|
|
483b06 |
From 18e9bc2399af788399e66c3f4b28e6a7f0378b78 Mon Sep 17 00:00:00 2001
|
|
|
483b06 |
From: Pavel Vomacka <pvomacka@redhat.com>
|
|
|
483b06 |
Date: Wed, 22 Mar 2017 16:54:33 +0100
|
|
|
483b06 |
Subject: [PATCH] WebUI: Add support for login for AD users
|
|
|
483b06 |
|
|
|
483b06 |
After login, method user-find --whoami was called which cannot be
|
|
|
483b06 |
called for AD users. That method was replaced by ipa whoami command
|
|
|
483b06 |
and sequential command according to result of ipa whoami. AD user
|
|
|
483b06 |
can now be logged in.
|
|
|
483b06 |
|
|
|
483b06 |
AD users have new menu definition which contains only list of IPA
|
|
|
483b06 |
users and profile page of AD user - "User ID Override".
|
|
|
483b06 |
|
|
|
483b06 |
This commit also fixes several places where IPA.whoami object was
|
|
|
483b06 |
used, because its structure was also changed. It now contains two
|
|
|
483b06 |
objects. First one is stored in 'metadata' property and stores
|
|
|
483b06 |
result from ipa whoami (type of object, command which should be
|
|
|
483b06 |
called for showing detailed data about currently logged entity, etc).
|
|
|
483b06 |
The second one is stored in 'data' property which stores result of
|
|
|
483b06 |
_show command for currently logged entity.
|
|
|
483b06 |
|
|
|
483b06 |
https://pagure.io/freeipa/issue/3242
|
|
|
483b06 |
|
|
|
483b06 |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
483b06 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
483b06 |
---
|
|
|
483b06 |
install/ui/src/freeipa/Application_controller.js | 52 +++++++++++++++++++-----
|
|
|
483b06 |
install/ui/src/freeipa/idviews.js | 21 +++++++++-
|
|
|
483b06 |
install/ui/src/freeipa/ipa.js | 47 +++++++++++++--------
|
|
|
483b06 |
install/ui/src/freeipa/navigation/menu_spec.js | 10 +++++
|
|
|
483b06 |
install/ui/src/freeipa/otptoken.js | 2 +-
|
|
|
483b06 |
install/ui/src/freeipa/user.js | 5 ++-
|
|
|
483b06 |
ipaserver/plugins/internal.py | 1 +
|
|
|
483b06 |
7 files changed, 108 insertions(+), 30 deletions(-)
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/Application_controller.js b/install/ui/src/freeipa/Application_controller.js
|
|
|
483b06 |
index d809c1f2662609e390609270ef3ddc42f0727936..5eb4e7a5104b780761b9a5179dbfd1501a8d1478 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/Application_controller.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/Application_controller.js
|
|
|
483b06 |
@@ -31,6 +31,7 @@ define([
|
|
|
483b06 |
'./widgets/App',
|
|
|
483b06 |
'./widgets/FacetContainer',
|
|
|
483b06 |
'./ipa',
|
|
|
483b06 |
+ './rpc',
|
|
|
483b06 |
'./reg',
|
|
|
483b06 |
'./config',
|
|
|
483b06 |
'./widget',
|
|
|
483b06 |
@@ -41,7 +42,7 @@ define([
|
|
|
483b06 |
'./plugins/load_page'
|
|
|
483b06 |
],
|
|
|
483b06 |
function(declare, array, Deferred, on, topic, query, dom_class, auth,
|
|
|
483b06 |
- JSON, App_widget, FacetContainer, IPA, reg, config, widget_mod,
|
|
|
483b06 |
+ JSON, App_widget, FacetContainer, IPA, rpc, reg, config, widget_mod,
|
|
|
483b06 |
Menu, Router, routing, menu_spec) {
|
|
|
483b06 |
|
|
|
483b06 |
/**
|
|
|
483b06 |
@@ -156,7 +157,7 @@ define([
|
|
|
483b06 |
/**
|
|
|
483b06 |
* Turns off one item in user dropdown menu and remove its listener.
