483b06
From 18e9bc2399af788399e66c3f4b28e6a7f0378b78 Mon Sep 17 00:00:00 2001
483b06
From: Pavel Vomacka <pvomacka@redhat.com>
483b06
Date: Wed, 22 Mar 2017 16:54:33 +0100
483b06
Subject: [PATCH] WebUI: Add support for login for AD users
483b06
483b06
After login, method user-find --whoami was called which cannot be
483b06
called for AD users. That method was replaced by ipa whoami command
483b06
and sequential command according to result of ipa whoami. AD user
483b06
can now be logged in.
483b06
483b06
AD users have new menu definition which contains only list of IPA
483b06
users and profile page of AD user - "User ID Override".
483b06
483b06
This commit also fixes several places where IPA.whoami object was
483b06
used, because its structure was also changed. It now contains two
483b06
objects. First one is stored in 'metadata' property and stores
483b06
result from ipa whoami (type of object, command which should be
483b06
called for showing detailed data about currently logged entity, etc).
483b06
The second one is stored in 'data' property which stores result of
483b06
_show command for currently logged entity.
483b06
483b06
https://pagure.io/freeipa/issue/3242
483b06
483b06
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
483b06
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
483b06
---
483b06
 install/ui/src/freeipa/Application_controller.js | 52 +++++++++++++++++++-----
483b06
 install/ui/src/freeipa/idviews.js                | 21 +++++++++-
483b06
 install/ui/src/freeipa/ipa.js                    | 47 +++++++++++++--------
483b06
 install/ui/src/freeipa/navigation/menu_spec.js   | 10 +++++
483b06
 install/ui/src/freeipa/otptoken.js               |  2 +-
483b06
 install/ui/src/freeipa/user.js                   |  5 ++-
483b06
 ipaserver/plugins/internal.py                    |  1 +
483b06
 7 files changed, 108 insertions(+), 30 deletions(-)
483b06
483b06
diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js
483b06
index d809c1f2662609e390609270ef3ddc42f0727936..5eb4e7a5104b780761b9a5179dbfd1501a8d1478 100644
483b06
--- a/install/ui/src/freeipa/Application_controller.js
483b06
+++ b/install/ui/src/freeipa/Application_controller.js
483b06
@@ -31,6 +31,7 @@ define([
483b06
         './widgets/App',
483b06
         './widgets/FacetContainer',
483b06
         './ipa',
483b06
+        './rpc',
483b06
         './reg',
483b06
         './config',
483b06
         './widget',
483b06
@@ -41,7 +42,7 @@ define([
483b06
         './plugins/load_page'
483b06
        ],
483b06
        function(declare, array, Deferred, on, topic, query, dom_class, auth,
483b06
-            JSON, App_widget, FacetContainer, IPA, reg, config, widget_mod,
483b06
+            JSON, App_widget, FacetContainer, IPA, rpc, reg, config, widget_mod,
483b06
             Menu, Router, routing, menu_spec) {
483b06
 
483b06
     /**
483b06
@@ -156,7 +157,7 @@ define([
483b06
         /**
483b06
          * Turns off one item in user dropdown menu and remove its listener.
483b06
          * @param {string} name of the user menu item which should be disabled
483b06
-         * @param {Object} listener disable this listener
483b06
+         * @param {Object} listener disable di
483b06
          */
483b06
         disable_user_menu_item: function(name, listener) {
483b06
             this.app_widget.disable_user_menu_item(name);
483b06
@@ -179,16 +180,22 @@ define([
483b06
          */
483b06
         choose_profile: function() {
483b06
 
483b06
-            // TODO: change IPA.whoami.cn[0] to something readable
483b06
-            this.update_logged_in(true, IPA.whoami.cn[0]);
483b06
+            this.update_logged_in(true);
483b06
             var selfservice = this.is_selfservice();
483b06
 
