Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 353702 - Redesign the authentication facility to not use eval on 401
Summary: Redesign the authentication facility to not use eval on 401
Status: RESOLVED FIXED
Alias: None
Product: Orion
Classification: ECD
Component: Client (show other bugs)
Version: 0.2   Edit
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: 0.3 M2   Edit
Assignee: Szymon Brandys CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 354974 355070 355193
Blocks: 354975 355037 355064
  Show dependency tree
 
Reported: 2011-08-03 03:52 EDT by Szymon Brandys CLA
Modified: 2011-08-22 06:54 EDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Szymon Brandys CLA 2011-08-03 03:52:33 EDT
We should not use eval as we do now when 401 happens. The new approach is that on 401 Orion opens a dialog with an IFrame or a separate window which hosts the login UI.
Comment 1 Szymon Brandys CLA 2011-08-03 11:52:51 EDT
The work is in bug353702 branch.

- new login dialog is created (LoginWindow.html)
- eval() in auth.js is removed and now we open the UI in a popup window
- moreover on 401 we don't send any js code now

To do:
- we need somehow to populate the user section in the header. The plan is to have a new UserPlugin that provides links for signIn, signOut and User UI. We will open the first two in popup windows. I'll try to use postMessage to notify the main window whether sign in/out was successful or not. If it does not work we will just use redirect.
- 401 should return the location of SignIn UI, at this point it is hardcoded in auth.js.
Comment 2 Malgorzata Janczarska CLA 2011-08-05 13:06:57 EDT
to out branch I've committed a proof of concept for this point:
>- we need somehow to populate the user section in the header. The plan is to have a new UserPlugin that provides links for signIn, signOut and User UI. We will open the first two in popup windows. I'll try to use postMessage to notify the main window whether sign in/out was successful or not. If it does not work we will just use redirect.
I would like to see how you like it. This is how it works:
1. Any plugin may add a property "auth" containing a link to another plugin that provides authentication
2. authentication plugin is provided by the server
3. authentication plugin provides 3 methods
	* getUser - returns information about the user that is logged it
	* getAuthForm - returns a link to authentication form that is opened in popup
	* logout - loggs out
Current implementation displays information about the first existing authentication plugin. But if we design a proper UI to display more than one SignIn/SignOut we can use more that one authentication plugin.
Comment 3 Szymon Brandys CLA 2011-08-17 11:33:15 EDT
We can authenticate to multiple services now, so the UI for sign in/ sign out/user profile (in the top right corner) needs to be updated. We need something smarter that shows all services that we are logged in and allows to go to appropriate user profile pages. I talked to Gosia about it today and she started looking at it.

Gosia, please open a separate bug for it, if we don't have one yet.
Comment 4 Szymon Brandys CLA 2011-08-22 06:54:27 EDT
branch bug353702 merged to master. Marking this bug fixed.