[PATCH 0/4 V2] Let frontend redirect user after logging
From: Aline Manera <alinefm@linux.vnet.ibm.com> V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> After switching to the traditional login design, /login-window.html was replaced by /login.html so update test case accordingly. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- tests/test_rest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_rest.py b/tests/test_rest.py index 694d907..e1f1821 100644 --- a/tests/test_rest.py +++ b/tests/test_rest.py @@ -1496,7 +1496,7 @@ def test_auth_unprotected(self): '/css/theme-default.min.css', '/libs/jquery-1.10.0.min.js', '/images/icon-vm.png', - '/login-window.html', + '/login.html', '/logout'] for uri in uris: resp = self.request(uri, None, 'HEAD', hdrs) -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> ui/css/theme-default/login-window.css, ui/js/src/kimchi.login_window.js and ui/pages/login-window.html.tmpl are not being used anymore since Kimchi switched to the traditional login flow. So remove them. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- 3 files changed, 271 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl diff --git a/ui/css/theme-default/login-window.css b/ui/css/theme-default/login-window.css deleted file mode 100644 index f4ad5f8..0000000 --- a/ui/css/theme-default/login-window.css +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#login-window { - height: 360px; - width: 400px; -} - -#login-window>header>.title-text { - front: #000000; - font-size: 18px; - height: 48px; - line-height: 48px; - font-weight: bold; - text-shadow: -1px -1px 1px #eaeaea, 1px 1px 1px #fff; -} - -#login-window footer #form-language { - height: 48px; - line-height: 48px; - padding-right: 10px; - text-align: right; -} - -#login-window .login-panel #form-login { - padding: 40px 40px 0; -} - -#login-window>header>.logo { - display:inline; - margin: 11px 0 0 2px; - float: left; - width: 25px; - height: 25px; - background: url(../images/logo.ico) no-repeat center center; -} - -#login-window .login-panel .row { - margin-bottom: 28px; -} - -#login-window .login-panel input[type="text"], -#login-window .login-panel input[type="password"] { - font-size: 18px; - height: 40px; - padding-left: 10px; - padding-right: 10px; - width: 290px; -} - -#login-window .login-panel .msg-required { - color: red; -} - -#login-window .login-panel button { - font-size: 18px; - height: 40px; - min-width: 160px; - float: right; -} - -#login-window .login-panel button[disabled] { - background: #888; - color: #DDD; -} - -.language { - display:inline-block; - float:right; - margin:11px 10px 0 0; -} - -.i18n-selector { - padding:2px 0; - background: #FFFBF0; -} diff --git a/ui/js/src/kimchi.login_window.js b/ui/js/src/kimchi.login_window.js deleted file mode 100644 index c562159..0000000 --- a/ui/js/src/kimchi.login_window.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -kimchi.login_main = function() { - - var selectedLanguage = kimchi.lang.get(); - var languages = kimchi.lang.all(); - for(var k in languages) { - var opt = $([ - '<option value="', - k, - '">', - languages[k], - '</option>' - ].join('')).appendTo($('#language')); - $(opt).prop('selected', selectedLanguage === k); - } - - $('#language').on('change', function() { - kimchi.topic('languageChanged').publish($(this).val()); - }); - - var validateNonEmpty = function(idsArray) { - for(var i = 0; i < idsArray.length; i++) { - var id = idsArray[i]; - if (!$('#' + id).val()) { - $('#' + id + '-msg').text(i18n['KCHAUTH6002E']); - placeCursor(id); - return false; - } - else { - $('#' + id + '-msg').empty(); - } - } - - return true; - }; - - var userNameBox = $('#username'); - var passwordBox = $('#password'); - var loginButton = $('#btn-login'); - var placeCursor = function(id) { - if (id && $('#' + id).size() > 0) { - $('#' + id).focus(); - return; - } - - var userName = kimchi.user.getUserName(); - userName && !userNameBox.val() && userNameBox.val(userName); - var password = passwordBox.val(); - - var nodeToFocus = !userName ? userNameBox : !password ? passwordBox : loginButton; - - $(nodeToFocus).focus(); - }; - - var login = function(event) { - - if (!validateNonEmpty(['username', 'password'])) { - return false; - } - - loginButton.text(i18n['KCHAUTH6002M']).prop('disabled', true); - - var userName = userNameBox.val(); - userName && kimchi.user.setUserName(userName); - var settings = { - username: userName, - password: passwordBox.val() - }; - - kimchi.login(settings, function() { - var pAjax = kimchi.previousAjax; - var consoleURL = kimchi.cookie.get("console_uri"); - if (consoleURL) { - var path = /.*\/(.*?)\?.*/g.exec(consoleURL)[1]; - var query = consoleURL.substr(consoleURL.indexOf("?") + 1); - - var proxy_port = /.