[Freeipa-devel] [PATCH] 194 Handle case when trusted domain user access the Web UI
Endi Sukma Dewata
edewata at redhat.com
Tue Aug 14 01:21:49 UTC 2012
On 8/10/2012 6:11 AM, Petr Vobornik wrote:
> WebUI catches the fact that the user can't access LDAP server with a
> current ticket. It shows form-based auth login dialog. Previoustly an
> ugly error was returned on an almost empty page, and user had no recourse.
>
> https://fedorahosted.org/freeipa/ticket/2897
>
>
> I don't like the implementation much. Problem is that we don't separate
> state variables and framework objects in IPA object. It is probably a
> topic for fixing in 3.2.
I don't have an environment to test this, but the code looks fine, so
it's ACKed.
Some comments:
1. The logged_kerberos and logged_password cannot be true at the same
time, right? Maybe they can be combined into a single variable (e.g.
login_status) which different values for unauthenticated, logged in via
kerberos, and logged in via password. Maybe the 'initialized' variable
can be combined too.
2. I agree about the state variables & framework objects separation.
Currently the 'IPA' object is both used as a singleton/global variable
and also as a name space for the framework. I think ideally we should
use a generic/non-IPA specific name for the framework. Probably
something like this:
// UI Framework
var UI = { ... };
UI.entity = function() { ... };
UI.facet = function() { ... };
// IPA UI
var IPA = UI();
IPA.user.entity = function() { ... };
IPA.user.details_facet = function() { ... };
IPA.init();
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list