Skip to content
Permalink
Browse files

web UI auth: add js/ajax login dialog

  • Loading branch information...
tomjelinek committed Feb 8, 2016
1 parent e9b2883 commit acdbbe8307e6f4a36b2c7754765e732e43fe8d17
Showing with 220 additions and 57 deletions.
  1. +18 −8 pcsd/pcsd.rb
  2. +5 −5 pcsd/public/js/nodes-ember.js
  3. +177 −44 pcsd/public/js/pcsd.js
  4. +19 −0 pcsd/views/_dialogs.erb
  5. +1 −0 pcsd/views/permissions.erb
@@ -145,6 +145,10 @@ def generate_cookie_secret
}

helpers do
def is_ajax?
return request.env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
end

def protected!
gui_request = ( # these are URLs for web pages
request.path == '/' or
@@ -158,9 +162,7 @@ def protected!
halt [401, '{"notauthorized":"true"}']
end
else #/managec/* /manage/* /permissions
if !gui_request and
request.env['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest'
then
if !gui_request and !is_ajax? then
# Accept non GUI requests only with header
# "X_REQUESTED_WITH: XMLHttpRequest". (check if they are send via AJAX).
# This prevents CSRF attack.
@@ -361,9 +363,9 @@ def getParamList(params)
if not DISABLE_GUI
get('/login'){ erb :login, :layout => :main }

get '/logout' do
get '/logout' do
session.destroy
erb :login, :layout => :main
redirect '/login'
end

post '/login' do
@@ -383,11 +385,19 @@ def getParamList(params)
# end
# redirect plp
# else
redirect '/manage'
if is_ajax?
halt [200, "OK"]
else
redirect '/manage'
end
# end
else
session["bad_login_name"] = params['username']
redirect '/login?badlogin=1'
if is_ajax?
halt [401, '{"notauthorized":"true"}']
else
session["bad_login_name"] = params['username']
redirect '/login?badlogin=1'
end
end
end

@@ -69,7 +69,7 @@ Pcs = Ember.Application.createWithMixins({
return;
}
Ember.debug("Empty Cluster Name");
$.ajax({
ajax_wrapper({
url: "/clusters_overview",
dataType: "json",
timeout: 20000,
@@ -102,7 +102,7 @@ Pcs = Ember.Application.createWithMixins({
});
return;
}
$.ajax({
ajax_wrapper({
url: "cluster_status",
dataType: "json",
success: function(data) {
@@ -502,7 +502,7 @@ Pcs.resourcesContainer = Ember.Object.create({
value: value
};

$.ajax({
ajax_wrapper({
type: 'POST',
url: get_cluster_remote_url() + 'add_meta_attr_remote',
data: data,
@@ -523,7 +523,7 @@ Pcs.resourcesContainer = Ember.Object.create({
if (resource_id == null) {
return;
}
$.ajax({
ajax_wrapper({
type: 'POST',
url: get_cluster_remote_url() + 'resource_start',
data: {resource: resource_id},
@@ -549,7 +549,7 @@ Pcs.resourcesContainer = Ember.Object.create({
if (resource_id == null) {
return;
}
$.ajax({
ajax_wrapper({
type: 'POST',
url: get_cluster_remote_url() + 'resource_stop',
data: {resource: resource_id},

0 comments on commit acdbbe8

Please sign in to comment.
You can’t perform that action at this time.