*port=(.*?)(&|$)/g.exec(consoleURL)[1]; - var http_port = /.*kimchi=(.*?)(&|$)/g.exec(consoleURL); - var kimchi_port = http_port ? http_port[1] : location.port; - - url = location.protocol + "//" + location.hostname; - url += ":" + proxy_port + "/console.html?url=" + path; - url += "&" + query; - url += "&kimchi=" + kimchi_port; - - kimchi.cookie.remove("console_uri"); - window.location.replace(url) - } - else if (pAjax && true === pAjax['resend']) { - pAjax['error'] = pAjax['originalError']; - $.ajax(pAjax); - kimchi.previousAjax = null; - } - else if(pAjax) { - window.location.reload(); - } - - kimchi.user.showUser(true); - kimchi.window.close(); - }, function() { - kimchi.message.error.code('KCHAUTH6001E'); - $('#btn-login').prop('disabled', false).text(i18n['KCHAUTH6001M']); - placeCursor('username'); - }); - - return false; - }; - - $('#form-login').on('submit', login); - - setTimeout(placeCursor, 0); -}; diff --git a/ui/pages/login-window.html.tmpl b/ui/pages/login-window.html.tmpl deleted file mode 100644 index 3e451c4..0000000 --- a/ui/pages/login-window.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -#* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *# -#unicode UTF-8 -#import gettext -#from kimchi.cachebust import href -#silent t = gettext.translation($lang.domain, $lang.localedir, languages=$lang.lang) -#silent _ = t.gettext -#silent _t = t.gettext -<div id="login-window" class="window"> - <header> - <div class="logo"></div> - <span class="title">$_("Log In")</span> - <form id="form-language" class="language" action="" method="GET"> - <div id="lang-selection-wrapper"> - <select id="language" class="i18n-selector"></select> - </div> - </form> - </header> - <div class="content login-panel"> - <form id="form-login" action="/login" method="POST"> - <div class="row"> - <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" /> - <div id="username-msg" class="msg-required"></div> - </div> - <div class="row"> - <input type="password" id="password" name="password" required="required" placeholder="$_("Password")" /> - <div id="password-msg" class="msg-required"></div> - </div> - <div class="row"> - <button id="btn-login" class="btn-normal">$_("Log in")</button> - </div> - </form> - </div> -</div> - -<script type="text/javascript"> - kimchi.login_main(); -</script> -- 1.9.3
Hi, Aline, *ui/css/theme-default/login-window.css* cannot be deleted or else the login page cannot build from the css. Please attach it back and all the frontend work for the authorization is done by applying your patches first. Thanks Wen Wang On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera<alinefm@linux.vnet.ibm.com>
ui/css/theme-default/login-window.css, ui/js/src/kimchi.login_window.js and ui/pages/login-window.html.tmpl are not being used anymore since Kimchi switched to the traditional login flow. So remove them.
Signed-off-by: Aline Manera<alinefm@linux.vnet.ibm.com> --- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- 3 files changed, 271 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
diff --git a/ui/css/theme-default/login-window.css b/ui/css/theme-default/login-window.css deleted file mode 100644 index f4ad5f8..0000000 --- a/ui/css/theme-default/login-window.css +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#login-window { - height: 360px; - width: 400px; -} - -#login-window>header>.title-text { - front: #000000; - font-size: 18px; - height: 48px; - line-height: 48px; - font-weight: bold; - text-shadow: -1px -1px 1px #eaeaea, 1px 1px 1px #fff; -} - -#login-window footer #form-language { - height: 48px; - line-height: 48px; - padding-right: 10px; - text-align: right; -} - -#login-window .login-panel #form-login { - padding: 40px 40px 0; -} - -#login-window>header>.logo { - display:inline; - margin: 11px 0 0 2px; - float: left; - width: 25px; - height: 25px; - background: url(../images/logo.ico) no-repeat center center; -} - -#login-window .login-panel .row { - margin-bottom: 28px; -} - -#login-window .login-panel input[type="text"], -#login-window .login-panel input[type="password"] { - font-size: 18px; - height: 40px; - padding-left: 10px; - padding-right: 10px; - width: 290px; -} - -#login-window .login-panel .msg-required { - color: red; -} - -#login-window .login-panel button { - font-size: 18px; - height: 40px; - min-width: 160px; - float: right; -} - -#login-window .login-panel button[disabled] { - background: #888; - color: #DDD; -} - -.language { - display:inline-block; - float:right; - margin:11px 10px 0 0; -} - -.i18n-selector { - padding:2px 0; - background: #FFFBF0; -} diff --git a/ui/js/src/kimchi.login_window.js b/ui/js/src/kimchi.login_window.js deleted file mode 100644 index c562159..0000000 --- a/ui/js/src/kimchi.login_window.