[Freeipa-devel] [PATCH 61] Cache authentication in session

[Rob Crittenden]

Endi Sukma Dewata wrote:
> On 2/6/2012 12:35 PM, John Dennis wrote:
>> rebased because patch 61-2 did not apply to master.
>
> I've looked at the ipa.js, attached is a patch that fixes several issues:
>
> 1. The error_handler_login() does nothing if it gets an error other than
> 401, it was causing the unit tests to fail. It's supposed to call the
> original error_handler().
>
> 2. In line 62 the login_url is not needed for the other case because I
> don't think we can generate error 401 with the test data.
>
> 3. There were some jslint warnings in line 312 and 424, it's missing a
> semi colon at the end of the line.
>
> 4. It replaces the tabs used for indentation with spaces in
> IPA.get_credentials().
>
> Feel free to merge this patch into yours or apply it separately.
>
> I found some other issues but it probably can be addressed separately:
>
> 5. If the ipa_memcached is restarted (to simulate session expiration),
> subsequent UI operations will generate the 'Kerberos ticket no longer
> valid' error dialog. After about 45 seconds it will work again. Ideally
> the users should not see this. I'm not sure if a similar situation will
> happen when the session times out in a normal situation.
>
> 6. The curl command like in install/ui/test/bin/update_ipa_init.sh will
> not work anymore because it doesn't use session. We need to figure out
> how to enable sessions on curl.
>

ACK for John's patch with Endi's revision.

There will still be some clean up and changes to do but lets go ahead 
and get this in, the rest is just fine tuning.

rob