[PATCH 0/4] Let frontend redirect user after logging
From: Aline Manera <alinefm@linux.vnet.ibm.com> Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging src/kimchi/auth.py | 10 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 64 +++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 72 insertions(+), 341 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> After switching to the traditional login design, /login-window.html was replaced by /login.html so update test case accordingly. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- tests/test_rest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_rest.py b/tests/test_rest.py index ad8fc72..abff54b 100644 --- a/tests/test_rest.py +++ b/tests/test_rest.py @@ -1496,7 +1496,7 @@ def test_auth_unprotected(self): '/css/theme-default.min.css', '/libs/jquery-1.10.0.min.js', '/images/icon-vm.png', - '/login-window.html', + '/login.html', '/logout'] for uri in uris: resp = self.request(uri, None, 'HEAD', hdrs) -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> ui/css/theme-default/login-window.css, ui/js/src/kimchi.login_window.js and ui/pages/login-window.html.tmpl are not being used anymore since Kimchi switched to the traditional login flow. So remove them. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- 3 files changed, 271 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl diff --git a/ui/css/theme-default/login-window.css b/ui/css/theme-default/login-window.css deleted file mode 100644 index f4ad5f8..0000000 --- a/ui/css/theme-default/login-window.css +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#login-window { - height: 360px; - width: 400px; -} - -#login-window>header>.title-text { - front: #000000; - font-size: 18px; - height: 48px; - line-height: 48px; - font-weight: bold; - text-shadow: -1px -1px 1px #eaeaea, 1px 1px 1px #fff; -} - -#login-window footer #form-language { - height: 48px; - line-height: 48px; - padding-right: 10px; - text-align: right; -} - -#login-window .login-panel #form-login { - padding: 40px 40px 0; -} - -#login-window>header>.logo { - display:inline; - margin: 11px 0 0 2px; - float: left; - width: 25px; - height: 25px; - background: url(../images/logo.ico) no-repeat center center; -} - -#login-window .login-panel .row { - margin-bottom: 28px; -} - -#login-window .login-panel input[type="text"], -#login-window .login-panel input[type="password"] { - font-size: 18px; - height: 40px; - padding-left: 10px; - padding-right: 10px; - width: 290px; -} - -#login-window .login-panel .msg-required { - color: red; -} - -#login-window .login-panel button { - font-size: 18px; - height: 40px; - min-width: 160px; - float: right; -} - -#login-window .login-panel button[disabled] { - background: #888; - color: #DDD; -} - -.language { - display:inline-block; - float:right; - margin:11px 10px 0 0; -} - -.i18n-selector { - padding:2px 0; - background: #FFFBF0; -} diff --git a/ui/js/src/kimchi.login_window.js b/ui/js/src/kimchi.login_window.js deleted file mode 100644 index c562159..0000000 --- a/ui/js/src/kimchi.login_window.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -kimchi.login_main = function() { - - var selectedLanguage = kimchi.lang.get(); - var languages = kimchi.lang.all(); - for(var k in languages) { - var opt = $([ - '<option value="', - k, - '">', - languages[k], - '</option>' - ].join('')).appendTo($('#language')); - $(opt).prop('selected', selectedLanguage === k); - } - - $('#language').on('change', function() { - kimchi.topic('languageChanged').publish($(this).val()); - }); - - var validateNonEmpty = function(idsArray) { - for(var i = 0; i < idsArray.length; i++) { - var id = idsArray[i]; - if (!$('#' + id).val()) { - $('#' + id + '-msg').text(i18n['KCHAUTH6002E']); - placeCursor(id); - return false; - } - else { - $('#' + id + '-msg').empty(); - } - } - - return true; - }; - - var userNameBox = $('#username'); - var passwordBox = $('#password'); - var loginButton = $('#btn-login'); - var placeCursor = function(id) { - if (id && $('#' + id).size() > 0) { - $('#' + id).focus(); - return; - } - - var userName = kimchi.user.getUserName(); - userName && !userNameBox.val() && userNameBox.val(userName); - var password = passwordBox.val(); - - var nodeToFocus = !userName ? userNameBox : !password ? passwordBox : loginButton; - - $(nodeToFocus).focus(); - }; - - var login = function(event) { - - if (!validateNonEmpty(['username', 'password'])) { - return false; - } - - loginButton.text(i18n['KCHAUTH6002M']).prop('disabled', true); - - var userName = userNameBox.val(); - userName && kimchi.user.setUserName(userName); - var settings = { - username: userName, - password: passwordBox.val() - }; - - kimchi.login(settings, function() { - var pAjax = kimchi.previousAjax; - var consoleURL = kimchi.cookie.get("console_uri"); - if (consoleURL) { - var path = /.