[Ovirt-devel] [PATCH] Add username/password authentication for browsing from non-kerberized hosts

Jason Guiditta jguiditt at redhat.com
Thu Aug 14 16:34:41 UTC 2008

Overall, ACK -works for me.  Couple notes/tweaks below.

On Thu, 2008-08-14 at 02:45 -0500, Steve Linabery wrote:
> Once again, apologies for the attachment.
> Also, apologies for the comments in wui-devel.ks which wrap past 80 chars.
> Please help me test this. Build a new appliance with this patch, ssh to the appliance, set a new ipa password for ovirtadmin, and then kdestroy. If you launch browser after that, you should get authorization requested dialog from firefox, and (following entry of correct username/password) get redirected back to dashboard.
> Goodnight!
> Steve
diff --git a/wui/src/app/controllers/application.rb b/wui/src/app/controllers/application.rb
index eacf6f3..53d0aa6 100644
--- a/wui/src/app/controllers/application.rb
+++ b/wui/src/app/controllers/application.rb
@@ -32,17 +32,16 @@ class ApplicationController < ActionController::Base
   before_filter :pre_show, :only => [:show, :show_vms, :show_users, 
                                      :show_hosts, :show_storage]
   before_filter :authorize_admin, :only => [:new, :create, :edit, :update, :destroy]
+  before_filter :is_logged_in
-  def get_login_user
-    if ENV["RAILS_ENV"] != 'test'
-        user_from_principal(request.env["HTTP_X_FORWARDED_USER"])
-    else
-        'ovirtadmin'
+  def is_logged_in
+    if session[:user] == nil
+      redirect_to :controller => "login", :action => "login"

we may want to change this next rev, since we don't really want a
redirect while the user is logged in and just reauthing

diff --git a/wui/src/app/controllers/login_controller.rb b/wui/src/app/controllers/login_controller.rb
+  before_filter :is_logged_in, :except => :login
+  def login
+    myUser = "ovirtadmin"
+    if ENV["RAILS_ENV"] != "test"
+      myUser = user_from_principal(request.env["HTTP_X_FORWARDED_USER"])
+    end
+    session[:user] = myUser

To combine this with what I did in my earlier patch (which I will
regenerate w/o the env test) and to make it more succinct, I would
suggest changing the above block to:
session[:user] = (ENV["RAILS_ENV"] == "production") ?
user_from_principal(request.env["HTTP_X_FORWARDED_USER"]) : "ovirtadmin"

+    redirect_to :controller => "dashboard"

Same comment as in application.rb for the redirect


> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel

More information about the ovirt-devel mailing list