External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 02:19:58 -03:30
Code Issues Packages Projects Releases Wiki Activity

Security- Login

Browse Source 
Fixed login modal issue where logging out and immediately clicking Sign In button without entering username/password would log back in as prior user.
This commit is contained in:
Chris Houseknecht 2014-08-13 09:21:14 -04:00
parent 1b7d94732b
commit 2e39e093af
4 changed files with 62 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
awx/ui/static/js/controllers/Authentication.js
View File

@ -14,13 +14,15 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
Timer, Empty) {
var setLoginFocus, lastPath, sessionExpired,
e, scope = $rootScope.$new();
e, html, scope = $rootScope.$new();
setLoginFocus = function () {
$('#login-username').focus();
};
sessionExpired = (Empty($rootScope.sessionExpired)) ? $cookieStore.get('sessionExpired') : $rootScope.sessionExpired;
scope.sessionExpired = (Empty($rootScope.sessionExpired)) ? $cookieStore.get('sessionExpired') : $rootScope.sessionExpired;
scope.login_username = '';
scope.login_password = '';
lastPath = function () {
return (Empty($rootScope.lastPath)) ? $cookieStore.get('lastPath') : $rootScope.lastPath;
@ -41,6 +43,50 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
Wait('stop');
window.scrollTo(0,0);
if ($location.path() === '/logout') {
//if logout request, clear AuthToken and user session data
Authorization.logout();
}
e = angular.element(document.getElementById('login-modal-content'));
html = "<div class=\"modal-header login-header\">\n" +
"<img src=\"" + $basePath + "img/tower_console_logo.png\" />" +
"</div>\n" +
"<div class=\"modal-body\" id=\"login-modal-body\">\n" +
"<div class=\"login-alert\" ng-show=\"(sessionExpired == false)\">Welcome to Ansible Tower! &nbsp;Please sign in.</div>\n" +
"<div class=\"login-alert\" ng-show=\"(sessionExpired == true)\">Your session timed out due to inactivity. Please sign in.</div>\n" +
"<form id=\"login-form\" name=\"loginForm\" class=\"form-horizontal\" autocomplete=\"off\" novalidate >\n" +
"<div class=\"form-group\">\n" +
"<label class=\"control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk\">Username</label>\n" +
"<div class=\"col-md-8 col-sm-8 col-xs-9\">\n" +
"<input type=\"text\" name=\"login_username\" class=\"form-control\" ng-model=\"login_username\"" +
"id=\"login-username\" autocomplete=\"off\" required>\n" +
"<div class=\"error\" ng-show=\"loginForm.login_username.$dirty && loginForm.login_username.$error.required\">A value is required!</div>\n" +
"<div class=\"error api-error\" ng-bind=\"usernameError\"></div>\n" +
"</div>\n" +
"</div>\n" +
"<div class=\"form-group\">\n" +
"<label class=\"control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk\">Password</label>\n" +
"<div class=\"col-md-8 col-sm-8 col-xs-9\">\n" +
"<input type=\"password\" name=\"login_password\" id=\"login-password\" class=\"form-control\"" +
"ng-model=\"login_password\" required autocomplete=\"off\">\n" +
"<div class=\"error\" ng-show=\"loginForm.login_password.$dirty && loginForm.login_password.$error.required\">A value is required!</div>\n" +
"<div class=\"error api-error\" ng-bind=\"passwordError\"></div>\n" +
"</div>\n" +
"</div>\n" +
"</form>\n" +
"</div>\n" +
"<div class=\"modal-footer\">\n" +
"<button ng-click=\"systemLogin(login_username, login_password)\" id=\"login-button\" class=\"btn btn-primary\"><i class=\"fa fa-sign-in\"></i> Sign In</button>\n" +
"</div>\n";
e.empty().html(html);
$compile(e)(scope);
// Set focus to username field
$('#login-modal').on('shown.bs.modal', function () {
setLoginFocus();
});
// Display the login dialog
$('#login-modal').modal({
show: true,
@ -48,27 +94,11 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
backdrop: 'static'
});
// Set focus to username field
$('#login-modal').on('shown.bs.modal', function () {
setLoginFocus();
});
e = angular.element(document.getElementById('login-modal'));
$compile(e)(scope);
// Reset the login form
scope.login_username = null;
scope.login_password = null;
scope.loginForm.login_username.$setPristine();
scope.loginForm.login_password.$setPristine();
if ($location.path() === '/logout') {
//if logout request, clear AuthToken and user session data
Authorization.logout();
}
$rootScope.userLoggedIn = false; //hide the logout link. if you got here, you're logged out.
$cookieStore.put('userLoggedIn', false); //gets set back to true by Authorization.setToken().
//scope.loginForm.login_username.$setPristine();
//scope.loginForm.login_password.$setPristine();
//$rootScope.userLoggedIn = false; //hide the logout link. if you got here, you're logged out.
//$cookieStore.put('userLoggedIn', false); //gets set back to true by Authorization.setToken().
$('#login-password').bind('keypress', function (e) {
var code = (e.keyCode ? e.keyCode : e.which);