483b06
 
483b06
             this.app_widget.menu_widget.ignore_changes = true;
483b06
 
483b06
             if (selfservice) {
483b06
-                this.menu.name = menu_spec.self_service.name;
483b06
-                this.menu.add_items(menu_spec.self_service.items);
483b06
+                if (this.is_aduser_selfservice()) {
483b06
+                    this.menu.name = menu_spec.ad_self_service.name;
483b06
+                    this.menu.add_items(menu_spec.ad_self_service.items);
483b06
+                    this.disable_user_menu_item('password_reset',
483b06
+                            this.on_passwd_reset_listener);
483b06
+                } else {
483b06
+                    this.menu.name = menu_spec.self_service.name;
483b06
+                    this.menu.add_items(menu_spec.self_service.items);
483b06
+                }
483b06
             } else {
483b06
                 this.menu.name = menu_spec.admin.name;
483b06
                 this.menu.add_items(menu_spec.admin.items);
483b06
@@ -232,10 +239,9 @@ define([
483b06
         },
483b06
 
483b06
         is_selfservice: function() {
483b06
-            var whoami = IPA.whoami;
483b06
+            var whoami = IPA.whoami.data;
483b06
             var self_service = true;
483b06
 
483b06
-
483b06
             if (whoami.hasOwnProperty('memberof_group') &&
483b06
                 whoami.memberof_group.indexOf('admins') !== -1) {
483b06
                 self_service = false;
483b06
@@ -255,13 +261,39 @@ define([
483b06
             return self_service;
483b06
         },
483b06
 
483b06
-        update_logged_in: function(logged_in, fullname) {
483b06
+        is_aduser_selfservice: function() {
483b06
+            var selfservice = IPA.whoami.metadata.object === 'idoverrideuser';
483b06
+            // quite ugly, needed for users and iduseroverride to hide breadcrumb
483b06
+            IPA.is_aduser_selfservice = selfservice;
483b06
+
483b06
+            return selfservice;
483b06
+        },
483b06
+
483b06
+        update_logged_in: function(logged_in) {
483b06
             this.app_widget.set('logged', logged_in);
483b06
+
483b06
+            var whoami = IPA.whoami;
483b06
+            var fullname = '';
483b06
+            var entity = whoami.metadata.object;
483b06
+
483b06
+            if (whoami.data.cn) {
483b06
+                fullname = whoami.data.cn[0];
483b06
+            } else if (whoami.data.displayname) {
483b06
+                fullname = whoami.data.displayname[0];
483b06
+            } else if (whoami.data.gecos) {
483b06
+                fullname = whoami.data.gecos[0];
483b06
+            } else if (whoami.data.krbprincipalname) {
483b06
+                fullname = whoami.data.krbprincipalname[0];
483b06
+            } else if (whoami.data.ipaoriginaluid) {
483b06
+                fullname = whoami.data.ipaoriginaluid[0];
483b06
+            }
483b06
+
483b06
             this.app_widget.set('fullname', fullname);
483b06
         },
483b06
 
483b06
         on_profile: function() {
483b06
-            routing.navigate(['entity', 'user', 'details', [IPA.whoami.uid[0]]]);
483b06
+            routing.navigate(['entity', IPA.whoami.metadata.object, 'details',
483b06
+                 IPA.whoami.metadata.arguments]);
483b06
         },
483b06
 
483b06
         on_logout: function(event) {
483b06
diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js
483b06
index f383ab3be4c4ed997fb209da2da4d04835236d8a..d9133a13c2ed8970e7919bb28d06f818d832170a 100644
483b06
--- a/install/ui/src/freeipa/idviews.js
483b06
+++ b/install/ui/src/freeipa/idviews.js
483b06
@@ -452,6 +452,21 @@ idviews.id_override_user_details_facet = function(spec) {
483b06
     return that;
483b06
 };
483b06
 
483b06
+
483b06
+idviews.aduser_idoverrideuser_pre_op = function(spec, context) {
483b06
+    spec = spec || [];
483b06
+
483b06
+    if (!IPA.is_aduser_selfservice) return spec;
483b06
+
483b06
+    var facet = spec.facets[0];
483b06
+    facet.label = '@i18n:objects.idoverrideuser.profile';
483b06
+    facet.actions = [];
483b06
+    facet.header_actions = [];
483b06
+    facet.disable_breadcrumb = true;
483b06
+
483b06
+    return spec;
483b06
+};
483b06
+
483b06
 /**
483b06
  * @extends IPA.cert.certs_widget
483b06
  */
483b06
@@ -948,7 +963,11 @@ idviews.register = function() {
483b06
     var w = reg.widget;
483b06
 