|
|
|
483b06 |
* @param {string} name of the user menu item which should be disabled
|
|
|
483b06 |
- * @param {Object} listener disable this listener
|
|
|
483b06 |
+ * @param {Object} listener disable di
|
|
|
483b06 |
*/
|
|
|
483b06 |
disable_user_menu_item: function(name, listener) {
|
|
|
483b06 |
this.app_widget.disable_user_menu_item(name);
|
|
|
483b06 |
@@ -179,16 +180,22 @@ define([
|
|
|
483b06 |
*/
|
|
|
483b06 |
choose_profile: function() {
|
|
|
483b06 |
|
|
|
483b06 |
- // TODO: change IPA.whoami.cn[0] to something readable
|
|
|
483b06 |
- this.update_logged_in(true, IPA.whoami.cn[0]);
|
|
|
483b06 |
+ this.update_logged_in(true);
|
|
|
483b06 |
var selfservice = this.is_selfservice();
|
|
|
483b06 |
|
|
|
483b06 |
|
|
|
483b06 |
this.app_widget.menu_widget.ignore_changes = true;
|
|
|
483b06 |
|
|
|
483b06 |
if (selfservice) {
|
|
|
483b06 |
- this.menu.name = menu_spec.self_service.name;
|
|
|
483b06 |
- this.menu.add_items(menu_spec.self_service.items);
|
|
|
483b06 |
+ if (this.is_aduser_selfservice()) {
|
|
|
483b06 |
+ this.menu.name = menu_spec.ad_self_service.name;
|
|
|
483b06 |
+ this.menu.add_items(menu_spec.ad_self_service.items);
|
|
|
483b06 |
+ this.disable_user_menu_item('password_reset',
|
|
|
483b06 |
+ this.on_passwd_reset_listener);
|
|
|
483b06 |
+ } else {
|
|
|
483b06 |
+ this.menu.name = menu_spec.self_service.name;
|
|
|
483b06 |
+ this.menu.add_items(menu_spec.self_service.items);
|
|
|
483b06 |
+ }
|
|
|
483b06 |
} else {
|
|
|
483b06 |
this.menu.name = menu_spec.admin.name;
|
|
|
483b06 |
this.menu.add_items(menu_spec.admin.items);
|
|
|
483b06 |
@@ -232,10 +239,9 @@ define([
|
|
|
483b06 |
},
|
|
|
483b06 |
|
|
|
483b06 |
is_selfservice: function() {
|
|
|
483b06 |
- var whoami = IPA.whoami;
|
|
|
483b06 |
+ var whoami = IPA.whoami.data;
|
|
|
483b06 |
var self_service = true;
|
|
|
483b06 |
|
|
|
483b06 |
-
|
|
|
483b06 |
if (whoami.hasOwnProperty('memberof_group') &&
|
|
|
483b06 |
whoami.memberof_group.indexOf('admins') !== -1) {
|
|
|
483b06 |
self_service = false;
|
|
|
483b06 |
@@ -255,13 +261,39 @@ define([
|
|
|
483b06 |
return self_service;
|
|
|
483b06 |
},
|
|
|
483b06 |
|
|
|
483b06 |
- update_logged_in: function(logged_in, fullname) {
|
|
|
483b06 |
+ is_aduser_selfservice: function() {
|
|
|
483b06 |
+ var selfservice = IPA.whoami.metadata.object === 'idoverrideuser';
|
|
|
483b06 |
+ // quite ugly, needed for users and iduseroverride to hide breadcrumb
|
|
|
483b06 |
+ IPA.is_aduser_selfservice = selfservice;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ return selfservice;
|
|
|
483b06 |
+ },
|
|
|
483b06 |
+
|
|
|
483b06 |
+ update_logged_in: function(logged_in) {
|
|
|
483b06 |
this.app_widget.set('logged', logged_in);
|
|
|
483b06 |
+
|
|
|
483b06 |
+ var whoami = IPA.whoami;
|
|
|
483b06 |
+ var fullname = '';
|
|
|
483b06 |
+ var entity = whoami.metadata.object;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ if (whoami.data.cn) {
|
|
|
483b06 |
+ fullname = whoami.data.cn[0];
|
|
|
483b06 |
+ } else if (whoami.data.displayname) {
|
|
|
483b06 |
+ fullname = whoami.data.displayname[0];
|
|
|
483b06 |
+ } else if (whoami.data.gecos) {
|
|
|
483b06 |
+ fullname = whoami.data.gecos[0];
|
|
|
483b06 |
+ } else if (whoami.data.krbprincipalname) {
|
