Re: [Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0075-Ticket-Expiration.patch

Fri, 05 Nov 2010 16:52:23 -0700 

On 11/05/2010 05:26 PM, Endi Sukma Dewata wrote:

On 11/5/2010 4:03 PM, Adam Young wrote:

Ticket Expiration
This patch handles Kerberos ticket expiration in the UI.
Additionally it removes the mod_auth_kerb authorization for elements
in the static directory, cutting down on the number of round trips



Rebased



It still doesn't apply. Could you double-check? Maybe it's based on 
some uncommitted patches. Thanks.


Here it is.

From fcbd8c2511363974d2bda64da91f6c594e01b0a8 Mon Sep 17 00:00:00 2001
From: Adam Young <ayo...@redhat.com>
Date: Fri, 5 Nov 2010 19:48:42 -0400
Subject: [PATCH] Ticket Expiration
 THis patch handles Kerberos ticket expiration in the UI.  Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app

Conflicts:

	install/static/ipa.js
---
 install/conf/ipa.conf      |   11 +----------
 install/static/ipa.js      |   32 +++++++++++++++++++++++++++-----
 ipalib/plugins/internal.py |    9 ++++++++-
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 91e8373..bcf31ce 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -89,20 +89,11 @@ Alias /ipa/ui "/usr/share/ipa/static"
 <Directory "/usr/share/ipa/static">
   SetHandler None
   AllowOverride None
+  Satisfy Any
   Allow from all
 </Directory>
 
 
-# WebUI assets
-Alias /ipa-assets/ "/var/cache/ipa/assets/"
-<Directory "/var/cache/ipa/assets">
-  Allow from all
-  AllowOverride None
-  Options FollowSymLinks
-  ExpiresActive On
-  ExpiresDefault A31536000
-</Directory>
-
 
 # Protect our CGIs
 <Directory /var/www/cgi-bin>
diff --git a/install/static/ipa.js b/install/static/ipa.js
index be8e3b6..21368d6 100644
--- a/install/static/ipa.js
+++ b/install/static/ipa.js
@@ -22,6 +22,7 @@
 /*global $:true, location:true */
 
 /*Forward defined due to circular dependency with IPA.*/
+var IPA;
 var ipa_cmd;
 var IPA_DEFAULT_JSON_URL = '/ipa/json';
 var IPA = ( function () {
@@ -119,6 +120,7 @@ var IPA = ( function () {
  *   objname - name of an IPA object (optional) */
 function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
 {
+    var default_json_url = '/ipa/json';
 
     function dialog_open(xhr, text_status, error_thrown) {
         var that = this;
@@ -150,6 +152,24 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
     }
 
     function error_handler(xhr, text_status, error_thrown) {
+        if (!error_thrown){
+            error_thrown = {name:'unknown'}
+        }
+
+        if (xhr.status === 401){
+            error_thrown.name  = 'Kerberos ticket no longer valid.';
+            if (IPA.messages && IPA.messages.ajax){
+                error_thrown.message =  IPA.messages.ajax["401"];
+            }else{
+                error_thrown.message =
+                    "Your kerberos ticket no longer valid."+
+                    "Please run KInit and then click 'retry'"+
+                    "If this is your first time running the IPA Web UI"+
+                    "<a href='/ipa/errors/ssbrowser.html'> "+
+                    "Follow these directions</a> to configure your browser."
+            }
+        }
+
         error_thrown.title = 'AJAX Error: '+error_thrown.name;
         ajax_error_handler.call(this, xhr, text_status, error_thrown);
     }
@@ -206,7 +226,7 @@ function ipa_cmd(name, args, options, win_callback, fail_callback, objname)
     var url = IPA.json_url;
 
     if (!url){
-        url = IPA_DEFAULT_JSON_URL;
+        url = default_json_url;
     }
 
     if (IPA.use_static_files){
@@ -262,10 +282,12 @@ function ipa_get_member_attribute(obj_name, member)
     }
     var attribute_members = ipa_obj.attribute_members;
     for (var a in attribute_members) {
-        var objs = attribute_members[a];
-        for (var i = 0; i < objs.length; i += 1) {
-            if (objs[i] === member){
-                return a;
+        if (attribute_members.hasOwnProperty(a)){
+            var objs = attribute_members[a];
+            for (var i = 0; i < objs.length; i += 1) {
+                if (objs[i] === member){
+                    return a;
+                }
             }
         }
     }
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index e950796..bf477b7 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -58,7 +58,14 @@ class json_metadata(Command):
             "mailing":_("Mailing Address"),
             "employee":_("      Employee Information"),
             "misc":_("Misc. Information"),
-            "to_top":_("Back to Top")}
+            "to_top":_("Back to Top")},
+        "ajax":{
+            "401":_("Your kerberos ticket no longer valid."+
+                "Please run KInit and then click 'retry'"+
+                "If this is your first time running the IPA Web UI"+
+                "<a href='/ipa/errors/ssbrowser.html'> "+
+                "Follow these directions</a> to configure your browser.")
+            }
         }
 
     takes_args = (
-- 
1.7.1


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to