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -kimchi.login_main = function() { - - var selectedLanguage = kimchi.lang.get(); - var languages = kimchi.lang.all(); - for(var k in languages) { - var opt = $([ - '<option value="', - k, - '">', - languages[k], - '</option>' - ].join('')).appendTo($('#language')); - $(opt).prop('selected', selectedLanguage === k); - } - - $('#language').on('change', function() { - kimchi.topic('languageChanged').publish($(this).val()); - }); - - var validateNonEmpty = function(idsArray) { - for(var i = 0; i < idsArray.length; i++) { - var id = idsArray[i]; - if (!$('#' + id).val()) { - $('#' + id + '-msg').text(i18n['KCHAUTH6002E']); - placeCursor(id); - return false; - } - else { - $('#' + id + '-msg').empty(); - } - } - - return true; - }; - - var userNameBox = $('#username'); - var passwordBox = $('#password'); - var loginButton = $('#btn-login'); - var placeCursor = function(id) { - if (id && $('#' + id).size() > 0) { - $('#' + id).focus(); - return; - } - - var userName = kimchi.user.getUserName(); - userName && !userNameBox.val() && userNameBox.val(userName); - var password = passwordBox.val(); - - var nodeToFocus = !userName ? userNameBox : !password ? passwordBox : loginButton; - - $(nodeToFocus).focus(); - }; - - var login = function(event) { - - if (!validateNonEmpty(['username', 'password'])) { - return false; - } - - loginButton.text(i18n['KCHAUTH6002M']).prop('disabled', true); - - var userName = userNameBox.val(); - userName && kimchi.user.setUserName(userName); - var settings = { - username: userName, - password: passwordBox.val() - }; - - kimchi.login(settings, function() { - var pAjax = kimchi.previousAjax; - var consoleURL = kimchi.cookie.get("console_uri"); - if (consoleURL) { - var path = /.*\/(.*?)\?.*/g.exec(consoleURL)[1]; - var query = consoleURL.substr(consoleURL.indexOf("?") + 1); - - var proxy_port = /.*port=(.*?)(&|$)/g.exec(consoleURL)[1]; - var http_port = /.*kimchi=(.*?)(&|$)/g.exec(consoleURL); - var kimchi_port = http_port ? http_port[1] : location.port; - - url = location.protocol + "//" + location.hostname; - url += ":" + proxy_port + "/console.html?url=" + path; - url += "&" + query; - url += "&kimchi=" + kimchi_port; - - kimchi.cookie.remove("console_uri"); - window.location.replace(url) - } - else if (pAjax && true === pAjax['resend']) { - pAjax['error'] = pAjax['originalError']; - $.ajax(pAjax); - kimchi.previousAjax = null; - } - else if(pAjax) { - window.location.reload(); - } - - kimchi.user.showUser(true); - kimchi.window.close(); - }, function() { - kimchi.message.error.code('KCHAUTH6001E'); - $('#btn-login').prop('disabled', false).text(i18n['KCHAUTH6001M']); - placeCursor('username'); - }); - - return false; - }; - - $('#form-login').on('submit', login); - - setTimeout(placeCursor, 0); -}; diff --git a/ui/pages/login-window.html.tmpl b/ui/pages/login-window.html.tmpl deleted file mode 100644 index 3e451c4..0000000 --- a/ui/pages/login-window.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -#* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *# -#unicode UTF-8 -#import gettext -#from kimchi.cachebust import href -#silent t = gettext.translation($lang.domain, $lang.localedir, languages=$lang.lang) -#silent _ = t.gettext -#silent _t = t.gettext -<div id="login-window" class="window"> - <header> - <div class="logo"></div> - <span class="title">$_("Log In")</span> - <form id="form-language" class="language" action="" method="GET"> - <div id="lang-selection-wrapper"> - <select id="language" class="i18n-selector"></select> - </div> - </form> - </header> - <div class="content login-panel"> - <form id="form-login" action="/login" method="POST"> - <div class="row"> - <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" /> - <div id="username-msg" class="msg-required"></div> - </div> - <div class="row"> - <input type="password" id="password" name="password" required="required" placeholder="$_("Password")" /> - <div id="password-msg" class="msg-required"></div> - </div> - <div class="row"> - <button id="btn-login" class="btn-normal">$_("Log in")</button> - </div> - </form> - </div> -</div> - -<script type="text/javascript"> - kimchi.login_main(); -</script>
Hi, Aline, *ui/css/theme-default/login-window.css* cannot be deleted or else the login page cannot build from the css. Please attach it back and all the frontend work for the authorization is done by applying your patches first. Thanks Wen Wang On 7/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
ui/css/theme-default/login-window.css, ui/js/src/kimchi.login_window.js and ui/pages/login-window.html.tmpl are not being used anymore since Kimchi switched to the traditional login flow. So remove them.
Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- 3 files changed, 271 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
diff --git a/ui/css/theme-default/login-window.css b/ui/css/theme-default/login-window.css deleted file mode 100644 index f4ad5f8..0000000 --- a/ui/css/theme-default/login-window.css +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#login-window { - height: 360px; - width: 400px; -} - -#login-window>header>.title-text { - front: #000000; - font-size: 18px; - height: 48px; - line-height: 48px; - font-weight: bold; - text-shadow: -1px -1px 1px #eaeaea, 1px 1px 1px #fff; -} - -#login-window footer #form-language { - height: 48px; - line-height: 48px; - padding-right: 10px; - text-align: right; -} - -#login-window .login-panel #form-login { - padding: 40px 40px 0; -} - -#login-window>header>.logo { - display:inline; - margin: 11px 0 0 2px; - float: left; - width: 25px; - height: 25px; - background: url(../images/logo.ico) no-repeat center center; -} - -#login-window .login-panel .row { - margin-bottom: 28px; -} - -#login-window .login-panel input[type="text"], -#login-window .login-panel input[type="password"] { - font-size: 18px; - height: 40px; - padding-left: 10px; - padding-right: 10px; - width: 290px; -} - -#login-window .login-panel .msg-required { - color: red; -} - -#login-window .login-panel button { - font-size: 18px; - height: 40px; - min-width: 160px; - float: right; -} - -#login-window .login-panel button[disabled] { - background: #888; - color: #DDD; -} - -.language { - display:inline-block; - float:right; - margin:11px 10px 0 0; -} - -.i18n-selector { - padding:2px 0; - background: #FFFBF0; -} diff --git a/ui/js/src/kimchi.login_window.js b/ui/js/src/kimchi.login_window.js deleted file mode 100644 index c562159..0000000 --- a/ui/js/src/kimchi.login_window.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -kimchi.login_main = function() { - - var selectedLanguage = kimchi.lang.get(); - var languages = kimchi.lang.all(); - for(var k in languages) { - var opt = $([ - '<option value="', - k, - '">', - languages[k], - '</option>' - ].join('')).appendTo($('#language')); - $(opt).prop('selected', selectedLanguage === k); - } - - $('#language').on('change', function() { - kimchi.topic('languageChanged').publish($(this).val()); - }); - - var validateNonEmpty = function(idsArray) { - for(var i = 0; i < idsArray.length; i++) { - var id = idsArray[i]; - if (!$('#' + id).val()) { - $('#' + id + '-msg').text(i18n['KCHAUTH6002E']); - placeCursor(id); - return false; - } - else { - $('#' + id + '-msg').empty(); - } - } - - return true; - }; - - var userNameBox = $('#username'); - var passwordBox = $('#password'); - var loginButton = $('#btn-login'); - var placeCursor = function(id) { - if (id && $('#' + id).size() > 0) { - $('#' + id).focus(); - return; - } - - var userName = kimchi.user.getUserName(); - userName && !userNameBox.val() && userNameBox.val(userName); - var password = passwordBox.val(); - - var nodeToFocus = !userName ? userNameBox : !password ? passwordBox : loginButton; - - $(nodeToFocus).focus(); - }; - - var login = function(event) { - - if (!validateNonEmpty(['username', 'password'])) { - return false; - } - - loginButton.text(i18n['KCHAUTH6002M']).prop('disabled', true); - - var userName = userNameBox.val(); - userName && kimchi.user.setUserName(userName); - var settings = { - username: userName, - password: passwordBox.val() - }; - - kimchi.login(settings, function() { - var pAjax = kimchi.previousAjax; - var consoleURL = kimchi.cookie.get("console_uri"); - if (consoleURL) { - var path = /.*\/(.*?)\?.*/g.exec(consoleURL)[1]; - var query = consoleURL.substr(consoleURL.indexOf("?") + 1); - - var proxy_port = /.*port=(.*?)(&|$)/g.exec(consoleURL)[1]; - var http_port = /.*kimchi=(.*?)(&|$)/g.exec(consoleURL); - var kimchi_port = http_port ? http_port[1] : location.port; - - url = location.protocol + "//" + location.hostname; - url += ":" + proxy_port + "/console.html?url=" + path; - url += "&" + query; - url += "&kimchi=" + kimchi_port; - - kimchi.cookie.remove("console_uri"); - window.location.replace(url) - } - else if (pAjax && true === pAjax['resend']) { - pAjax['error'] = pAjax['originalError']; - $.ajax(pAjax); - kimchi.previousAjax = null; - } - else if(pAjax) { - window.location.reload(); - } - - kimchi.user.showUser(true); - kimchi.window.close(); - }, function() { - kimchi.message.error.code('KCHAUTH6001E'); - $('#btn-login').prop('disabled', false).text(i18n['KCHAUTH6001M']); - placeCursor('username'); - }); - - return false; - }; - - $('#form-login').on('submit', login); - - setTimeout(placeCursor, 0); -}; diff --git a/ui/pages/login-window.html.tmpl b/ui/pages/login-window.html.tmpl deleted file mode 100644 index 3e451c4..0000000 --- a/ui/pages/login-window.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -#* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *# -#unicode UTF-8 -#import gettext -#from kimchi.cachebust import href -#silent t = gettext.translation($lang.domain, $lang.localedir, languages=$lang.lang) -#silent _ = t.gettext -#silent _t = t.gettext -<div id="login-window" class="window"> - <header> - <div class="logo"></div> - <span class="title">$_("Log In")</span> - <form id="form-language" class="language" action="" method="GET"> - <div id="lang-selection-wrapper"> - <select id="language" class="i18n-selector"></select> - </div> - </form> - </header> - <div class="content login-panel"> - <form id="form-login" action="/login" method="POST"> - <div class="row"> - <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" /> - <div id="username-msg" class="msg-required"></div> - </div> - <div class="row"> - <input type="password" id="password" name="password" required="required" placeholder="$_("Password")" /> - <div id="password-msg" class="msg-required"></div> - </div> - <div class="row"> - <button id="btn-login" class="btn-normal">$_("Log in")</button> - </div> - </form> - </div> -</div> - -<script type="text/javascript"> - kimchi.login_main(); -</script>
On 07/18/2014 08:13 AM, Wen Wang wrote:
Hi, Aline,
*ui/css/theme-default/login-window.css* cannot be deleted or else the login page cannot build from the css.