|
|
483b06 |
+ fullname = whoami.data.krbprincipalname[0];
|
|
|
483b06 |
+ } else if (whoami.data.ipaoriginaluid) {
|
|
|
483b06 |
+ fullname = whoami.data.ipaoriginaluid[0];
|
|
|
483b06 |
+ }
|
|
|
483b06 |
+
|
|
|
483b06 |
this.app_widget.set('fullname', fullname);
|
|
|
483b06 |
},
|
|
|
483b06 |
|
|
|
483b06 |
on_profile: function() {
|
|
|
483b06 |
- routing.navigate(['entity', 'user', 'details', [IPA.whoami.uid[0]]]);
|
|
|
483b06 |
+ routing.navigate(['entity', IPA.whoami.metadata.object, 'details',
|
|
|
483b06 |
+ IPA.whoami.metadata.arguments]);
|
|
|
483b06 |
},
|
|
|
483b06 |
|
|
|
483b06 |
on_logout: function(event) {
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js
|
|
|
483b06 |
index f383ab3be4c4ed997fb209da2da4d04835236d8a..d9133a13c2ed8970e7919bb28d06f818d832170a 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/idviews.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/idviews.js
|
|
|
483b06 |
@@ -452,6 +452,21 @@ idviews.id_override_user_details_facet = function(spec) {
|
|
|
483b06 |
return that;
|
|
|
483b06 |
};
|
|
|
483b06 |
|
|
|
483b06 |
+
|
|
|
483b06 |
+idviews.aduser_idoverrideuser_pre_op = function(spec, context) {
|
|
|
483b06 |
+ spec = spec || [];
|
|
|
483b06 |
+
|
|
|
483b06 |
+ if (!IPA.is_aduser_selfservice) return spec;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ var facet = spec.facets[0];
|
|
|
483b06 |
+ facet.label = '@i18n:objects.idoverrideuser.profile';
|
|
|
483b06 |
+ facet.actions = [];
|
|
|
483b06 |
+ facet.header_actions = [];
|
|
|
483b06 |
+ facet.disable_breadcrumb = true;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ return spec;
|
|
|
483b06 |
+};
|
|
|
483b06 |
+
|
|
|
483b06 |
/**
|
|
|
483b06 |
* @extends IPA.cert.certs_widget
|
|
|
483b06 |
*/
|
|
|
483b06 |
@@ -948,7 +963,11 @@ idviews.register = function() {
|
|
|
483b06 |
var w = reg.widget;
|
|
|
483b06 |
|
|
|
483b06 |
e.register({type: 'idview', spec: idviews.spec});
|
|
|
483b06 |
- e.register({type: 'idoverrideuser', spec: idviews.idoverrideuser_spec});
|
|
|
483b06 |
+ e.register({
|
|
|
483b06 |
+ type: 'idoverrideuser',
|
|
|
483b06 |
+ spec: idviews.idoverrideuser_spec,
|
|
|
483b06 |
+ pre_ops: [idviews.aduser_idoverrideuser_pre_op]
|
|
|
483b06 |
+ });
|
|
|
483b06 |
e.register({type: 'idoverridegroup', spec: idviews.idoverridegroup_spec});
|
|
|
483b06 |
f.copy('attribute', 'idview_appliedtohosts', {
|
|
|
483b06 |
factory: idviews.appliedtohosts_facet
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js
|
|
|
483b06 |
index 0ddbd0744d699cacddb3970e5ec7cb72b9dbf4f4..2538001c94141b823d634ca63327a66fd148129f 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/ipa.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/ipa.js
|
|
|
483b06 |
@@ -86,7 +86,8 @@ var IPA = function () {
|
|
|
483b06 |
/**
|
|
|
483b06 |
* User information
|
|
|
483b06 |
*
|
|
|
483b06 |
- * - output of ipa user-find --whoami
|
|
|
483b06 |
+ * - output of ipa whoami in that.whoami.metadata and then object_show method
|
|
|
483b06 |
+ * in that.whoami.data
|
|
|
483b06 |
*/
|
|
|
483b06 |
that.whoami = {};
|
|
|
483b06 |
|
|
|
483b06 |
@@ -263,19 +264,33 @@ var IPA = function () {
|
|
|
483b06 |
*/
|
|
|
483b06 |
that.get_whoami_command = function(batch) {
|
|
|
483b06 |
return rpc.command({
