[Kimchi-devel] [PATCH 0/4 V2] Let frontend redirect user after logging
Wen Wang
wenwang at linux.vnet.ibm.com
Mon Jul 21 05:24:44 UTC 2014
On 07/18/2014 08:18 PM, Aline Manera wrote:
>
> On 07/17/2014 11:49 PM, Wen Wang wrote:
>>
>> On 07/17/2014 08:09 PM, Aline Manera wrote:
>>>
>>> On 07/17/2014 12:38 AM, Wen Wang wrote:
>>>> Thanks Aline. There is a problem with this patch is that after
>>>> login , connect to a VM and copy the vnc link. Then close both
>>>> kimchi and vnc, you will get to vnc with the link you copied as
>>>> well as kimchi again without asking for a password.
>>>
>>> Hi Wen Wang,
>>>
>>> This is working as design as you didn't logout from Kimchi
>>> interface, the session is still alive in cherrypy server because
>>> that you are not asked for authentication
>>>
>>> If you check the current code on master branch you will see it also
>>> behaves like that
>> Thanks Aline,
>>
>> Thanks for the clearify. I found out even after closing the browser,
>> paste the url you copied from either kimchi or vnc, you can access
>> kimchi or vnc without asking for authentication with login page. Do
>> you think this need to be fixed?
>
> I don't have a formed opinion on that.
> I am open to hear suggestions
>
> From one side, we have the timeout session, i.e. if browser is closed
> for more than 10 minutes the session will timeout and the user will be
> asked for login
>
> But in other hand, we could logout user when he/she closes the browser
> window to improve security.
That sounds great! From the same browser I think it's probably okay if
user closes the tabs and enter kimchi again with the same browser.
Letting user re-login after closing browser could probably be better. I
will send an RFC mail later and hear from opinions from others
>
>>>
>>>>
>>>> Best Regards
>>>> Wang Wen
>>>>
>>>> On 07/17/2014 12:44 AM, alinefm at linux.vnet.ibm.com wrote:
>>>>> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>>>>>
>>>>> V1 -> V2:
>>>>> - Turn back next_url parameter to fix problems mentioned by Wen Wang
>>>>> - Use urllib2.quote() to encode next_url in backend
>>>>> - Use decodeURIcomponent() to decode next_url in JS
>>>>>
>>>>> Aline Manera (4):
>>>>> Update test case to reflect new login design
>>>>> Remove former login design files
>>>>> Remove special console rules from nginx configuration
>>>>> Let frontend redirect user after logging
>>>>>
>>>>> src/kimchi/auth.py | 9 +--
>>>>> src/kimchi/root.py | 19 +----
>>>>> src/nginx.conf.in | 11 ---
>>>>> tests/test_rest.py | 2 +-
>>>>> ui/css/theme-default/login-window.css | 90
>>>>> ------------------------
>>>>> ui/js/src/kimchi.login.js | 71 +++++++++++++++++++
>>>>> ui/js/src/kimchi.login_window.js | 128
>>>>> ----------------------------------
>>>>> ui/pages/login-window.html.tmpl | 53 --------------
>>>>> ui/pages/login.html.tmpl | 36 ++--------
>>>>> 9 files changed, 79 insertions(+), 340 deletions(-)
>>>>> delete mode 100644 ui/css/theme-default/login-window.css
>>>>> create mode 100644 ui/js/src/kimchi.login.js
>>>>> delete mode 100644 ui/js/src/kimchi.login_window.js
>>>>> delete mode 100644 ui/pages/login-window.html.tmpl
>>>>>
>>>>
>>>> _______________________________________________
>>>> Kimchi-devel mailing list
>>>> Kimchi-devel at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>>>>
>>>
>>
>
More information about the Kimchi-devel
mailing list