483b06
     e.register({type: 'idview', spec: idviews.spec});
483b06
-    e.register({type: 'idoverrideuser', spec: idviews.idoverrideuser_spec});
483b06
+    e.register({
483b06
+        type: 'idoverrideuser',
483b06
+        spec: idviews.idoverrideuser_spec,
483b06
+        pre_ops: [idviews.aduser_idoverrideuser_pre_op]
483b06
+    });
483b06
     e.register({type: 'idoverridegroup', spec: idviews.idoverridegroup_spec});
483b06
     f.copy('attribute', 'idview_appliedtohosts', {
483b06
         factory: idviews.appliedtohosts_facet
483b06
diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js
483b06
index 0ddbd0744d699cacddb3970e5ec7cb72b9dbf4f4..2538001c94141b823d634ca63327a66fd148129f 100644
483b06
--- a/install/ui/src/freeipa/ipa.js
483b06
+++ b/install/ui/src/freeipa/ipa.js
483b06
@@ -86,7 +86,8 @@ var IPA = function () {
483b06
     /**
483b06
      * User information
483b06
      *
483b06
-     * - output of ipa user-find --whoami
483b06
+     * - output of ipa whoami in that.whoami.metadata and then object_show method
483b06
+     * in that.whoami.data
483b06
      */
483b06
     that.whoami = {};
483b06
 
483b06
@@ -263,19 +264,33 @@ var IPA = function () {
483b06
      */
483b06
     that.get_whoami_command = function(batch) {
483b06
         return rpc.command({
483b06
-            entity: 'user',
483b06
-            method: 'find',
483b06
-            options: {
483b06
-                whoami: true,
483b06
-                all: true
483b06
-            },
483b06
+            method: 'whoami',
483b06
             on_success: function(data, text_status, xhr) {
483b06
-                that.whoami = batch ? data.result[0] : data.result.result[0];
483b06
-                var cn = that.whoami.krbcanonicalname;
483b06
-                if (cn) that.principal = cn[0];
483b06
-                if (!that.principal) {
483b06
-                    that.principal = that.whoami.krbprincipalname[0];
483b06
-                }
483b06
+                that.whoami.metadata = data;
483b06
+
483b06
+                rpc.command({
483b06
+                    method: data.details || data.command,
483b06
+                    args: data.arguments,
483b06
+                    options: function() {
483b06
+                        var options = data.options || [];
483b06
+                        $.extend(options, {all: true});
483b06
+                        return options;
483b06
+                    }(),
483b06
+                    on_success: function(data, text_status, xhr) {
483b06
+                        that.whoami.data = false ? data.result[0] : data.result.result;
483b06
+                        var entity = that.whoami.metadata.object;
483b06
+
483b06
+                        if (entity === 'user') {
483b06
+                            var cn = that.whoami.data.krbcanonicalname;
483b06
+                            if (cn) that.principal = cn[0];
483b06
+                            if (!that.principal) {
483b06
+                                that.principal = that.whoami.data.krbprincipalname[0];
483b06
+                            }
483b06
+                        } else if (entity === 'idoverrideuser') {
483b06
+                            that.principal = that.whoami.data.ipaoriginaluid[0];
483b06
+                        }
483b06
+                    }
483b06
+                }).execute();
483b06
             }
483b06
         });
483b06
     };
483b06
@@ -616,7 +631,7 @@ IPA.update_password_expiration = function() {
483b06
 
483b06
     var now, expires, notify_days, diff, message, container, notify;
483b06
 
483b06
-    expires = rpc.extract_objects(IPA.whoami.krbpasswordexpiration);
483b06
+    expires = rpc.extract_objects(IPA.whoami.data.krbpasswordexpiration);
483b06
     expires = expires ? datetime.parse(expires[0]) : null;
483b06
 
