[Freeipa-devel] [PATCH] 710 webui: review pending operation after expired session

Petr Vobornik pvoborni at redhat.com
Mon Jul 28 11:06:13 UTC 2014 

On 25.7.2014 22:26, Endi Sukma Dewata wrote:
> On 7/23/2014 8:16 AM, Petr Vobornik wrote:
>> Disable automatic re-execution of command after pending authentication.
>>
>> It's possible to enable it again globally by
>> 'freeipa/config':`rpc_retry_auth`.
>>
>> https://fedorahosted.org/freeipa/ticket/4374
>>
>> # Additional info:
>> This ticket is in 4.0 stabilization milestone. I don't think it's the
>> best fit. It has a potential to break things. It's also harder to test
>> because integration tests don't test it - one has to remove session
>> cookie every time and then react appropriately.
>>
>> It's also first usage of ./config module (other items there are not
>> used). This module was originally implemented to contain global webui
>> config which could be overwritten by config configured on server, ie for
>> disabling paging in large deployments. The server part doesn't exist
>> yet. Other reason is to split ipa.js into more single-purpose files.
>
> It works a little bit differently than expected.
>
> Right now suppose I'm trying to delete a user, I have the delete dialog
> open and I let it sit until the session expires, then when I click
> Delete it will show me a login screen. Once I re-login, the dialog box
> is gone. It still has the user to be deleted selected, but there's no
> indication what the operation I was trying to do before.
>
> I was thinking the session expiration would work like desktop
> screensaver lock. So when I re-login I would see same screen as I left
> it, i.e. the delete dialog is still waiting for action.
>

Components have not been made with this feature in mind. Take for 
example the delete issue. Deleter dialog is a subclass of confirm 
dialog. Confirm dialog is closed right after confirmation/cancellation. 
It doesn't wait for the result of the operation because it's handled by 
other components. The behavior was OK so far because we showed error 
dialog on "normal" error. On auth error, the command was re-executed. 
Now we don't show any error on auth error nor we leave the dialog open. 
Seems like that we should change all usages of confirm dialog to try to 
do the operation first and close the dialog after the operation was 
successful or canceled. But this is only one set of use cases. There 
might/will be others we don't know about atm.

Proper solution is to test all Web UI features (or feature sets) with 
expired session (deletion of cookie) and identify the issues. Then 
address the identified issues - much bigger task then this simple patch. 
I think it is not good to push this patch without fixing the issues and 
definitely not into stabilization release (4.0).

I propose to move this ticket into 4.1 or maybe even 4.2. Fix other 
tickets in the milestone and then return to this one. I'm giving it 
lower priority because I didn't see many people complaining about 
current behavior.


> The patch itself is fine, so it's ACKed, but I'll let you decide if this
> is sufficient to close the bug.
>

I'll postpone the push until solution for the issue above is made.

-- 
Petr Vobornik

More information about the Freeipa-devel mailing list