|
|
|
483b06 |
- entity: 'user',
|
|
|
483b06 |
- method: 'find',
|
|
|
483b06 |
- options: {
|
|
|
483b06 |
- whoami: true,
|
|
|
483b06 |
- all: true
|
|
|
483b06 |
- },
|
|
|
483b06 |
+ method: 'whoami',
|
|
|
483b06 |
on_success: function(data, text_status, xhr) {
|
|
|
483b06 |
- that.whoami = batch ? data.result[0] : data.result.result[0];
|
|
|
483b06 |
- var cn = that.whoami.krbcanonicalname;
|
|
|
483b06 |
- if (cn) that.principal = cn[0];
|
|
|
483b06 |
- if (!that.principal) {
|
|
|
483b06 |
- that.principal = that.whoami.krbprincipalname[0];
|
|
|
483b06 |
- }
|
|
|
483b06 |
+ that.whoami.metadata = data;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ rpc.command({
|
|
|
483b06 |
+ method: data.details || data.command,
|
|
|
483b06 |
+ args: data.arguments,
|
|
|
483b06 |
+ options: function() {
|
|
|
483b06 |
+ var options = data.options || [];
|
|
|
483b06 |
+ $.extend(options, {all: true});
|
|
|
483b06 |
+ return options;
|
|
|
483b06 |
+ }(),
|
|
|
483b06 |
+ on_success: function(data, text_status, xhr) {
|
|
|
483b06 |
+ that.whoami.data = false ? data.result[0] : data.result.result;
|
|
|
483b06 |
+ var entity = that.whoami.metadata.object;
|
|
|
483b06 |
+
|
|
|
483b06 |
+ if (entity === 'user') {
|
|
|
483b06 |
+ var cn = that.whoami.data.krbcanonicalname;
|
|
|
483b06 |
+ if (cn) that.principal = cn[0];
|
|
|
483b06 |
+ if (!that.principal) {
|
|
|
483b06 |
+ that.principal = that.whoami.data.krbprincipalname[0];
|
|
|
483b06 |
+ }
|
|
|
483b06 |
+ } else if (entity === 'idoverrideuser') {
|
|
|
483b06 |
+ that.principal = that.whoami.data.ipaoriginaluid[0];
|
|
|
483b06 |
+ }
|
|
|
483b06 |
+ }
|
|
|
483b06 |
+ }).execute();
|
|
|
483b06 |
}
|
|
|
483b06 |
});
|
|
|
483b06 |
};
|
|
|
483b06 |
@@ -616,7 +631,7 @@ IPA.update_password_expiration = function() {
|
|
|
483b06 |
|
|
|
483b06 |
var now, expires, notify_days, diff, message, container, notify;
|
|
|
483b06 |
|
|
|
483b06 |
- expires = rpc.extract_objects(IPA.whoami.krbpasswordexpiration);
|
|
|
483b06 |
+ expires = rpc.extract_objects(IPA.whoami.data.krbpasswordexpiration);
|
|
|
483b06 |
expires = expires ? datetime.parse(expires[0]) : null;
|
|
|
483b06 |
|
|
|
483b06 |
notify_days = IPA.server_config.ipapwdexpadvnotify;
|
|
|
483b06 |
@@ -650,13 +665,13 @@ IPA.update_password_expiration = function() {
|
|
|
483b06 |
IPA.password_selfservice = function() {
|
|
|
483b06 |
var reset_dialog = builder.build('dialog', {
|
|
|
483b06 |
$type: 'user_password',
|
|
|
483b06 |
- args: [IPA.whoami.uid[0]]
|
|
|
483b06 |
+ args: [IPA.whoami.data.uid[0]]
|
|
|
483b06 |
});
|
|
|
483b06 |
reset_dialog.succeeded.attach(function() {
|
|
|
483b06 |
var command = IPA.get_whoami_command();
|
|
|
483b06 |
var orig_on_success = command.on_success;
|
|
|
483b06 |
command.on_success = function(data, text_status, xhr) {
|
|
|
483b06 |
- orig_on_success.call(this, data, text_status, xhr);
|
|
|
483b06 |
+ orig_on_success.call(this, data.result, text_status, xhr);
|
|
|
483b06 |
IPA.update_password_expiration();
|
|
|
483b06 |
};
|
|
|
483b06 |
command.execute();
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js
|
|
|
483b06 |
index 4f78e4bf9ba25bf2f7585e38086b1cbc6db34026..9329694c14a47cbe1ec244554327b40743044d7b 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/navigation/menu_spec.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/navigation/menu_spec.js
