If the user is admin or don't have an ID the identity panel
will be loaded. In any other case the project panel will be loaded.
This will also check if the panel is unregistred, and if the
session has expired it will lead to the login screen.
Closes-Bug: #1659818
Change-Id: I27300e928855ec10ca5d2a623d636e50d756b698
When the password is successfully changed, the background colour
of the success message is changed from red to green to avoid
users mistaking it for an error message.
Change-Id: Icbaae9f15d02368539e47cd5e929c19ed67b5fed
Closes-Bug: #1520486
This patch supports using domain scoped tokens against keystone v3.
Use Cases:
Cloud Admin - view and manage identity resources across domains
Domain Admin - view and manage identity resources in the domain logged in
User - view identity project in the domain logged in
Regression:
Supports keystone v2 through local_settings.py configuration
Supports keystone v3 with multidomain = False
Supports keystone v3 with mulitdomain = True
Relates to https://review.openstack.org/#/c/141153/
Background on how to test is here
https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow
Co-Authored-By: Brad Pokorny <Brad_Pokorny@symantec.com>
Co-Authored-By: Brian Tully <brian.tully@hp.com>
Co-Authored-By: Michael Hagedorn <mike.hagedorn@hp.com>
Co-Authored-By: woomatt <matt.wood@hp.com>
Partially Implements: blueprint domain-scoped-tokens
Closes-Bug: #1413851
Change-Id: Iaa19bfef9b0c70304ff81d083c62b218b2d02479
Allow user to configure messages to display to the user
after they login.
Change-Id: I6dc0318708d0f964e52c8b127718297fc723651c
Implements: blueprint message-of-the-day
By rendering the login page within the GET / path we cannot trap the /auth
location from horizon to allow us to setup kerberos and other REMOTE_USER tasks
on that path.
On initial unauthenticated request redirect the user to /auth/login.
Change-Id: Ibe577672fc67a33460ea5d8726925b7e4b2a65e9
Closes-Bug: #1418440
In the initial page (http://<ip>:<port>) the
password field not showing the password visibility
icon.
If we go to login page (http://<ip>:<port>/auth/login)
the password visibility icon is shown properly.
Now both the address are using the same template so
the password visibility icon shown in the initial
page also and the unused template is deleted.
Change-Id: Ia8063c54143c5394c927cf7aea7c15c3e9373dd0
Closes-Bug: #1408220
the horizon login page (really the middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.
Change-Id: I9d2c40403fb9b0cfb512f2ff45397cbe0b050c71
Closes-Bug: 1394370
1) This patch fixes the session timeout string problem which
occurs when users clicks on the UI and Ui redirects the
user to the login page but without session timeout message.
2) This patch also fixes other cases of unnecessary logout
messages.
Closes-Bug: #1231355
Change-Id: I9824db44382247d64cc8c399eb5e855e818e8781
Warnings H904, H307 and H405 are new or considerably changed, and will
be fixed in a separate patch.
Closes-bug: #1349820
Partial-bug: #1347472
Change-Id: I4fd28990dacf16f03a4eaa6074ef59c37f1a2c14
The Login form lives in openstack_auth.forms and should be directly
imported from that file.
Change-Id: I42808530024bebb01604adbf4828769812856bf3
Closes-Bug: #1332149
Remove vim setting:
comment - # vim: tabstop=4 shiftwidth=4 softtabstop=4
at the top of source code files, except for files in
openstack/common.
Change-Id: I9a5c6b17c6ef7ecec601f4503dfc7b31fc72e90a
Close-bug: #1229324
The existing get_user_home implementation expects both the 'admin'
and 'project' dashboards to exist and throws an exception if they
are missing. With the inclusion of configurable dashboard loading,
we can no longer count on certain dashboards being loaded.
Closes-Bug: #1293727
Change-Id: I4ee0b7b313f4e1b27c0daea829c8b38282fa78d9
Dashboard has its own splash, with a hardcoded get_user_home that
igonres HORIZON_CONFIG. This patch makes it use horiozn.get_user_home
which actually checks the user_home setting, and with the default
settings.py, uses dashboard's get_user_home anyways, but allows for
changing that default behavior.
Change-Id: Id2d957f0cd8fbbbbb8f2c053f0c5df4be177e18c
Closes-bug: #1301935
This patch set removes some commented out stuff that
has been unintentially left in "H302 check" patch set.
It also replaces a couple more method imports with
module imports.
Fixes bug 1215892
Change-Id: I35fd880154a4ea6d6d8d3b3615103c271aa4a005
This patch replaces some method imports with module imports and
makes H302 test enabled.
Fixes bug 1188531
Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
Moves everything OpenStack-specific (dashboards, apis, etc.)
into the openstack_dashboard project, achieving a much
cleaner separation between the project-specific code and
the generic Horizon framework code.
Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
Moved the tests to the horizon portion since they test core functionality.
This also required moving some of the templates, etc. that belong in horizon
to their proper homes.
Change-Id: I7d9758845b81e4b8bcf1ffaaff4f6e237b4fe9f8
Switch to using the self-contained django_openstack_auth
package which is a proper django.contrib.auth pluggable
backend.
Notable functional improvements include:
* Better overall security via use of standard Django
auth code (well-vetted by security experts).
* Token expiration checking.
* User "enabled" attribute checking.
* Support for full range of Django auth attributes
such as is_anonymous, is_active, is_superuser, etc.
* Improved hooks for RBAC/permission-based acess control.
Regarding the RBAC/permission-based access control, this
patch moves all "role" and "service"-oriented checks to
permission checks. This will make transitioning to
policy-driven checking much easier once that fully lands
in OpenStack.
Implements blueprint move-keystone-support-to-django-auth-backend
Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
Cleans up Horizon's JavaScript to make it properly modular and
well-organized.
Adds unit tests written in QUnit for some of the JS modules
as a starting point for the JS test framework. You can visit
/qunit/ with DEBUG=True in your settings to access the JS
test runner.
Fixes bug 961509.
Change-Id: Ica33765660d0ed80f22c71bc96f122c3fc8b80cc
* Applies the sensitive_post_parameters and sensitive_variables
decorators to functions that handle sensitive data.
* Defines a custom Exception Filter class to provide some added
security.
* Adds notes on logging to the docs.
Fixes bug 1004114 for Horizon.
Change-Id: I13ac91d91e0ed2322cc61633b02455cfed39fdcd
There are no longer two separate projects living inside the horizon
repository. There is a single project now with a single setup.py,
single README, etc.
The openstack-dashboard/dashboard django project is now named
"openstack_dashboard" and lives as an example project in the
topmost horizon directory.
The "horizon/horizon" directory has been bumped up a level and now
is directly on the path when the root horizon directory is on
your python path.
Javascript media which the horizon module directly relies upon
now ships in the horizon/static dir rather than
openstack-dashboard/dashboard/static.
All the corresponding setup, installation, build, and env scripts
have been updated accordingly.
Implements blueprint unified-packaging.
Change-Id: Ieed8e3c777432cd046c3e0298869a9428756ab62