*\/(.*?)\?.*/g.exec(consoleURL)[1]; - var query = consoleURL.substr(consoleURL.indexOf("?") + 1); - - var proxy_port = /.*port=(.*?)(&|$)/g.exec(consoleURL)[1]; - var http_port = /.*kimchi=(.*?)(&|$)/g.exec(consoleURL); - var kimchi_port = http_port ? http_port[1] : location.port; - - url = location.protocol + "//" + location.hostname; - url += ":" + proxy_port + "/console.html?url=" + path; - url += "&" + query; - url += "&kimchi=" + kimchi_port; - - kimchi.cookie.remove("console_uri"); - window.location.replace(url) - } - else if (pAjax && true === pAjax['resend']) { - pAjax['error'] = pAjax['originalError']; - $.ajax(pAjax); - kimchi.previousAjax = null; - } - else if(pAjax) { - window.location.reload(); - } - - kimchi.user.showUser(true); - kimchi.window.close(); - }, function() { - kimchi.message.error.code('KCHAUTH6001E'); - $('#btn-login').prop('disabled', false).text(i18n['KCHAUTH6001M']); - placeCursor('username'); - }); - - return false; - }; - - $('#form-login').on('submit', login); - - setTimeout(placeCursor, 0); -}; diff --git a/ui/pages/login-window.html.tmpl b/ui/pages/login-window.html.tmpl deleted file mode 100644 index 3e451c4..0000000 --- a/ui/pages/login-window.html.tmpl +++ /dev/null @@ -1,53 +0,0 @@ -#* - * Project Kimchi - * - * Copyright IBM, Corp. 2013 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *# -#unicode UTF-8 -#import gettext -#from kimchi.cachebust import href -#silent t = gettext.translation($lang.domain, $lang.localedir, languages=$lang.lang) -#silent _ = t.gettext -#silent _t = t.gettext -<div id="login-window" class="window"> - <header> - <div class="logo"></div> - <span class="title">$_("Log In")</span> - <form id="form-language" class="language" action="" method="GET"> - <div id="lang-selection-wrapper"> - <select id="language" class="i18n-selector"></select> - </div> - </form> - </header> - <div class="content login-panel"> - <form id="form-login" action="/login" method="POST"> - <div class="row"> - <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" /> - <div id="username-msg" class="msg-required"></div> - </div> - <div class="row"> - <input type="password" id="password" name="password" required="required" placeholder="$_("Password")" /> - <div id="password-msg" class="msg-required"></div> - </div> - <div class="row"> - <button id="btn-login" class="btn-normal">$_("Log in")</button> - </div> - </form> - </div> -</div> - -<script type="text/javascript"> - kimchi.login_main(); -</script> -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> @consoleauth was used to know the console URL to redirect user after login. As Kimchi is using the "next" URL paramter to do that, this rule can be removed. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/nginx.conf.in | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/nginx.conf.in b/src/nginx.conf.in index 38e643d..3a8dfc5 100644 --- a/src/nginx.conf.in +++ b/src/nginx.conf.in @@ -56,17 +56,6 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http://127.0.0.1:$kimchid_port/ https://$host:$proxy_ssl_port/; } - - location ~/(vnc_auto|spice\.html) { - proxy_pass http://127.0.0.1:$kimchid_port; - proxy_intercept_errors on; - error_page 401 @consoleauth; - } - - location @consoleauth { - add_header Set-Cookie "console_uri=$request_uri"; - return https://$host:$proxy_ssl_port/; - } } server { -- 1.9.3