Please attach it back and all the frontend work for the authorization is done by applying your patches first.
Thanks for checking and sorry for the mistake. I thought all the css needed by login.tmpl.html was here. I will turn the css file back and apply this patch set
Thanks
Wen Wang
On 7/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera<alinefm@linux.vnet.ibm.com>
ui/css/theme-default/login-window.css, ui/js/src/kimchi.login_window.js and ui/pages/login-window.html.tmpl are not being used anymore since Kimchi switched to the traditional login flow. So remove them.
Signed-off-by: Aline Manera<alinefm@linux.vnet.ibm.com> --- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- 3 files changed, 271 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
diff --git a/ui/css/theme-default/login-window.css b/ui/css/theme-default/login-window.css deleted file mode 100644 index f4ad5f8..0000000 --- a/ui/css/theme-default/login-window.css +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#login-window { - height: 360px; - width: 400px; -} - -#login-window>header>.title-text { - front: #000000; - font-size: 18px; - height: 48px; - line-height: 48px; - font-weight: bold; - text-shadow: -1px -1px 1px #eaeaea, 1px 1px 1px #fff; -} - -#login-window footer #form-language { - height: 48px; - line-height: 48px; - padding-right: 10px; - text-align: right; -} - -#login-window .login-panel #form-login { - padding: 40px 40px 0; -} - -#login-window>header>.logo { - display:inline; - margin: 11px 0 0 2px; - float: left; - width: 25px; - height: 25px; - background: url(../images/logo.ico) no-repeat center center; -} - -#login-window .login-panel .row { - margin-bottom: 28px; -} - -#login-window .login-panel input[type="text"], -#login-window .login-panel input[type="password"] { - font-size: 18px; - height: 40px; - padding-left: 10px; - padding-right: 10px; - width: 290px; -} - -#login-window .login-panel .msg-required { - color: red; -} - -#login-window .login-panel button { - font-size: 18px; - height: 40px; - min-width: 160px; - float: right; -} - -#login-window .login-panel button[disabled] { - background: #888; - color: #DDD; -} - -.language { - display:inline-block; - float:right; - margin:11px 10px 0 0; -} - -.i18n-selector { - padding:2px 0; - background: #FFFBF0; -} diff --git a/ui/js/src/kimchi.login_window.js b/ui/js/src/kimchi.login_window.js deleted file mode 100644 index c562159..0000000 --- a/ui/js/src/kimchi.login_window.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -kimchi.login_main = function() { - - var selectedLanguage = kimchi.lang.get(); - var languages = kimchi.lang.all(); - for(var k in languages) { - var opt = $([ - '<option value="', - k, - '">', - languages[k], - '</option>' - ].join('')).appendTo($('#language')); - $(opt).prop('selected', selectedLanguage === k); - } - - $('#language').on('change', function() { - kimchi.topic('languageChanged').publish($(this).val()); - }); - - var validateNonEmpty = function(idsArray) { - for(var i = 0; i < idsArray.length; i++) { - var id = idsArray[i]; - if (!$('#' + id).val()) { - $('#' + id + '-msg').text(i18n['KCHAUTH6002E']); - placeCursor(id); - return false; - } - else { - $('#' + id + '-msg').empty(); - } - } - - return true; - }; - - var userNameBox = $('#username'); - var passwordBox = $('#password'); - var loginButton = $('#btn-login'); - var placeCursor = function(id) { - if (id && $('#' + id).size() > 0) { - $('#' + id).focus(); - return; - } - - var userName = kimchi.user.getUserName(); - userName && !userNameBox.val() && userNameBox.val(userName); - var password = passwordBox.val(); - - var nodeToFocus = !userName ? userNameBox : !password ? passwordBox : loginButton; - - $(nodeToFocus).focus(); - }; - - var login = function(event) { - - if (!validateNonEmpty(['username', 'password'])) { - return false; - } - - loginButton.text(i18n['KCHAUTH6002M']).prop('disabled', true); - - var userName = userNameBox.val(); - userName && kimchi.user.setUserName(userName); - var settings = { - username: userName, - password: passwordBox.val() - }; - - kimchi.login(settings, function() { - var pAjax = kimchi.previousAjax; - var consoleURL = kimchi.cookie.get("console_uri"); - if (consoleURL) { - var path = /.*\/(.*?)\?.*/g.exec(consoleURL)[1]; - var query = consoleURL.substr(consoleURL.indexOf("?") + 1); - - var proxy_port = /.*port=(.*?)(&|$)/g.exec(consoleURL)[1]; - var http_port = /.*kimchi=(.*?)(&|$)/g.exec(consoleURL); - var kimchi_port = http_port ? http_port[1] : location.port; - - url = location.protocol + "//" + location.hostname; - url += ":" + proxy_port + "/console.html?url=" + path; - url += "&" + query; - url += "&kimchi=" + kimchi_port; - - kimchi.cookie.remove("console_uri"); - window.location.replace(url) - } - else if (pAjax && true === pAjax['resend']) { - pAjax['error'] = pAjax['originalError']; - $.ajax(pAjax); - kimchi.previousAjax = null; - } - else if(pAjax) { - window.location.reload(); - } - - kimchi.user.showUser(true); - kimchi.window.close(); - }, function() { - kimchi.message.error.code('KCHAUTH6001E'); - $('#btn-login').prop('disabled', false).text(i18n['KCHAUTH6001M']); - placeCursor('username'); - }); - - return false; - }; - - $('#form-login').on('submit', login); - - setTimeout(placeCursor, 0); -}; diff --git a/ui/pages/login-window.html.tmpl b/ui/pages/login-window.html.tmpl deleted file mode 100644 index 3e451c4..0000000 --- a/ui/pages/login-window.