From 1429538716837aca88e2baaa24021b00d343b043 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Oct 17 2012 08:52:00 +0000 Subject: Configuration pages changed to use new FF extension browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1]. Old configuration method was moved to ssbrowser.html. Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config. The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps. Ticket: https://fedorahosted.org/freeipa/ticket/3094 [1] https://fedorahosted.org/freeipa/ticket/823 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383 --- diff --git a/install/html/Makefile.am b/install/html/Makefile.am index 46e8683..0377ce7 100644 --- a/install/html/Makefile.am +++ b/install/html/Makefile.am @@ -2,6 +2,8 @@ NULL = appdir = $(IPA_SYSCONF_DIR)/html app_DATA = \ + ffconfig.js \ + ffconfig_page.js \ ssbrowser.html \ browserconfig.html \ unauthorized.html \ diff --git a/install/html/browserconfig.html b/install/html/browserconfig.html index aa978f0..046a824 100644 --- a/install/html/browserconfig.html +++ b/install/html/browserconfig.html @@ -4,19 +4,15 @@ IPA: Identity Policy Audit - - + + + + + @@ -27,11 +23,71 @@ - diff --git a/install/html/ffconfig.js b/install/html/ffconfig.js new file mode 100644 index 0000000..3c9f34c --- /dev/null +++ b/install/html/ffconfig.js @@ -0,0 +1,116 @@ +/* Authors: + * Petr Vobornik + * + * Copyright (C) 2012 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +var IPA = IPA || {}; + +IPA.browser_config = { + + configure_firefox: function(domain) { + + var self = this; + + domain = domain || self.get_domain(); + + self.send_message({ + method: 'configure', + predefined: 'ipa', + trusted_uris: domain + }); + }, + + + get_configure_result: function() { + + var self = this; + + var el = self.get_data_element(); + + var answer = el.getAttribute('answer'); + + return answer; + }, + + get_domain: function() { + return "."+IPA_DOMAIN; + }, + + send_message: function(options) { + + options = options || {}; + + var self = this; + + self.clear_data_element(); + var opt_element = self.get_data_element(); + + for (var opt in options) { + opt_element.setAttribute(opt, options[opt]); + } + + var msg_evt = document.createEvent('HTMLEvents'); + msg_evt.initEvent('kerberos-auth-config', true, false); + opt_element.dispatchEvent(msg_evt); + }, + + get_data_element: function() { + + var els = document.getElementsByTagName('kerberosauthdataelement'); + var element; + + if (els.length === 0) { + element = document.createElement('kerberosauthdataelement'); + document.documentElement.appendChild(element); + } else { + element = els[0]; + } + + return element; + }, + + clear_data_element: function() { + + var self = this; + + var el = self.get_data_element(); + var to_remove = []; + + for (var i=0; i + * + * Copyright (C) 2012 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + + $(document).ready(function() { + + var set_enabled = function(steps, enabled) { + + var method; + + if (enabled) method = function(el) { el.removeClass('ui-state-disabled'); }; + else method = function(el) { el.addClass('ui-state-disabled'); }; + + for (var i=0; i b_num) return 1; + else if (a_num < b_num) return -1; + } + + if (a_parts.length !== b_parts.length) { + return a_parts.length > b_parts.length ? 1 : -1; + } + + return 0; + }; + + $('#install-link').click(install); + $('#reinstall-link').click(install); + $('#configure-link').click(configure); + + $('#notfirefox-link').button(); + $('#ca-link').button(); + $('#oldfirefox-link').button(); + $('#reinstall-link').button(); + $('#install-link').button(); + $('#configure-link').button(); + $('#return-link').button(); + + check_version(); + show_installed(IPA.browser_config.extension_installed()); +}); \ No newline at end of file diff --git a/install/html/ipa_error.css b/install/html/ipa_error.css index 60ad729..6cf70d8 100644 --- a/install/html/ipa_error.css +++ b/install/html/ipa_error.css @@ -18,6 +18,12 @@ margin-top: -3em; } + +.ssbrowser h3 { + font-size: 1.1em; + margin-bottom: 1em; +} + /* Browser configuration */ object.browser-config { diff --git a/install/html/jsl.conf b/install/html/jsl.conf new file mode 100644 index 0000000..b9a8a97 --- /dev/null +++ b/install/html/jsl.conf @@ -0,0 +1,131 @@ +# +# Configuration File for JavaScript Lint 0.3.0 +# Developed by Matthias Miller (http://www.JavaScriptLint.com) +# +# This configuration file can be used to lint a collection of scripts, or to enable +# or disable warnings for scripts that are linted via the command line. +# + +### Warnings +# Enable or disable warnings based on requirements. +# Use "+WarningName" to display or "-WarningName" to suppress. +# ++no_return_value # function {0} does not always return a value ++duplicate_formal # duplicate formal argument {0} ++equal_as_assign # test for equality (==) mistyped as assignment (=)?{0} ++var_hides_arg # variable {0} hides argument ++redeclared_var # redeclaration of {0} {1} ++anon_no_return_value # anonymous function does not always return a value ++missing_semicolon # missing semicolon ++meaningless_block # meaningless block; curly braces have no impact ++comma_separated_stmts # multiple statements separated by commas (use semicolons?) ++unreachable_code # unreachable code ++missing_break # missing break statement ++missing_break_for_last_case # missing break statement for last case in switch ++comparison_type_conv # comparisons against null, 0, true, false, or an empty string allowing implicit type conversion (use === or !