|
|
|
483b06 |
@@ -353,5 +353,15 @@ nav.self_service = {
|
|
|
483b06 |
]
|
|
|
483b06 |
};
|
|
|
483b06 |
|
|
|
483b06 |
+nav.ad_self_service = {
|
|
|
483b06 |
+ name: 'ad_self_service',
|
|
|
483b06 |
+ items: [
|
|
|
483b06 |
+ {
|
|
|
483b06 |
+ entity: 'idoverrideuser',
|
|
|
483b06 |
+ label: 'Profile'
|
|
|
483b06 |
+ }
|
|
|
483b06 |
+ ]
|
|
|
483b06 |
+};
|
|
|
483b06 |
+
|
|
|
483b06 |
return nav;
|
|
|
483b06 |
});
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/otptoken.js b/install/ui/src/freeipa/otptoken.js
|
|
|
483b06 |
index caa7a85523d6e63db629a3a518e8611d511f7952..1f6f20d801042a5424ecf5894658df9411723bcc 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/otptoken.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/otptoken.js
|
|
|
483b06 |
@@ -361,7 +361,7 @@ otptoken.adder_dialog = function(spec) {
|
|
|
483b06 |
|
|
|
483b06 |
var command = that.entity_adder_dialog_create_add_command(record);
|
|
|
483b06 |
if (that.self_service) {
|
|
|
483b06 |
- command.set_option('ipatokenowner', IPA.whoami.uid[0]);
|
|
|
483b06 |
+ command.set_option('ipatokenowner', IPA.whoami.data.uid[0]);
|
|
|
483b06 |
}
|
|
|
483b06 |
return command;
|
|
|
483b06 |
};
|
|
|
483b06 |
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
|
|
|
483b06 |
index 4bb04488b51dd43a437ab3759eb3f530afe62550..6b2bf196c31e7891d3389eb2e2774f56d88ac2ba 100644
|
|
|
483b06 |
--- a/install/ui/src/freeipa/user.js
|
|
|
483b06 |
+++ b/install/ui/src/freeipa/user.js
|
|
|
483b06 |
@@ -735,7 +735,7 @@ IPA.user.password_dialog = function(spec) {
|
|
|
483b06 |
var that = dialogs.command_dialog(spec);
|
|
|
483b06 |
|
|
|
483b06 |
that.is_self_service = function() {
|
|
|
483b06 |
- var self_service = that.args[0] === IPA.whoami.uid[0];
|
|
|
483b06 |
+ var self_service = that.args[0] === IPA.whoami.data.uid[0];
|
|
|
483b06 |
return self_service;
|
|
|
483b06 |
};
|
|
|
483b06 |
|
|
|
483b06 |
@@ -895,7 +895,8 @@ IPA.user.self_service_other_user_evaluator = function(spec) {
|
|
|
483b06 |
that.state = [];
|
|
|
483b06 |
|
|
|
483b06 |
var value = that.adapter.load(data);
|
|
|
483b06 |
- if (IPA.is_selfservice && IPA.whoami.uid[0] !== value[0]) {
|
|
|
483b06 |
+ if (IPA.is_aduser_selfservice ||
|
|
|
483b06 |
+ (IPA.is_selfservice && IPA.whoami.data.uid[0] !== value[0])) {
|
|
|
483b06 |
that.state.push('self-service-other');
|
|
|
483b06 |
}
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
|
|
|
483b06 |
index 9fa1b6de857cf7e21210f557befabff32da0d4ff..6feefa5941506f38f01b8016a22cad14a831e3fc 100644
|
|
|
483b06 |
--- a/ipaserver/plugins/internal.py
|
|
|
483b06 |
+++ b/ipaserver/plugins/internal.py
|
|
|
483b06 |
@@ -625,6 +625,7 @@ class i18n_messages(Command):
|
|
|
483b06 |
"anchor_label": _("User to override"),
|
|
|
483b06 |
"anchor_tooltip": _("Enter trusted or IPA user login. Note: search doesn't list users from trusted domains."),
|
|
|
483b06 |
"anchor_tooltip_ad": _("Enter trusted user login."),
|
|
|
483b06 |
+ "profile": _("Profile"),
|
|
|
483b06 |
},
|
|
|
483b06 |
"idoverridegroup": {
|
|
|
483b06 |
"anchor_label": _("Group to override"),
|
|
|
483b06 |
--
|
|
|
483b06 |
2.12.1
|
|
|
483b06 |
|