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -#* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *# -#unicode UTF-8 -#import gettext -#from kimchi.cachebust import href -#silent t = gettext.translation($lang.domain, $lang.localedir, languages=$lang.lang) -#silent _ = t.gettext -#silent _t = t.gettext -<div id="login-window" class="window"> - <header> - <div class="logo"></div> - <span class="title">$_("Log In")</span> - <form id="form-language" class="language" action="" method="GET"> - <div id="lang-selection-wrapper"> - <select id="language" class="i18n-selector"></select> - </div> - </form> - </header> - <div class="content login-panel"> - <form id="form-login" action="/login" method="POST"> - <div class="row"> - <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" /> - <div id="username-msg" class="msg-required"></div> - </div> - <div class="row"> - <input type="password" id="password" name="password" required="required" placeholder="$_("Password")" /> - <div id="password-msg" class="msg-required"></div> - </div> - <div class="row"> - <button id="btn-login" class="btn-normal">$_("Log in")</button> - </div> - </form> - </div> -</div> - -<script type="text/javascript"> - kimchi.login_main(); -</script>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
From: Aline Manera <alinefm@linux.vnet.ibm.com> @consoleauth was used to know the console URL to redirect user after login. As Kimchi is using the "next" URL paramter to do that, this rule can be removed. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/nginx.conf.in | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/nginx.conf.in b/src/nginx.conf.in index 38e643d..3a8dfc5 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -56,17 +56,6 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http://127.0.0.1:$kimchid_port/ https://$host:$proxy_ssl_port/; } - - location ~/(vnc_auto|spice\.html) { - proxy_pass http://127.0.0.1:$kimchid_port; - proxy_intercept_errors on; - error_page 401 @consoleauth; - } - - location @consoleauth { - add_header Set-Cookie "console_uri=$request_uri"; - return https://$host:$proxy_ssl_port/; - } } server { -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> The frontend should redirect user after logging so it can properly store the user information returned by /login for authorization matters. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/auth.py | 9 ++---- src/kimchi/root.py | 19 +------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++++++++++++++++++++++++++++++ ui/pages/login.html.tmpl | 36 +++--------------------- 4 files changed, 78 insertions(+), 57 deletions(-) create mode 100644 ui/js/src/kimchi.login.js diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py index 6a4a610..971faf7 100644 --- a/src/kimchi/auth.py +++ b/src/kimchi/auth.py @@ -28,6 +28,7 @@ import re import termios import time +import urllib2 from kimchi import template @@ -45,7 +46,7 @@ def redirect_login(): url = "/login.html" if cherrypy.request.path_info.endswith(".html"): next_url = cherrypy.serving.request.request_line.split()[1] - next_url = base64.urlsafe_b64encode(next_url) + next_url = urllib2.quote(next_url.encode('utf-8'), safe="") url = "/login.html?next=%s" % next_url raise cherrypy.HTTPRedirect(url, 303) @@ -203,12 +204,6 @@ def login(username, password, **kwargs): debug("User cannot be verified with the supplied password") return None except PAM.error, (resp, code): - if (cherrypy.request.path_info == "/login" and - not template.can_accept('application/json')): - next_url = kwargs.get("next") - url = "/login.html?error=userPassWrong" - url = url if next_url is None else url + "&next=%s" % next_url - raise cherrypy.HTTPRedirect(url, 303) msg_args = {'username': username, 'code': code} raise OperationFailed("KCHAUTH0001E", msg_args) diff --git a/src/kimchi/root.py b/src/kimchi/root.py index 6d1bd19..dec5862 100644 --- a/src/kimchi/root.py +++ b/src/kimchi/root.py @@ -128,24 +128,7 @@ def __init__(self, model, dev_env): self.messages = messages @cherrypy.expose - def login(self, *args, **kwargs): - username = kwargs.get('username') - password = kwargs.get('password') - # traditional form base authentication - kwa = {} - if username is not None: - # UI can parser the redirect url by "next" query parameter - next_url = kwargs.get('next') - next_url = next_url[0] if(type(next_url) is list) else next_url - if next_url is None: - lastPage = cherrypy.request.cookie.get("lastPage") - next_url = lastPage.value if lastPage is not None else "/" - else: - kwa = {"next": next_url.encode("utf-8")} - next_url = base64.urlsafe_b64decode(next_url.encode("utf-8")) - auth.login(username, password, **kwa) - raise cherrypy.HTTPRedirect(next_url, 303) - + def login(self, *args): try: params = parse_request() username = params['username'] diff --git a/ui/js/src/kimchi.login.js b/ui/js/src/kimchi.login.js new file mode 100644 index 0000000..72d2ee3 --- /dev/null +++ b/ui/js/src/kimchi.login.js @@ -0,0 +1,71 @@ +/* + * Project Kimchi + * + * Copyright IBM, Corp. 2014 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +kimchi.login_main = function() { + + var selectedLanguage = kimchi.lang.get(); + $('#userLang').val(selectedLanguage); + + $('#userLang').on('change', function() { + kimchi.lang.set($(this).val()); + location.reload(); + }); + + var query = window.location.search; + var error = /.