[Freeipa-devel] [PATCH] 683-690 webui: OTP token sync
Endi Sukma Dewata
edewata at redhat.com
Fri Jun 27 23:59:44 UTC 2014
On 6/26/2014 9:11 AM, Petr Vobornik wrote:
> This set of patches creates page(s) for OTP Token Sync.
>
> there are two options:
> 1. from login page by "Sync OTP Token" link.
> - user can navigate between those two pages
> 2. standalone page on `ipa/ui/sync_otp.html` which is not linked to UI
> and can be used separately.
>
> Both share the same code.
>
> All dependencies should be in master.
>
> This implements only ticket: https://fedorahosted.org/freeipa/ticket/4218
>
> Sync by authenticated user will be implemented later in tickets:
> https://fedorahosted.org/freeipa/ticket/4365
> https://fedorahosted.org/freeipa/ticket/4366
>
>
> Patch descriptions:
>
> == [PATCH] 683 webui: base class for LoginScreen-like facets ==
> LoginScreen has layout which can be reused for other facets/widgets,
> e.g. for Sync OTP facet
>
> == [PATCH] 684 webui: add OTP token synchronization ==
> New SyncOTPScreen widget and related facet
>
> == [PATCH] 685 webui: add link pointing to OTP sync page to login ==
>
> == [PATCH] 686 webui: support global notifications in all containers ==
> Global notifications were limited to "main" container. Now they have
> their own container which is displayed over other ones. It makes them
> usable everywhere.
>
> == [PATCH] 687 webui: bind Login facet and OTP sync facet ==
> Simple plugin which handles transition from login facet to OTP sync
> facet and vice versa.
>
> == [PATCH] 688 webui: fix confirmation mixin origin check ==
> Current check is not enough.
>
> == [PATCH] 689 webui: layer for standalone pages which use WebUI
> framework ==
> Current compiled Web UI layer (app.js) contains every FreeIPA plugin and
> not just the UI framework. It's not possible to start just a simple facet.
>
> This commit creates a basis for a layer (core.js) which contains only
> framework code and not entity related code.
>
> == [PATCH] 690 webui: add sync_otp.html ==
> standalone page for OTP token synchronization. It reuses SyncOTPScreen
> widget instead of reimplementing the logic as in other standalone pages.
ACK. Some functionalities are not working, but they seem to be server
issues. The UI itself seems to be fine with possible improvements below.
1. The link to Sync OTP Token is not very visible and probably rarely
used, so probably it can be moved together with the other messages ("To
login with...") and be given a longer description.
2. The Sync OTP page should explain that for the second OTP the user
should generate or wait for a new one.
3. In the standalone Sync OTP page, after a successful sync should it
just display a confirmation message without displaying the form again?
Or maybe it should go to the Login page, or provide a link to it,
because most people probably wants to login after sync.
4. Unrelated. In the password reset page the "Reset Password and Login"
button is not quite accurate for OTP case since the user will not be
logged in automatically.
5. Server issue. TOTP can be used multiple times:
https://fedorahosted.org/freeipa/ticket/4410
6. Server issue. Kinit doesn't seem to be working with OTP.
https://fedorahosted.org/freeipa/ticket/4411
7. Seems to be server issue too. HOTP doesn't seem to be working for
login or sync.
https://fedorahosted.org/freeipa/ticket/4412
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list