You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2015/03/17 13:31:39 UTC
[1/3] git commit: updated refs/heads/4.4 to e8f7215
Repository: cloudstack
Updated Branches:
refs/heads/4.4 8e58bc087 -> e8f7215b2
CS-18149: UI - no longer store sessionKey in cookie. After
... this change, opening the 2nd browser window (of the same
domain) will show login screen (i.e. user has to enter
credentials again) and will cause the 1st browser window
session timeout.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
ui/scripts/cloudStack.js
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0b68bf2e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0b68bf2e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0b68bf2e
Branch: refs/heads/4.4
Commit: 0b68bf2ead4f0902945f63601cf5c8b80046f8fb
Parents: 8e58bc0
Author: Jessica Wang <je...@apache.org>
Authored: Fri Mar 13 13:14:42 2015 +0530
Committer: Daan Hoogland <da...@onecht.net>
Committed: Tue Mar 17 12:58:21 2015 +0100
----------------------------------------------------------------------
ui/scripts/cloudStack.js | 53 +++++++++++++++++++++++++------------------
1 file changed, 31 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0b68bf2e/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index b6dd559..367a0df 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -125,23 +125,26 @@
bypassLoginCheck: function(args) { //determine to show or bypass login screen
if (g_loginResponse == null) { //show login screen
/*
- but if this is a 2nd browser window (of the same domain), login screen still won't show because $.cookie('sessionKey') is valid for 2nd browser window (of the same domain) as well.
- i.e. calling listCapabilities API with g_sessionKey from $.cookie('sessionKey') will succeed,
- then userValid will be set to true, then an user object (instead of "false") will be returned, then login screen will be bypassed.
- */
- g_mySession = $.cookie('JSESSIONID');
- g_sessionKey = $.cookie('sessionKey');
- g_role = $.cookie('role');
- g_username = $.cookie('username');
- g_userid = $.cookie('userid');
- g_account = $.cookie('account');
- g_domainid = $.cookie('domainid');
- g_userfullname = $.cookie('userfullname');
- g_timezone = $.cookie('timezone');
- if ($.cookie('timezoneoffset') != null)
- g_timezoneoffset = isNaN($.cookie('timezoneoffset')) ? null : parseFloat($.cookie('timezoneoffset'));
- else
- g_timezoneoffset = null;
+ * Since we no longer store sessionKey in cookie, opening the
+ * 2nd browser window (of the same domain) will show login screen (i.e. user has to
+ * enter credentials again) and will cause the 1st browser window session timeout.
+ */
+ var unBoxCookieValue = function (cookieName) {
+ var cookieValue = $.cookie(cookieName);
+ if (cookieValue && cookieValue.length > 2 && cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
+ cookieValue = cookieValue.slice(1, cookieValue.length-1);
+ $.cookie(cookieName, cookieValue, { expires: 1 });
+ }
+ return cookieValue;
+ };
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
+ g_role = unBoxCookieValue('role');
+ g_userid = unBoxCookieValue('userid');
+ g_domainid = unBoxCookieValue('domainid');
+ g_account = unBoxCookieValue('account');
+ g_username = unBoxCookieValue('username');
+ g_userfullname = unBoxCookieValue('userfullname');
+ g_timezone = unBoxCookieValue('timezone');
} else { //single-sign-on (bypass login screen)
g_mySession = $.cookie('JSESSIONID');
g_sessionKey = encodeURIComponent(g_loginResponse.sessionkey);
@@ -272,9 +275,6 @@
g_timezoneoffset = loginresponse.timezoneoffset;
g_userfullname = loginresponse.firstname + ' ' + loginresponse.lastname;
- $.cookie('sessionKey', g_sessionKey, {
- expires: 1
- });
$.cookie('username', g_username, {
expires: 1
});
@@ -395,9 +395,8 @@
g_kvmsnapshotenabled = null;
g_regionsecondaryenabled = null;
g_loginCmdText = null;
-
+
$.cookie('JSESSIONID', null);
- $.cookie('sessionKey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -422,6 +421,16 @@
});
},
+ samlLoginAction: function(args) {
+ $.cookie('JSESSIONID', null);
+ $.cookie('username', null);
+ $.cookie('account', null);
+ $.cookie('domainid', null);
+ $.cookie('role', null);
+ $.cookie('timezone', null);
+ window.location.href = createURL('samlSso');
+ },
+
// Show cloudStack main UI widget
complete: function(args) {
var context = {
[2/3] git commit: updated refs/heads/4.4 to e8f7215
Posted by da...@apache.org.
api: avoid sending sensitive data in api response
- UI: use post when updating user
- S3: don't send s3 key in the response
- VPN: don't send preshared key in remoteaccessvpn api response
- Snapshot response should set zone id not volume's device id
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
server/src/com/cloud/api/ApiResponseHelper.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d3122a1b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d3122a1b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d3122a1b
Branch: refs/heads/4.4
Commit: d3122a1b8cf27a6f84c5a2cdba11f8926029cf5b
Parents: 0b68bf2
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Wed Mar 11 16:30:20 2015 +0530
Committer: Daan Hoogland <da...@onecht.net>
Committed: Tue Mar 17 13:16:22 2015 +0100
----------------------------------------------------------------------
server/src/com/cloud/api/ApiResponseHelper.java | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d3122a1b/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 3d174c7..5c6df1b 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -452,6 +452,10 @@ public class ApiResponseHelper implements ResponseGenerator {
snapshotResponse.setVolumeId(volume.getUuid());
snapshotResponse.setVolumeName(volume.getName());
snapshotResponse.setVolumeType(volume.getVolumeType().name());
+ DataCenter zone = ApiDBUtils.findZoneById(volume.getDataCenterId());
+ if (zone != null) {
+ snapshotResponse.setZoneId(zone.getUuid());
+ }
}
snapshotResponse.setCreated(snapshot.getCreated());
snapshotResponse.setName(snapshot.getName());
[3/3] git commit: updated refs/heads/4.4 to e8f7215
Posted by da...@apache.org.
ui: if session cookie exists, use it to set global session holder and invalidate it
The 19e3c0168e744a76b5e1dc24a5eafa776d342404 commit breaks SAML login and any
login where redirection is used.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e8f7215b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e8f7215b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e8f7215b
Branch: refs/heads/4.4
Commit: e8f7215b2629808dc6376f137df2a8080f9204fe
Parents: d3122a1
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Fri Mar 13 15:01:11 2015 +0530
Committer: Daan Hoogland <da...@onecht.net>
Committed: Tue Mar 17 13:20:46 2015 +0100
----------------------------------------------------------------------
ui/scripts/cloudStack.js | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e8f7215b/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 367a0df..7e67850 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -137,14 +137,22 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('JSESSIONID');
+ unBoxCookieValue('sessionkey');
+ // if sessionkey cookie exists use this to set g_sessionKey
+ // and destroy sessionkey cookie
+ if ($.cookie('sessionkey')) {
+ g_sessionKey = $.cookie('sessionkey');
+ $.cookie('sessionkey', null);
+ } else {
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
+ }
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
g_account = unBoxCookieValue('account');
g_username = unBoxCookieValue('username');
g_userfullname = unBoxCookieValue('userfullname');
- g_timezone = unBoxCookieValue('timezone');
+ g_timezone = unBoxCookieValue('timezone');
} else { //single-sign-on (bypass login screen)
g_mySession = $.cookie('JSESSIONID');
g_sessionKey = encodeURIComponent(g_loginResponse.sessionkey);
@@ -397,6 +405,7 @@
g_loginCmdText = null;
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -423,6 +432,7 @@
samlLoginAction: function(args) {
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);