483b06
     notify_days = IPA.server_config.ipapwdexpadvnotify;
483b06
@@ -650,13 +665,13 @@ IPA.update_password_expiration = function() {
483b06
 IPA.password_selfservice = function() {
483b06
     var reset_dialog = builder.build('dialog', {
483b06
         $type: 'user_password',
483b06
-        args: [IPA.whoami.uid[0]]
483b06
+        args: [IPA.whoami.data.uid[0]]
483b06
     });
483b06
     reset_dialog.succeeded.attach(function() {
483b06
         var command = IPA.get_whoami_command();
483b06
         var orig_on_success = command.on_success;
483b06
         command.on_success = function(data, text_status, xhr) {
483b06
-            orig_on_success.call(this, data, text_status, xhr);
483b06
+            orig_on_success.call(this, data.result, text_status, xhr);
483b06
             IPA.update_password_expiration();
483b06
         };
483b06
         command.execute();
483b06
diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js
483b06
index 4f78e4bf9ba25bf2f7585e38086b1cbc6db34026..9329694c14a47cbe1ec244554327b40743044d7b 100644
483b06
--- a/install/ui/src/freeipa/navigation/menu_spec.js
483b06
+++ b/install/ui/src/freeipa/navigation/menu_spec.js
483b06
@@ -353,5 +353,15 @@ nav.self_service = {
483b06
     ]
483b06
 };
483b06
 
483b06
+nav.ad_self_service = {
483b06
+    name: 'ad_self_service',
483b06
+    items: [
483b06
+        {
483b06
+            entity: 'idoverrideuser',
483b06
+            label: 'Profile'
483b06
+        }
483b06
+    ]
483b06
+};
483b06
+
483b06
 return nav;
483b06
 });
483b06
diff --git a/install/ui/src/freeipa/otptoken.js b/install/ui/src/freeipa/otptoken.js
483b06
index caa7a85523d6e63db629a3a518e8611d511f7952..1f6f20d801042a5424ecf5894658df9411723bcc 100644
483b06
--- a/install/ui/src/freeipa/otptoken.js
483b06
+++ b/install/ui/src/freeipa/otptoken.js
483b06
@@ -361,7 +361,7 @@ otptoken.adder_dialog = function(spec) {
483b06
 
483b06
         var command = that.entity_adder_dialog_create_add_command(record);
483b06
         if (that.self_service) {
483b06
-            command.set_option('ipatokenowner', IPA.whoami.uid[0]);
483b06
+            command.set_option('ipatokenowner', IPA.whoami.data.uid[0]);
483b06
         }
483b06
         return command;
483b06
     };
483b06
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
483b06
index 4bb04488b51dd43a437ab3759eb3f530afe62550..6b2bf196c31e7891d3389eb2e2774f56d88ac2ba 100644
483b06
--- a/install/ui/src/freeipa/user.js
483b06
+++ b/install/ui/src/freeipa/user.js
483b06
@@ -735,7 +735,7 @@ IPA.user.password_dialog = function(spec) {
483b06
     var that = dialogs.command_dialog(spec);
483b06
 
483b06
     that.is_self_service = function() {
483b06
-        var self_service = that.args[0] === IPA.whoami.uid[0];
483b06
+        var self_service = that.args[0] === IPA.whoami.data.uid[0];
483b06
         return self_service;
483b06
     };
483b06
 
483b06
@@ -895,7 +895,8 @@ IPA.user.self_service_other_user_evaluator = function(spec) {
483b06
         that.state = [];
483b06
 
483b06
         var value = that.adapter.load(data);
483b06
-        if (IPA.is_selfservice && IPA.whoami.uid[0] !== value[0]) {
483b06
+        if (IPA.is_aduser_selfservice ||
483b06
+            (IPA.is_selfservice && IPA.whoami.data.uid[0] !== value[0])) {
483b06
             that.state.push('self-service-other');
483b06
         }
483b06
 
483b06
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
483b06
index 9fa1b6de857cf7e21210f557befabff32da0d4ff..6feefa5941506f38f01b8016a22cad14a831e3fc 100644
483b06
--- a/ipaserver/plugins/internal.py
483b06
+++ b/ipaserver/plugins/internal.py
483b06
@@ -625,6 +625,7 @@ class i18n_messages(Command):
483b06
                 "anchor_label": _("User to override"),
483b06
                 "anchor_tooltip": _("Enter trusted or IPA user login. Note: search doesn't list users from trusted domains."),
483b06
                 "anchor_tooltip_ad": _("Enter trusted user login."),
483b06
+                "profile": _("Profile"),
483b06
             },
483b06
             "idoverridegroup": {
483b06
                 "anchor_label": _("Group to override"),
483b06
-- 
483b06
2.12.1
483b06