web UI auth: add js/ajax login dialog

pcsd/pcsd.rb

@@ -145,6 +145,10 @@ def generate_cookie_secret
 }
 
 helpers do
+  def is_ajax?
+    return request.env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
+  end
+
   def protected!
     gui_request = ( # these are URLs for web pages
       request.path == '/' or
@@ -158,9 +162,7 @@ def protected!
         halt [401, '{"notauthorized":"true"}']
       end
     else #/managec/* /manage/* /permissions
-      if !gui_request and
-        request.env['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest'
-      then
+      if !gui_request and !is_ajax? then
         # Accept non GUI requests only with header
         # "X_REQUESTED_WITH: XMLHttpRequest". (check if they are send via AJAX).
         # This prevents CSRF attack.
@@ -361,9 +363,9 @@ def getParamList(params)
 if not DISABLE_GUI
   get('/login'){ erb :login, :layout => :main }
 
-  get '/logout' do 
+  get '/logout' do
     session.destroy
-    erb :login, :layout => :main
+    redirect '/login'
   end
 
   post '/login' do
@@ -383,11 +385,19 @@ def getParamList(params)
       #      end
       #      redirect plp
       #    else
-      redirect '/manage'
+      if is_ajax?
+        halt [200, "OK"]
+      else
+        redirect '/manage'
+      end
       #    end
     else
-      session["bad_login_name"] = params['username']
-      redirect '/login?badlogin=1'
+      if is_ajax?
+        halt [401, '{"notauthorized":"true"}']
+      else
+        session["bad_login_name"] = params['username']
+        redirect '/login?badlogin=1'
+      end
     end
   end
 

pcsd/public/js/nodes-ember.js

@@ -69,7 +69,7 @@ Pcs = Ember.Application.createWithMixins({
         return;
       }
       Ember.debug("Empty Cluster Name");
-      $.ajax({
+      ajax_wrapper({
         url: "/clusters_overview",
         dataType: "json",
         timeout: 20000,
@@ -102,7 +102,7 @@ Pcs = Ember.Application.createWithMixins({
       });
       return;
     }
-    $.ajax({
+    ajax_wrapper({
       url: "cluster_status",
       dataType: "json",
       success: function(data) {
@@ -502,7 +502,7 @@ Pcs.resourcesContainer = Ember.Object.create({
       value: value
     };
 
-    $.ajax({
+    ajax_wrapper({
       type: 'POST',
       url: get_cluster_remote_url() + 'add_meta_attr_remote',
       data: data,
@@ -523,7 +523,7 @@ Pcs.resourcesContainer = Ember.Object.create({
     if (resource_id == null) {
       return;
     }
-    $.ajax({
+    ajax_wrapper({
       type: 'POST',
       url: get_cluster_remote_url() + 'resource_start',
       data: {resource: resource_id},
@@ -549,7 +549,7 @@ Pcs.resourcesContainer = Ember.Object.create({
     if (resource_id == null) {
       return;
     }
-    $.ajax({
+    ajax_wrapper({
       type: 'POST',
       url: get_cluster_remote_url() + 'resource_stop',
       data: {resource: resource_id},