*error=(.*?)(&|$)/g.exec(query); + if (error && error[1] == "sessionTimeout") { + $("#messSession").show(); + } + + var userNameBox = $('#username'); + var passwordBox = $('#password'); + var loginButton = $('#btn-login'); + + var login = function(event) { + $("#login").hide() + $("#logging").show() + + var userName = userNameBox.val(); + userName && kimchi.user.setUserName(userName); + var settings = { + username: userName, + password: passwordBox.val() + }; + + kimchi.login(settings, function(data) { + var query = window.location.search; + var next = /.*next=(.*?)(&|$)/g.exec(query); + if (next) { + var next_url = decodeURIComponent(next[1]) + } + else { + var lastPage = kimchi.cookie.get('lastPage'); + var next_url = lastPage ? lastPage.replace(/\"/g,'') : "/" + } + window.location.replace(next_url) + }, function() { + $("#messUserPass").show() + $("#messSession").hide(); + $("#logging").hide() + $("#login").show() + }); + + return false; + }; + + $('#form-login').on('submit', login); +}; diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl index f8f683d..7d61a6a 100644 --- a/ui/pages/login.html.tmpl +++ b/ui/pages/login.html.tmpl @@ -32,6 +32,7 @@ <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> <link rel="shortcut icon" href="images/logo.ico"> <link rel="stylesheet" href="$href('css/theme-default.min.css')"> +<script src="$href('libs/modernizr.custom.76777.js')"></script> <script src="$href('libs/jquery-1.10.0.min.js')"></script> <script src="$href('libs/jquery-ui.min.js')"></script> <script src="$href('libs/jquery-ui-i18n.min.js')"></script> @@ -56,40 +57,11 @@ color: #C85305; } </style> -<script> -function changeLang() { - var lang = document.getElementById('userLang').value; - kimchi.cookie.set('kimchiLang', lang, 365); - window.location.reload(); -} -function setLang() { - var defaultLang = 'en_US'; - var clientLang = document.getElementsByTagName("html")[0].getAttribute("lang"); - var persistLang = kimchi.cookie.get('kimchiLang'); - document.getElementById("userLang").value = persistLang || clientLang || defaultLang; -} -function updateBtnLabel() { - document.getElementById("login").style.display = "none"; - document.getElementById("logging").style.display = ""; - kimchi.user.setUserName(document.getElementById("username").value); -} -function setMessage() { - var err = "$getVar('data.error', '')"; - if(err=="userPassWrong") - document.getElementById("messUserPass").style.display = ""; - if(err=="sessionTimeout") - document.getElementById("messSession").style.display = ""; -} -function init() { - setLang(); - setMessage(); -} -</script> </head> -<body onload="init()"> +<body onload="kimchi.login_main()"> <div class="container topbar"> <span id="logo"><img alt="Project Kimchi" src="images/theme-default/logo-white.png"></span> - <select id="userLang" onchange="changeLang()"> + <select id="userLang"> <option value="en_US">English (US)</option> <option value="zh_CN">中文(简体)</option> <option value="pt_BR">Português (Brasil)</option> @@ -100,7 +72,7 @@ function init() { <div id="messUserPass" class="err-mess" style="display: none;">$_("The username or password you entered is incorrect. Please try again.")</div> <div id="messSession" class="err-mess" style="display: none;">$_("Session timeout, please re-login.")</div> </div> - <form id="form-login" action="/login$next" method="POST" class="login-panel" onsubmit="updateBtnLabel();"> + <form id="form-login" class="login-panel"> <div class="row"> <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" autofocus/> <div id="username-msg" class="msg-required"></div> -- 1.9.3
Thanks Aline. There is a problem with this patch is that after login , connect to a VM and copy the vnc link. Then close both kimchi and vnc, you will get to vnc with the link you copied as well as kimchi again without asking for a password. Best Regards Wang Wen On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
On 07/17/2014 12:38 AM, Wen Wang wrote:
Thanks Aline. There is a problem with this patch is that after login , connect to a VM and copy the vnc link. Then close both kimchi and vnc, you will get to vnc with the link you copied as well as kimchi again without asking for a password.
Hi Wen Wang, This is working as design as you didn't logout from Kimchi interface, the session is still alive in cherrypy server because that you are not asked for authentication If you check the current code on master branch you will see it also behaves like that
Best Regards Wang Wen
On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/17/2014 08:09 PM, Aline Manera wrote:
On 07/17/2014 12:38 AM, Wen Wang wrote:
Thanks Aline. There is a problem with this patch is that after login , connect to a VM and copy the vnc link. Then close both kimchi and vnc, you will get to vnc with the link you copied as well as kimchi again without asking for a password.
