You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/17 03:26:22 UTC
[5/6] nifi git commit: NIFI-655: - Added an endpoint for access
details including configuration, creating tokens,
and checking status. - Updated DTOs and client side to utilize new endpoints.
http://git-wip-us.apache.org/repos/asf/nifi/blob/7529694f/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
index 9e1dab6..b61988f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
@@ -31,8 +31,9 @@ nf.Login = (function () {
registration: '../nifi-api/registration',
identity: '../nifi-api/controller/identity',
users: '../nifi-api/controller/users',
- token: '../nifi-api/token',
- loginConfig: '../nifi-api/controller/login/config'
+ token: '../nifi-api/access/token',
+ accessStatus: '../nifi-api/access',
+ accessConfig: '../nifi-api/access/config'
}
};
@@ -210,167 +211,71 @@ nf.Login = (function () {
init: function () {
nf.Storage.init();
- var showMessage = false;
- var needsLogin = false;
- var needsNiFiRegistration = false;
-
if (nf.Storage.getItem('jwt') !== null) {
showLogoutLink();
}
- var token = $.ajax({
- type: 'GET',
- url: config.urls.token
- });
-
- var identity = $.ajax({
+ // access status
+ var accessStatus = $.ajax({
type: 'GET',
- url: config.urls.identity,
+ url: config.urls.accessStatus,
dataType: 'json'
+ }).fail(function (xhr, status, error) {
+ $('#login-message-title').text('Unable to check Access Status');
+ $('#login-message').text(xhr.responseText);
+ initializeMessage();
});
-
- var pageStateInit = $.Deferred(function (deferred) {
- // get the current user's identity
- identity.done(function (response) {
- // if the user is anonymous see if they need to login or if they are working with a certificate
- if (response.identity === 'anonymous') {
- supportsAnonymous = true;
-
- // request a token without including credentials, if successful then the user is using a certificate
- token.done(function (jwt) {
-
- // the user is using a certificate/token, see if their account is active/pending/revoked/etc
- $.ajax({
- type: 'GET',
- url: config.urls.registrationStatus
- }).done(function () {
- showMessage = true;
-
- // account is active and good
- $('#login-message-title').text('Success');
- $('#login-message').text('Your account is active and you are already logged in.');
- }).fail(function (xhr, status, error) {
- if (xhr.status === 401) {
- var user = nf.Common.getJwtSubject(jwt);
-
- // show the user
- $('#nifi-user-submit-justification').text(user);
-
- // anonymous user and 401 means they need nifi registration
- needsNiFiRegistration = true;
- } else {
- showMessage = true;
-
- // anonymous user and non-401 means they already have an account and it's pending/revoked
- $('#login-message-title').text('Access Denied');
- if ($.trim(xhr.responseText) === '') {
- $('#login-message').text('Unable to check registration status.');
- } else {
- $('#login-message').text(xhr.responseText);
- }
- }
- }).always(function () {
- deferred.resolve();
- });
- }).fail(function (tokenXhr) {
- if (tokenXhr.status === 400) {
- // no credentials supplied so 400 must be due to an invalid/expired token
- logout();
- }
-
- // no token granted, user has no certificate and needs to login with their credentials
- needsLogin = true;
- deferred.resolve();
- });
- } else {
- showMessage = true;
-
- // the user is not anonymous and has an active account (though maybe role-less)
- $('#login-message-title').text('Success');
- $('#login-message').text('Your account is active and you are already logged in.');
- deferred.resolve();
- }
- }).fail(function (xhr, status, error) {
- // unable to get identity (and no anonymous user) see if we can offer login
- if (xhr.status === 401) {
- // attempt to get a token for the current user without passing login credentials
- token.done(function (jwt) {
- var user = nf.Common.getJwtSubject(jwt);
-
- // show the user
- $('#nifi-user-submit-justification').text(user);
-
- // 401 from identity request and 200 from token means they have a certificate/token but have not yet requested an account
- needsNiFiRegistration = true;
- }).fail(function (tokenXhr) {
- if (tokenXhr.status === 400) {
- // no credentials supplied so 400 must be due to an invalid/expired token
