Skip to content

Commit

Permalink
add configurable webui error message #4068
Browse files Browse the repository at this point in the history
  • Loading branch information
@tbeerman @bari12
tbeerman authored and bari12 committed Oct 26, 2020
1 parent fb00dfe commit c8d4119
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 22 deletions.
63 changes: 46 additions & 17 deletions lib/rucio/web/ui/common/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,9 @@

MULTI_VO = config_get_bool('common', 'multi_vo', raise_exception=False, default=False)

# Additional error message that can have VO specific information for the user, e.g., support mailing list.
ADDITIONAL_ERROR_MSG = config_get("webui", "additional_error_msg", raise_exception=False, default="")

# excluded characters for injected JavaScript variables
VARIABLE_VALUE_REGEX = re.compile(r"^[\w\- /=,.+*#()\[\]]*$", re.UNICODE)

Expand Down Expand Up @@ -366,12 +369,19 @@ def x509token_auth(data=None):
vos_with_desc = get_vo_descriptions(ui_vo)
return RENDERER.select_login_method(AUTH_ISSUERS, SAML_SUPPORT, vos_with_desc)

if MULTI_VO:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account: %s at VO: %s." % (html_escape(dn), html_escape(ui_account), html_escape(ui_vo))
if not ui_account:
if MULTI_VO:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account at VO: %s." % (html_escape(dn), html_escape(ui_vo))
else:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account." % (html_escape(dn))
else:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account: %s." % (html_escape(dn), html_escape(ui_account))
msg += "<br><br><font color=\"red\">First, please make sure it is correctly registered in <a href=\"https://voms2.cern.ch:8443/voms/atlas\">VOMS</a> and be patient until it has been fully propagated through the system.</font>"
msg += "<br><br>Then, if it is still not working please contact <a href=\"mailto:atlas-adc-ddm-support@cern.ch\">DDM Support</a>."
if MULTI_VO:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account: %s at VO: %s." % (html_escape(dn), html_escape(ui_account), html_escape(ui_vo))
else:
msg = "<br><br>Your certificate (%s) is not mapped to (possibly any) rucio account: %s." % (html_escape(dn), html_escape(ui_account))

if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
if not ui_account:
return RENDERER.problem(msg)
token = get_token(auth.get_auth_token_x509, acc=ui_account, vo=ui_vo, idt=dn)
Expand Down Expand Up @@ -432,15 +442,21 @@ def userpass_auth(data, rendered_tpl):

if not ui_account:
if MULTI_VO:
return RENDERER.problem(('Cannot get find any account associated with %s identity at VO %s.' % (html_escape(data.username), html_escape(ui_vo))))
msg = 'Cannot get find any account associated with %s identity at VO %s.' % (html_escape(data.username), html_escape(ui_vo))
else:
return RENDERER.problem(('Cannot get find any account associated with %s identity.' % (html_escape(data.username))))
msg = 'Cannot get find any account associated with %s identity.' % (html_escape(data.username))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)
token = get_token(auth.get_auth_token_user_pass, acc=ui_account, vo=ui_vo, idt=data.username, pwd=data.password.encode("ascii"))
if not token:
if MULTI_VO:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.') % (html_escape(data.username), html_escape(ui_account), html_escape(ui_vo)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.' % (html_escape(data.username), html_escape(ui_account), html_escape(ui_vo))
else:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.') % (html_escape(data.username), html_escape(ui_account)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.' % (html_escape(data.username), html_escape(ui_account))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)

return finalize_auth(token, 'userpass')

Expand Down Expand Up @@ -501,15 +517,22 @@ def saml_auth(method, data=None):

if not ui_account:
if MULTI_VO:
return RENDERER.problem('Cannot get find any account associated with %s identity at VO %s.' % (html_escape(saml_nameid), html_escape(ui_vo)))
msg = 'Cannot get find any account associated with %s identity at VO %s.' % (html_escape(saml_nameid), html_escape(ui_vo))
else:
return RENDERER.problem('Cannot get find any account associated with %s identity.' % (html_escape(saml_nameid)))
msg = 'Cannot get find any account associated with %s identity.' % (html_escape(saml_nameid))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)

token = get_token(auth.get_auth_token_saml, acc=ui_account, vo=ui_vo, idt=saml_nameid)
if not token:
if MULTI_VO:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.') % (html_escape(saml_nameid), html_escape(ui_account), html_escape(ui_vo)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.' % (html_escape(saml_nameid), html_escape(ui_account), html_escape(ui_vo))
else:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.') % (html_escape(saml_nameid), html_escape(ui_account)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.' % (html_escape(saml_nameid), html_escape(ui_account))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)
return finalize_auth(token, 'saml')