==) ++inc_dec_within_stmt # increment (++) and decrement (--) operators used as part of greater statement ++useless_void # use of the void type may be unnecessary (void is always undefined) ++multiple_plus_minus # unknown order of operations for successive plus (e.g. x+++y) or minus (e.g. x---y) signs ++use_of_label # use of label +-block_without_braces # block statement without curly braces ++leading_decimal_point # leading decimal point may indicate a number or an object member ++trailing_decimal_point # trailing decimal point may indicate a number or an object member ++octal_number # leading zeros make an octal number ++nested_comment # nested comment ++misplaced_regex # regular expressions should be preceded by a left parenthesis, assignment, colon, or comma ++ambiguous_newline # unexpected end of line; it is ambiguous whether these lines are part of the same statement ++empty_statement # empty statement or extra semicolon +-missing_option_explicit # the "option explicit" control comment is missing ++partial_option_explicit # the "option explicit" control comment, if used, must be in the first script tag ++dup_option_explicit # duplicate "option explicit" control comment ++useless_assign # useless assignment ++ambiguous_nested_stmt # block statements containing block statements should use curly braces to resolve ambiguity ++ambiguous_else_stmt # the else statement could be matched with one of multiple if statements (use curly braces to indicate intent) ++missing_default_case # missing default case in switch statement ++duplicate_case_in_switch # duplicate case in switch statements ++default_not_at_end # the default case is not at the end of the switch statement ++legacy_cc_not_understood # couldn't understand control comment using /*@keyword@*/ syntax ++jsl_cc_not_understood # couldn't understand control comment using /*jsl:keyword*/ syntax ++useless_comparison # useless comparison; comparing identical expressions ++with_statement # with statement hides undeclared variables; use temporary variable instead ++trailing_comma_in_array # extra comma is not recommended in array initializers ++assign_to_function_call # assignment to a function call ++parseint_missing_radix # parseInt missing radix parameter + + +### Output format +# Customize the format of the error message. +# __FILE__ indicates current file path +# __FILENAME__ indicates current file name +# __LINE__ indicates current line +# __ERROR__ indicates error message +# +# Visual Studio syntax (default): ++output-format __FILE__(__LINE__): __ERROR__ +# Alternative syntax: +#+output-format __FILE__:__LINE__: __ERROR__ + + +### Context +# Show the in-line position of the error. +# Use "+context" to display or "-context" to suppress. +# ++context + + +### Semicolons +# By default, assignments of an anonymous function to a variable or +# property (such as a function prototype) must be followed by a semicolon. +# ++lambda_assign_requires_semicolon + + +### Control Comments +# Both JavaScript Lint and the JScript interpreter confuse each other with the syntax for +# the /*@keyword@*/ control comments and JScript conditional comments. (The latter is +# enabled in JScript with @cc_on@). The /*jsl:keyword*/ syntax is preferred for this reason, +# although legacy control comments are enabled by default for backward compatibility. +# ++legacy_control_comments + + +### JScript Function Extensions +# JScript allows member functions to be defined like this: +# function MyObj() { /*constructor*/ } +# function MyObj.prototype.go() { /*member function*/ } +# +# It also allows events to be attached like this: +# function window::onload() { /*init page*/ } +# +# This is a Microsoft-only JavaScript extension. Enable this setting to allow them. +# +-jscript_function_extensions + + +### Defining identifiers +# By default, "option explicit" is enabled on a per-file basis. +# To enable this for all files, use "+always_use_option_explicit" +#-always_use_option_explicit ++always_use_option_explicit + +# Define certain identifiers of which the lint is not aware. +# (Use this in conjunction with the "undeclared identifier" warning.) +# +# Common uses for webpages might be: ++define window ++define document ++define alert ++define $ ++define jQuery ++define IPA_DOMAIN ++define IPA_REALM ++define IPA + +### Files +# Specify which files to lint +# Use "+recurse" to enable recursion (disabled by default). +# To add a set of files, use "+process FileName", "+process Folder\Path\*.js", +# or "+process Folder\Path\*.htm". +# ++process ffconfig.js ++process ffconfig_page.js \ No newline at end of file diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html index f77402a..9e17b5f 100644 --- a/install/html/ssbrowser.html +++ b/install/html/ssbrowser.html @@ -4,10 +4,22 @@ IPA: Identity Policy Audit - + + + + @@ -50,13 +62,19 @@
  • 1. In the address bar of Firefox, type about:config to display the list of current configuration options.
  • 2. In the Filter field, type negotiate to restrict the list of options.
  • 3. Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.
    • -
  • 4. Enter the name of the domain against which you want to authenticate, for example, .example.com.
    • -
  • 5. Repeat the above procedure for the network.negotiate-auth.delegation-uris entry, using the same domain.
    • +
  • 4. Enter the name of the domain against which you want to authenticate, for example, .example.com.