8
awx/ui/static/lib/ansible/AuthService.js
View File

@ -59,13 +59,15 @@ angular.module('AuthService', ['ngCookies', 'Utilities'])
var scope = angular.element(document.getElementById('main-view')).scope();
scope.$destroy();
$rootScope.$destroy();
$cookieStore.remove('token');
$cookieStore.remove('token_expires');
$cookieStore.remove('current_user');
$cookieStore.remove('lastPath');
$cookieStore.remove('lastPath', '/home');
$cookieStore.remove('token');
$cookieStore.put('userLoggedIn', false);
$cookieStore.put('sessionExpired', false);
$cookieStore.remove('lastPath', '/home');
$cookieStore.put('token', '');
$cookieStore.put('current_user', {});
$rootScope.current_user = {};
$rootScope.license_tested = undefined;
$rootScope.userLoggedIn = false;
@ -73,6 +75,8 @@ angular.module('AuthService', ['ngCookies', 'Utilities'])
$rootScope.token = null;
$rootScope.token_expires = null;
$rootScope.lastPath = '/home';
$rootScope.login_username = null;
$rootScope.login_password = null;
},
getLicense: function () {

6
awx/ui/static/lib/ansible/Utilities.js
View File

@ -75,11 +75,10 @@ angular.module('Utilities', ['RestServices', 'Utilities'])
* alert-info...). Pass an optional function(){}, if you want a specific action to occur when user
* clicks 'OK' button. Set secondAlert to true, when a second dialog is needed.
*/
.factory('Alert', ['$rootScope', '$compile', '$sce', function ($rootScope) {
.factory('Alert', ['$rootScope', function ($rootScope) {
return function (hdr, msg, cls, action, secondAlert, disableButtons) {
var scope = $rootScope.$new(), alertClass, e;
var scope = $rootScope.$new(), alertClass;
if (secondAlert) {
e = angular.element(document.getElementById('alert-modal2'));
$('#alertHeader2').html(hdr);
$('#alert2-modal-msg').html(msg);
@ -108,7 +107,6 @@ angular.module('Utilities', ['RestServices', 'Utilities'])
}
});
} else {
e = angular.element(document.getElementById('alert-modal'));
$('#alertHeader').html(hdr);
$('#alert-modal-msg').html(msg);

34
awx/ui/templates/ui/index.html
View File

@ -263,38 +263,7 @@
<!-- login modal -->
<div id="login-modal" class="modal fade">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header login-header">
<img src="{{ STATIC_URL }}img/tower_console_logo.png" />
</div>
<div class="modal-body">
<div class="login-alert" ng-show="(sessionExpired == false)">Welcome to Ansible Tower! &nbsp;Please sign in.</div>
<div class="login-alert" ng-show="(sessionExpired == true)">Your session timed out due to inactivity. Please sign in.</div>
<form id="login-form" name="loginForm" class="form-horizontal" autocomplete="off" novalidate >
<div class="form-group">
<label class="control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk">Username</label>
<div class="col-md-8 col-sm-8 col-xs-9">
<input type="text" name="login_username" class="form-control" ng-model="login_username"
id="login-username" autocomplete="off" required>
<div class="error" ng-show="loginForm.login_username.$dirty && loginForm.login_username.$error.required">A value is required!</div>
<div class="error api-error" ng-bind="usernameError"></div>
</div>
</div>
<div class="form-group">
<label class="control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk">Password</label>
<div class="col-md-8 col-sm-8 col-xs-9">
<input type="password" name="login_password" id="login-password" class="form-control"
ng-model="login_password" required autocomplete="off">
<div class="error" ng-show="loginForm.login_password.$dirty && loginForm.login_password.$error.required">A value is required!</div>
<div class="error api-error" ng-bind="passwordError"></div>
</div>
</div>
</form>
</div>
<div class="modal-footer">
<button ng-click="systemLogin(login_username, login_password)" id="login-button" class="btn btn-primary"><i class="fa fa-sign-in"></i> Sign In</button>
</div>
</div><!-- modal-content -->
<div class="modal-content" id="login-modal-content"></div><!-- modal-content -->
</div><!-- modal-dialog -->
</div><!-- modal -->
@ -397,6 +366,7 @@
</div><!-- modal-dialog -->
</div><!-- modal -->
<div id="login-modal-dialog" style="display: none;"></div>
<div id="help-modal-dialog" style="display: none;"></div>
<div id="license-modal-dialog" style="display: none;"></div>
<div id="about-modal-dialog" style="display: none;" ng-include="'static/partials/cowsay-about.html '"></div>