally it removes the mod_auth_kerb authorization for elements in the static directory, cutting down on the number of round trips
From 149a0190d2be8b9cfca1d9a44ff2174241cfc69d Mon Sep 17 00:00:00 2001
From: Adam Young <ayo...@redhat.com>
Date: Tue, 2 Nov 2010 13:18:05 -0400
Subject: [PATCH 75/75] Ticket Expiration
 THis patch handles Kerberos ticket expiration in the UI.  Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app

---
 install/conf/ipa.conf      |   11 +----------
 install/static/ipa.js      |   32 ++++++++++++++++++++++++++------
 ipalib/plugins/internal.py |    9 ++++++++-
 3 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 91e8373c4ff3a0e3e648978798301baf48ee0333..bcf31cee348a9889f6f12fa146abd3f374ad7c48 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -89,20 +89,11 @@ Alias /ipa/ui "/usr/share/ipa/static"
 <Directory "/usr/share/ipa/static">
   SetHandler None
   AllowOverride None
+  Satisfy Any
   Allow from all
 </Directory>
 
 
-# WebUI assets
-Alias /ipa-assets/ "/var/cache/ipa/assets/"
-<Directory "/var/cache/ipa/assets">
-  Allow from all
-  AllowOverride None
-  Options FollowSymLinks
-  ExpiresActive On
-  ExpiresDefault A31536000
-</Directory>
-
 
 # Protect our CGIs
 <Directory /var/www/cgi-bin>
diff --git a/install/static/ipa.js b/install/static/ipa.js
index 680f6e938529ddf342cebc4d66237f339faf035c..98082f90d5eaa98b2972a01d3d28e851bbcc9fff 100644
--- a/install/static/ipa.js
+++ b/install/static/ipa.js
@@ -23,7 +23,6 @@
 
 /*global $:true, location:true */
 
-var IPA_DEFAULT_JSON_URL = '/ipa/json';
 var IPA;
 var ipa_cmd;
 
@@ -118,6 +117,7 @@ var IPA = ( function () {
  *   objname - name of an IPA object (optional) */
 function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
 {
+    var default_json_url = '/ipa/json';
 
     function dialog_open(xhr, text_status, error_thrown) {
         var that = this;
@@ -149,6 +149,24 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
     }
 
     function error_handler(xhr, text_status, error_thrown) {
+        if (!error_thrown){
+            error_thrown = {name:'unknown'}
+        }
+
+        if (xhr.status === 401){
+            error_thrown.name  = 'Kerberos ticket no longer valid.';
+            if (IPA.messages && IPA.messages.ajax){
+                error_thrown.message =  IPA.messages.ajax["401"];
+            }else{
+                error_thrown.message =
+                    "Your kerberos ticket no longer valid."+
+                    "Please run KInit and then click 'retry'"+
+                    "If this is your first time running the IPA Web UI"+
+                    "<a href='/ipa/errors/ssbrowser.html'> "+
+                    "Follow these directions</a> to configure your browser."
+            }
+        }
+
         error_thrown.title = 'AJAX Error: '+error_thrown.name;
         ajax_error_handler.call(this, xhr, text_status, error_thrown);
     }
@@ -205,7 +223,7 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
     var url = IPA.json_url;
 
     if (!url){
-        url = IPA_DEFAULT_JSON_URL;
+        url = default_json_url;
     }
 
     if (IPA.use_static_files){
@@ -261,10 +279,12 @@ function ipa_get_member_attribute(obj_name, member)
     }
     var attribute_members = ipa_obj.attribute_members;
     for (var a in attribute_members) {
-        var objs = attribute_members[a];
-        for (var i = 0; i < objs.length; i += 1) {
-            if (objs[i] === member){
-                return a;
+        if (attribute_members.hasOwnProperty(a)){
+            var objs = attribute_members[a];
+            for (var i = 0; i < objs.length; i += 1) {
+                if (objs[i] === member){
+                    return a;
+                }
             }
         }
     }
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index e950796b5db3ab0f969bd688fa2990a1487bb9a5..bf477b74b4f6cc0e0b8a539401a171d929ff4db6 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -58,7 +58,14 @@ class json_metadata(Command):
             "mailing":_("Mailing Address"),
             "employee":_("      Employee Information"),
             "misc":_("Misc. Information"),
-            "to_top":_("Back to Top")}
+            "to_top":_("Back to Top")},
+        "ajax":{
+            "401":_("Your kerberos ticket no longer valid."+
+                "Please run KInit and then click 'retry'"+
+                "If this is your first time running the IPA Web UI"+
+                "<a href='/ipa/errors/ssbrowser.html'> "+
+                "Follow these directions</a> to configure your browser.")
+            }
         }
 
     takes_args = (
-- 
1.7.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to