Hi Wen Wang,
This is working as design as you didn't logout from Kimchi interface, the session is still alive in cherrypy server because that you are not asked for authentication
If you check the current code on master branch you will see it also behaves like that
Thanks Aline, Thanks for the clearify. I found out even after closing the browser, paste the url you copied from either kimchi or vnc, you can access kimchi or vnc without asking for authentication with login page. Do you think this need to be fixed?
Best Regards Wang Wen
On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/17/2014 11:49 PM, Wen Wang wrote:
On 07/17/2014 08:09 PM, Aline Manera wrote:
On 07/17/2014 12:38 AM, Wen Wang wrote:
Thanks Aline. There is a problem with this patch is that after login , connect to a VM and copy the vnc link. Then close both kimchi and vnc, you will get to vnc with the link you copied as well as kimchi again without asking for a password.
Hi Wen Wang,
This is working as design as you didn't logout from Kimchi interface, the session is still alive in cherrypy server because that you are not asked for authentication
If you check the current code on master branch you will see it also behaves like that
Thanks Aline,
Thanks for the clearify. I found out even after closing the browser, paste the url you copied from either kimchi or vnc, you can access kimchi or vnc without asking for authentication with login page. Do you think this need to be fixed?
I don't have a formed opinion on that. I am open to hear suggestions From one side, we have the timeout session, i.e. if browser is closed for more than 10 minutes the session will timeout and the user will be asked for login But in other hand, we could logout user when he/she closes the browser window to improve security.
Best Regards Wang Wen
On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/18/2014 08:18 PM, Aline Manera wrote:
On 07/17/2014 11:49 PM, Wen Wang wrote:
On 07/17/2014 08:09 PM, Aline Manera wrote:
On 07/17/2014 12:38 AM, Wen Wang wrote:
Thanks Aline. There is a problem with this patch is that after login , connect to a VM and copy the vnc link. Then close both kimchi and vnc, you will get to vnc with the link you copied as well as kimchi again without asking for a password.
Hi Wen Wang,
This is working as design as you didn't logout from Kimchi interface, the session is still alive in cherrypy server because that you are not asked for authentication
If you check the current code on master branch you will see it also behaves like that
Thanks Aline,
Thanks for the clearify. I found out even after closing the browser, paste the url you copied from either kimchi or vnc, you can access kimchi or vnc without asking for authentication with login page. Do you think this need to be fixed?
I don't have a formed opinion on that. I am open to hear suggestions
From one side, we have the timeout session, i.e. if browser is closed for more than 10 minutes the session will timeout and the user will be asked for login
But in other hand, we could logout user when he/she closes the browser window to improve security.
That sounds great! From the same browser I think it's probably okay if user closes the tabs and enter kimchi again with the same browser. Letting user re-login after closing browser could probably be better. I will send an RFC mail later and hear from opinions from others
Best Regards Wang Wen
On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
the password are plain text. not always to reproduce it. still look into it why. Here is the log. From the log, it is an GET request. INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /tabs/storage.html HTTP/1.0" 200 4608 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" 127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /storagepools HTTP/1.0" 200 1570 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /storagepools HTTP/1.0" 200 1570 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" 127.0.0.1 - - [17/Jul/2014:13:43:21] "GET /login.html?username=root&password=123456 HTTP/1.0" 200 2463 "https://localhost:8001/login.html?username=shhfeng&password=12345" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:43:21] "GET /login.html?username=root&password=123456 HTTP/1.0" 200 2463 "https://localhost:8001/login.html?username=shhfeng&password=12345" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
-- Thanks and best regards! Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
Hi Sheldon, Did you clean all the browser cache? As there were a lot of JS changes, seems you browser is in a inconsistent state. Otherwise, provide me the steps to reproduce it. Host OS? Browser version? etc.. On 07/17/2014 03:02 AM, Sheldon wrote:
the password are plain text.
not always to reproduce it. still look into it why.
Here is the log.
From the log, it is an GET request.
INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /tabs/storage.html HTTP/1.0" 200 4608 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" 127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /storagepools HTTP/1.0" 200 1570 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:42:27] "GET /storagepools HTTP/1.0" 200 1570 "https://localhost:8001/" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0"
127.0.0.1 - - [17/Jul/2014:13:43:21] "GET /login.html?username=root&password=123456 HTTP/1.0" 200 2463 "https://localhost:8001/login.html?username=shhfeng&password=12345" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0" INFO:cherrypy.access.41038288:127.0.0.1 - - [17/Jul/2014:13:43:21] "GET /login.html?username=root&password=123456 HTTP/1.0" 200 2463 "https://localhost:8001/login.html?username=shhfeng&password=12345" "Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0"
On 07/17/2014 12:44 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera<alinefm@linux.vnet.ibm.com>
V1 -> V2: - Turn back next_url parameter to fix problems mentioned by Wen Wang - Use urllib2.quote() to encode next_url in backend - Use decodeURIcomponent() to decode next_url in JS
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 9 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 71 +++++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
-- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
participants (4)
-
Aline Manera -
alinefm@linux.vnet.ibm.com
-
Sheldon -
Wen Wang