From: Aline Manera <alinefm@linux.vnet.ibm.com> The frontend should redirect user after logging so it can properly store the user information returned by /login for authorization matters. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/auth.py | 10 ++------ src/kimchi/root.py | 19 +------------- ui/js/src/kimchi.login.js | 64 +++++++++++++++++++++++++++++++++++++++++++++++ ui/pages/login.html.tmpl | 36 +++----------------------- 4 files changed, 71 insertions(+), 58 deletions(-) create mode 100644 ui/js/src/kimchi.login.js diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py index 6a4a610..f7ab6b0 100644 --- a/src/kimchi/auth.py +++ b/src/kimchi/auth.py @@ -45,8 +45,8 @@ def redirect_login(): url = "/login.html" if cherrypy.request.path_info.endswith(".html"): next_url = cherrypy.serving.request.request_line.split()[1] - next_url = base64.urlsafe_b64encode(next_url) - url = "/login.html?next=%s" % next_url + cherrypy.response.cookie["lastPage"] = next_url + cherrypy.response.cookie["lastPage"]["path"] = "/" raise cherrypy.HTTPRedirect(url, 303) @@ -203,12 +203,6 @@ def login(username, password, **kwargs): debug("User cannot be verified with the supplied password") return None except PAM.error, (resp, code): - if (cherrypy.request.path_info == "/login" and - not template.can_accept('application/json')): - next_url = kwargs.get("next") - url = "/login.html?error=userPassWrong" - url = url if next_url is None else url + "&next=%s" % next_url - raise cherrypy.HTTPRedirect(url, 303) msg_args = {'username': username, 'code': code} raise OperationFailed("KCHAUTH0001E", msg_args) diff --git a/src/kimchi/root.py b/src/kimchi/root.py index 6d1bd19..dec5862 100644 --- a/src/kimchi/root.py +++ b/src/kimchi/root.py @@ -128,24 +128,7 @@ def __init__(self, model, dev_env): self.messages = messages @cherrypy.expose - def login(self, *args, **kwargs): - username = kwargs.get('username') - password = kwargs.get('password') - # traditional form base authentication - kwa = {} - if username is not None: - # UI can parser the redirect url by "next" query parameter - next_url = kwargs.get('next') - next_url = next_url[0] if(type(next_url) is list) else next_url - if next_url is None: - lastPage = cherrypy.request.cookie.get("lastPage") - next_url = lastPage.value if lastPage is not None else "/" - else: - kwa = {"next": next_url.encode("utf-8")} - next_url = base64.urlsafe_b64decode(next_url.encode("utf-8")) - auth.login(username, password, **kwa) - raise cherrypy.HTTPRedirect(next_url, 303) - + def login(self, *args): try: params = parse_request() username = params['username'] diff --git a/ui/js/src/kimchi.login.js b/ui/js/src/kimchi.login.js new file mode 100644 index 0000000..e9878c1 --- /dev/null +++ b/ui/js/src/kimchi.login.js @@ -0,0 +1,64 @@ +/* + * Project Kimchi + * + * Copyright IBM, Corp. 2014 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +kimchi.login_main = function() { + + var selectedLanguage = kimchi.lang.get(); + $('#userLang').val(selectedLanguage); + + $('#userLang').on('change', function() { + kimchi.lang.set($(this).val()); + location.reload(); + }); + + var query = window.location.search; + var error = /.*error=(.*?)(&|$)/g.exec(query); + if (error && error[1] == "sessionTimeout") { + $("#messSession").show(); + } + + var userNameBox = $('#username'); + var passwordBox = $('#password'); + var loginButton = $('#btn-login'); + + var login = function(event) { + $("#login").hide() + $("#logging").show() + + var userName = userNameBox.val(); + userName && kimchi.user.setUserName(userName); + var settings = { + username: userName, + password: passwordBox.val() + }; + + kimchi.login(settings, function(data) { + var lastPage = kimchi.cookie.get('lastPage'); + var next_url = lastPage ? lastPage.replace(/\"/g,'') : "/" + window.location.replace(next_url) + }, function() { + $("#messUserPass").show() + $("#messSession").hide(); + $("#logging").hide() + $("#login").show() + }); + + return false; + }; + + $('#form-login').on('submit', login); +}; diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl index f8f683d..7d61a6a 100644 --- a/ui/pages/login.html.tmpl +++ b/ui/pages/login.html.tmpl @@ -32,6 +32,7 @@ <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> <link rel="shortcut icon" href="images/logo.ico"> <link rel="stylesheet" href="$href('css/theme-default.min.css')"> +<script src="$href('libs/modernizr.custom.76777.js')"></script> <script src="$href('libs/jquery-1.10.0.min.js')"></script> <script src="$href('libs/jquery-ui.min.js')"></script> <script src="$href('libs/jquery-ui-i18n.min.js')"></script> @@ -56,40 +57,11 @@ color: #C85305; } </style> -<script> -function changeLang() { - var lang = document.getElementById('userLang').value; - kimchi.cookie.set('kimchiLang', lang, 365); - window.location.reload(); -} -function setLang() { - var defaultLang = 'en_US'; - var clientLang = document.getElementsByTagName("html")[0].getAttribute("lang"); - var persistLang = kimchi.cookie.get('kimchiLang'); - document.getElementById("userLang").value = persistLang || clientLang || defaultLang; -} -function updateBtnLabel() { - document.getElementById("login").style.display = "none"; - document.getElementById("logging").style.display = ""; - kimchi.user.setUserName(document.getElementById("username").value); -} -function setMessage() { - var err = "$getVar('data.error', '')"; - if(err=="userPassWrong") - document.getElementById("messUserPass").style.display = ""; - if(err=="sessionTimeout") - document.getElementById("messSession").style.display = ""; -} -function init() { - setLang(); - setMessage(); -} -</script> </head> -<body onload="init()"> +<body onload="kimchi.login_main()"> <div class="container topbar"> <span id="logo"><img alt="Project Kimchi" src="images/theme-default/logo-white.png"></span> - <select id="userLang" onchange="changeLang()"> + <select id="userLang"> <option value="en_US">English (US)</option> <option value="zh_CN">中文(简体)</option> <option value="pt_BR">Português (Brasil)</option> @@ -100,7 +72,7 @@ function init() { <div id="messUserPass" class="err-mess" style="display: none;">$_("The username or password you entered is incorrect. Please try again.")</div> <div id="messSession" class="err-mess" style="display: none;">$_("Session timeout, please re-login.")</div> </div> - <form id="form-login" action="/login$next" method="POST" class="login-panel" onsubmit="updateBtnLabel();"> + <form id="form-login" class="login-panel"> <div class="row"> <input type="text" id="username" name="username" required="required" placeholder="$_("User Name")" autofocus/> <div id="username-msg" class="msg-required"></div> -- 1.9.3
Tested-by Wen Wang <wenwang@linux.vnet.ibm.com> On 07/15/2014 02:42 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 10 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 64 +++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 72 insertions(+), 341 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
Sorry there are bugs in this patch that I didn't realize before. 1) When connect to a VM under "Guest" tab, another browser tab appears shows the vnc window -> go to the vnc tab -> Close both tabs -> open another tab of kimchi -> log in and you will get to vnc instead of kimchi's interface 2) When session time out, you login again and you will get to "Guest" tab instead of the formal tab you are in Best Regards Wang Wen On 7/16/2014 10:49 AM, Wen Wang wrote:
Tested-by Wen Wang <wenwang@linux.vnet.ibm.com>
On 07/15/2014 02:42 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 10 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 64 +++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 72 insertions(+), 341 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/16/2014 05:30 AM, Wen Wang wrote:
Sorry there are bugs in this patch that I didn't realize before.
1) When connect to a VM under "Guest" tab, another browser tab appears shows the vnc window -> go to the vnc tab -> Close both tabs -> open another tab of kimchi -> log in and you will get to vnc instead of kimchi's interface
2) When session time out, you login again and you will get to "Guest" tab instead of the formal tab you are in
Thanks for the tests, Wen Wang! I will turn back the next_url to fix those problems.
Best Regards
Wang Wen
On 7/16/2014 10:49 AM, Wen Wang wrote:
Tested-by Wen Wang <wenwang@linux.vnet.ibm.com>
On 07/15/2014 02:42 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
Aline Manera (4): Update test case to reflect new login design Remove former login design files Remove special console rules from nginx configuration Let frontend redirect user after logging
src/kimchi/auth.py | 10 +-- src/kimchi/root.py | 19 +---- src/nginx.conf.in | 11 --- tests/test_rest.py | 2 +- ui/css/theme-default/login-window.css | 90 ------------------------ ui/js/src/kimchi.login.js | 64 +++++++++++++++++ ui/js/src/kimchi.login_window.js | 128 ---------------------------------- ui/pages/login-window.html.tmpl | 53 -------------- ui/pages/login.html.tmpl | 36 ++-------- 9 files changed, 72 insertions(+), 341 deletions(-) delete mode 100644 ui/css/theme-default/login-window.css create mode 100644 ui/js/src/kimchi.login.js delete mode 100644 ui/js/src/kimchi.login_window.js delete mode 100644 ui/pages/login-window.html.tmpl
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (3)
-
Aline Manera -
alinefm@linux.vnet.ibm.com
-
Wen Wang