  • You are all set.
- +

Automatic Configuration of older versions

+

You can configure older versions of Firefox (up to version 14) using signed code. Use Firefox configuration page for newer versions.

+
    +
  • 1. Import CA certificate. Make sure you checked all three checkboxes.
    • +
  • 2. Click on "Configure Browser" button below.
    • + +
diff --git a/install/html/unauthorized.html b/install/html/unauthorized.html index 00d7950..5bff2d2 100644 --- a/install/html/unauthorized.html +++ b/install/html/unauthorized.html @@ -9,16 +9,6 @@ - - @@ -32,24 +22,19 @@

Unable to verify your Kerberos credentials

- Please make sure that you have valid Kerberos tickets (obtainable via kinit), + Please make sure that you have valid Kerberos tickets (obtainable via kinit), and that you have configured your browser correctly.

-
- If this is your first time: - -
+

Browser configuration

-
diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 7e79566..b330db2 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -4,6 +4,7 @@ * Adam Young * Endi Sukma Dewata * Kyle Baker +* Petr Vobornik * * Copyright (C) 2010 Red Hat */ @@ -810,7 +811,6 @@ ul#viewtype li a { h1 { font-family: "Overpass Bold","Liberation Sans", Arial, sans-serif; font-size: 1.5em; - font-weight: normal; color: #555555; text-transform: uppercase; text-shadow: 1px 1px 0 #FFFFFF; @@ -820,7 +820,6 @@ h1 { h2 { font-family: "Overpass Bold","Liberation Sans", Arial, sans-serif; font-size: 1.5em; - font-weight: normal; color: #333333; text-transform: uppercase; margin-left: 1em; @@ -1347,9 +1346,23 @@ body.info-page { background: url(images/static-background.png) repeat-x scroll left top #EDEDED; } +.info-page p { + margin: 0.5em 0em 1em 0em; +} + +.info-page h1, .info-page h2, .info-page h3 { + font-family: "Overpass", "Liberation Sans", Arial, sans-serif; + margin-left: 0px; + font-weight: normal; + color: #555555; +} + .info-page h1 { - color: #333333; - margin-bottom: 1.5em; + font-size: 2em; +} + +.info-page h2 { + margin-top: 2em; } .info-page .container_1 { @@ -1394,6 +1407,22 @@ body.info-page { margin-right: 0px; } +/* Browser config page */ + + +.info-page .browser-config h1, +.info-page .browser-config h2, +.info-page .browser-config h3, +.info-page .browser-config.textblockkrb { + text-align: center; +} + +.browser-config h2 { + margin-left: 0em; + margin-top: 2em; + +} + /* ---- HBAC Test ---- */ .hbac-test-header { diff --git a/install/ui/ipa.js b/install/ui/ipa.js index ed380d9..cc45a0a 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -1346,9 +1346,11 @@ IPA.unauthorized_dialog = function(spec) { "Your kerberos ticket is no longer valid. "+ "Please run kinit and then click 'Retry'. "+ "If this is your first time running the IPA Web UI "+ - ""+ + ""+ "follow these directions to configure your browser."); + that.message = that.message.replace('${host}', window.location.hostname); + that.form_auth_failed = "

Please re-enter your username or password

" + "

The password or username you entered is incorrect. " + "Please try again (make sure your caps lock is off).

" + diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 7d394f8..2cb60be 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -9,7 +9,7 @@ "messages": { "ajax": { "401": { - "message": "Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser.", + "message": "Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser.", "title": "Kerberos ticket no longer valid." } }, diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index 66507c8..0458d5d 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -144,7 +144,7 @@ class i18n_messages(Command): messages = { "ajax": { "401": { - "message": _("Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser."), + "message": _("Your Kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser."), "title": _("Kerberos ticket no longer valid."), }, },