- logout();
- }
-
- // no token granted, user needs to login with their credentials
- needsLogin = true;
- }).always(function () {
- deferred.resolve();
- });
- } else if (xhr.status === 403) {
- // attempt to get a token for the current user without passing login credentials
- token.done(function () {
- showMessage = true;
-
- // the user is logged in with certificate or credentials but their account is pending/revoked. error message should indicate
- $('#login-message-title').text('Access Denied');
- if ($.trim(xhr.responseText) === '') {
- $('#login-message').text('Unable to authorize you to use this NiFi and anonymous access is disabled.');
- } else {
- $('#login-message').text(xhr.responseText);
- }
- }).fail(function (tokenXhr) {
- if (tokenXhr.status === 400) {
- // no credentials supplied so 400 must be due to an invalid/expired token
- logout();
- }
-
- // no token granted, user needs to login with their credentials
- needsLogin = true;
- }).always(function () {
- deferred.resolve();
- });
- } else {
- showMessage = true;
-
- // the user is logged in with certificate or credentials but their account is pending/revoked. error message should indicate
- $('#login-message-title').text('Access Denied');
- if ($.trim(xhr.responseText) === '') {
- $('#login-message').text('Unable to authorize you to use this NiFi and anonymous access is disabled.');
- } else {
- $('#login-message').text(xhr.responseText);
- }
-
- deferred.resolve();
- }
- });
- }).promise();
-
- var loginConfigXhr = $.ajax({
+
+ // access config
+ var accessConfigXhr = $.ajax({
type: 'GET',
- url: config.urls.loginConfig,
+ url: config.urls.accessConfig,
dataType: 'json'
});
-
- // render the page accordingly
- $.when(loginConfigXhr, pageStateInit).done(function (loginResult) {
- var loginResponse = loginResult[0];
- var loginConfig = loginResponse.config;
-
+
+ $.when(accessStatus, accessConfigXhr).done(function (accessStatusResult, accessConfigResult) {
+ var accessStatusResponse = accessStatusResult[0];
+ var accessStatus = accessStatusResponse.accessStatus;
+
+ var accessConfigResponse = accessConfigResult[0];
+ var accessConfig = accessConfigResponse.config;
+
+ // record whether this NiFi supports anonymous access
+ supportsAnonymous = accessConfig.supportsAnonymous;
+
+ // possible login states
+ var needsLogin = false;
+ var needsNiFiRegistration = false;
+ var showMessage = false;
+
+ // handle the status appropriately
+ if (accessStatus.status === 'UNKNOWN') {
+ needsLogin = true;
+ } else if (accessStatus.status === 'UNREGISTERED') {
+ needsNiFiRegistration = true;
+
+ $('#nifi-user-submit-justification').text(accessStatus.username);
+ } else if (accessStatus.status === 'NOT_ACTIVE') {
+ showMessage = true;
+
+ $('#login-message-title').text('Access Denied');
+ $('#login-message').text(accessStatus.message);
+ } else if (accessStatus.status === 'ACTIVE') {
+ showMessage = true;
+
+ $('#login-message-title').text('Success');
+ $('#login-message').text('Your account is active and you are already logged in.');
+ }
+
// if login is required, verify its supported
- if (loginConfig.supportsLogin === false && needsLogin === true) {
+ if (accessConfig.supportsLogin === false && needsLogin === true) {
$('#login-message-title').text('Access Denied');
$('#login-message').text('This NiFi is not configured to support login.');
showMessage = true;
needsLogin = false;
}
+ // initialize the page as appropriate
if (showMessage === true) {
initializeMessage();
} else if (needsLogin === true) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/7529694f/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
index 53128b9..3be6b91 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
@@ -102,7 +102,7 @@ nf.Common = (function () {
}
},
urls: {
- token: '../nifi-api/token'
+ token: '../nifi-api/access/token'
}
},
@@ -163,7 +163,7 @@ nf.Common = (function () {
if (timeRemaining < interval) {
// if the token will expire before the next interval minus some bonus time, refresh now
$.ajax({
- type: 'GET',
+ type: 'POST',
url: nf.Common.config.urls.token
}).done(function (jwt) {
nf.Storage.setItem('jwt', jwt, nf.Common.getJwtExpiration(jwt));