# If method is POST, check the received SAML response and redirect to home if valid
Expand Down Expand Up @@ -550,15 +573,21 @@ def saml_auth(method, data=None):

if not ui_account:
if MULTI_VO:
return RENDERER.problem('Cannot get find any account associated with %s identity at VO %s.' % (html_escape(saml_nameid), html_escape(ui_vo)))
msg = 'Cannot get find any account associated with %s identity at VO %s.' % (html_escape(saml_nameid), html_escape(ui_vo))
else:
return RENDERER.problem('Cannot get find any account associated with %s identity.' % (html_escape(saml_nameid)))
msg = 'Cannot get find any account associated with %s identity.' % (html_escape(saml_nameid))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)
token = get_token(auth.get_auth_token_saml, acc=ui_account, vo=ui_vo, idt=saml_nameid)
if not token:
if MULTI_VO:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.') % (html_escape(saml_nameid), html_escape(ui_account), html_escape(ui_vo)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s at VO %s.' % (html_escape(saml_nameid), html_escape(ui_account), html_escape(ui_vo))
else:
return RENDERER.problem(('Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.') % (html_escape(saml_nameid), html_escape(ui_account)))
msg = 'Cannot get auth token. It is possible that the presented identity %s is not mapped to any Rucio account %s.' % (html_escape(saml_nameid), html_escape(ui_account))
if ADDITIONAL_ERROR_MSG:
msg += ADDITIONAL_ERROR_MSG
return RENDERER.problem(msg)
return finalize_auth(token, 'saml', cookie_extra)

return RENDERER.problem("Not authenticated")
Expand Down
11 changes: 6 additions & 5 deletions lib/rucio/web/ui/templates/base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
Authors:
- Mario Lassnig, <mario.lassnig@cern.ch>, 2014
- Thomas Beermann, <thomas.beermann@cern.ch>, 2014-2019
- Thomas Beermann, <thomas.beermann@cern.ch>, 2014-2020
- Martin Barisits, <martin.barisits@cern.ch>, 2014
- Cedric Serfon, <cedric.serfon@cern.ch>, 2015-2019
- Vincent Garonne, <vincent.garonne@cern.ch>, 2015
Expand Down Expand Up @@ -150,10 +150,11 @@
<li class="has-dropdown">
<a>Other Monitoring</a>
<ul class="dropdown">
<li><a href="http://dashb-atlas-data.cern.ch/ddm2/">DDM Dashboard</a>
<li><a href="http://dashb-fts-transfers.cern.ch/">FTS Dashboard</a>
<li><a href="https://fts3-pilot.cern.ch:8449/fts3/ftsmon/#/">FTS Monitor CERN</a>
<li><a href="https://www-ftsmon-test.gridpp.rl.ac.uk:8449/fts3/ftsmon/#/">FTS Monitor RAL</a>
<li><a href="https://monit-grafana.cern.ch/d/FtSFfwdmk/ddm-transfers?orgId=17">DDM Dashboard</a>
<li><a href="https://monit-grafana.cern.ch/d/CIjJHKdGk/fts-transfers-es?orgId=20">FTS Dashboard</a>
<li><a href="https://fts3-atlas.cern.ch:8449/fts3/ftsmon/#/">FTS Monitor CERN</a>
<li><a href="https://fts.usatlas.bnl.gov:8449/fts3/ftsmon/#/">FTS Monitor BNL</a>
<li><a href="https://fts3-pilot.cern.ch:8449/fts3/ftsmon/#/">FTS Monitor CERN (pilot)</a>
<li><a href="http://bigpanda.cern.ch/">PanDA Monitor</a>
<li><a href="http://adc-monitoring.cern.ch/">ADC Monitoring</a>
</ul>
Expand Down

0 comments on commit c8d4119

Please sign in to comment.