URL: https://github.com/freeipa/freeipa/pull/3563 Author: serg-cymbaluk Title: #3563: WebUI: Make 'Unlock' option is available only on locked user page Action: opened
PR body: """ The implementation includes checking password policy for selected user. 'Unlock' option is available only in case user reached a limit of login failures. Ticket: https://pagure.io/freeipa/issue/5062 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/3563/head:pr3563 git checkout pr3563
From 5935327093d901cb74e199b88a0645694fcff838 Mon Sep 17 00:00:00 2001 From: Serhii Tsymbaliuk <stsym...@redhat.com> Date: Mon, 19 Aug 2019 17:28:57 +0200 Subject: [PATCH 1/2] WebUI: Make 'Unlock' option is available only on locked user page The implementation includes checking password policy for selected user. 'Unlock' option is available only in case user reached a limit of login failures. Ticket: https://pagure.io/freeipa/issue/5062 Signed-off-by: Serhii Tsymbaliuk <stsym...@redhat.com> --- install/ui/src/freeipa/user.js | 35 +++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index 0211672535..c50ee2fdb7 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -443,7 +443,7 @@ return { label: '@i18n:objects.user.unlock', needs_confirm: true, hide_cond: ['preserved-user'], - disable_cond: ['no-password'], + enable_cond: ['is-locked'], confirm_msg: '@i18n:objects.user.unlock_confirm' }, { @@ -479,7 +479,7 @@ return { }, IPA.user.self_service_other_user_evaluator, IPA.user.preserved_user_evaluator, - IPA.user.no_password_evaluator, + IPA.user.is_locked_evaluator, IPA.object_class_evaluator, IPA.cert.certificate_evaluator ], @@ -1118,15 +1118,15 @@ IPA.user.deleter_dialog = function(spec) { return that; }; -IPA.user.no_password_evaluator = function(spec) { +IPA.user.is_locked_evaluator = function(spec) { spec = spec || {}; spec.event = spec.event || 'post_load'; var that = IPA.state_evaluator(spec); - that.name = spec.name || 'no_password_evaluator'; - that.param = spec.param || 'has_password'; - that.adapter = builder.build('adapter', { $type: 'adapter'}, { context: that }); + that.name = spec.name || 'is_locked_evaluator'; + that.param = spec.param || 'krbloginfailedcount'; + that.adapter = builder.build('adapter', { $type: 'adapter'}, {}); /** * Evaluates if user has no password @@ -1136,12 +1136,25 @@ IPA.user.no_password_evaluator = function(spec) { var old_state = that.state; that.state = []; - var has_password = that.adapter.load(data)[0]; - if (!has_password) { - that.state.push('no-password'); - } + var record = that.adapter.get_record(data); - that.notify_on_change(old_state); + var command = rpc.command({ + entity: 'pwpolicy', + method: 'show', + options: { + user: record.uid[0], + all: true, + rights: true + }, + on_success: function(data) { + var max_failure = data.result.result.krbpwdmaxfailure[0]; + if (record.krbloginfailedcount[0] >= max_failure) { + that.state.push('is-locked'); + } + that.notify_on_change(old_state); + }, + retry: false + }).execute(); }; return that; From 6419208a9a354263736afdafe68b19db527f3b8e Mon Sep 17 00:00:00 2001 From: Serhii Tsymbaliuk <stsym...@redhat.com> Date: Mon, 19 Aug 2019 18:20:46 +0200 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b63..8065669008 120000 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index bbcdab1ac2..efc7c9842b 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -53,10 +53,10 @@ jobs: requires: [fedora-30/build] priority: 50 job: - class: RunPytest + class: RunWebuiTests args: build_url: '{fedora-30/build_url}' - test_suite: test_integration/test_REPLACEME.py + test_suite: test_webui/test_user.py template: *ci-master-f30 timeout: 3600 - topology: *master_1repl_1client + topology: *ipaserver
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org