#6529 Login overlay

v1.0.1
closed
General
2015-08-20
2013-08-07
Cory Johns
No

Create a decorator or require_access alternative that allows the page to render but causes a login overlay dialog to be displayed over the page, similar to this mockup.

The overlay should load an iframe from the URL specified in auth.login_fragment_url with the appropriate return_to info provided, which should submit to _top to reload the source page.

Also, the overlay should be a little lighter than the mockup and the box should be movable so that the underlying page can be inspected (although not interacted with) as the purpose behind this is to showcase what can be done when logged in.

A default fragment implementation should be provided based on the default login view in allura.controllers.auth.AuthController. A SFX fragment implementation will need to be created, as well, for SF.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2013-08-08
    • Milestone: forge-backlog --> forge-aug-23
     
  • Dave Brondsema

    Dave Brondsema - 2013-08-09
    • Size: --> 4
     
  • Dave Brondsema

    Dave Brondsema - 2013-08-23
    • Milestone: forge-aug-23 --> forge-sep-06
     
  • Dave Brondsema

    Dave Brondsema - 2013-08-23
    • Milestone: forge-sep-06 --> forge-sep-20
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-04

    For SF, we should consider putting the CSS in the parent sftheme styles so that it can be re-used with sfpy.

     
  • Cory Johns

    Cory Johns - 2013-09-10
    • status: open --> in-progress
    • assigned_to: Cory Johns
     
  • Cory Johns

    Cory Johns - 2013-09-10

    allura:cj/6529
    sftheme:cj/6529
    sfx:cj/6529

     
  • Cory Johns

    Cory Johns - 2013-09-10
    • status: in-progress --> code-review
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-11
    • QA: Dave Brondsema
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-11
    • status: code-review --> in-progress
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-11
    • Allura/allura/templates/login_fragment.html is missing
    • It might be a side-effect of the missing template, but the login overlay box appears at the bottom of the page, not floating above the main content, and the main content isn't grayed out at all.
    • why is require_access needed in the process() method since it's already happening in _check_security? Is it because _check_security is running but merely doing an overlay and not blocking the request? That is a little unsettling. We'll have to be careful when we use login_overlay within _check_security.
    • Somethings sits wrong with me when I see lib/security.py setting c.show_login_overlay. I'm not sure exactly how to make it better though. Instead of require[_access] functions doing it, the controller could catch HTTPUnauthorized and set c.show_login_overlay. I think it's a little better to have that in the controller layer, but then we have a few lines of boilerplate in every controller that uses it. A helper function could do it? But that is starting to seem silly since it's just a few lines of code right now.
    • tests?
     
  • Cory Johns

    Cory Johns - 2013-09-12

    I totally forgot to git add a couple of new files, so that's why it's broken. I force-pushed those changes if you want to take a look, but...

    I also wasn't super happy with putting the logic in require* but wasn't sure of a better approach. I went with putting it in there because the view code is in master.html, so I figured it was already "system level," but I'm not happy with it. Also, the reason for the extra require_access check in process is because we don't want to show the overlay for the action methods, which is another side-effect of the logic being in the wrong place.

    I'm thinking now what would be better would be to make this a decorator that catches and overrides the HTTPUnauthorized / login redirect for only the decorated view. I'll look in to making that change as well as adding tests.

     
  • Cory Johns

    Cory Johns - 2013-09-12
    • status: in-progress --> code-review
     
  • Cory Johns

    Cory Johns - 2013-09-12

    Refactor and tests (force) pushed to:
    allura:cj/6529

     
  • Dave Brondsema

    Dave Brondsema - 2013-09-12
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-12
    • need target=_top on Forgot pwd and Create Account links (sfx)
    • I'd like to see a bit more in the way of docs. We don't have a good doc yet on custom authentication or custom themes to which we could add (only docs/extending.html), so I'd say just at a minimum:
      • include # auth.login_fragment_url in development.ini so its discoverable
      • docstring for login_overlay (the exceptions param really confused me since I initially though it was for http exception types)
    • in sftheme I believe we can call out to allura_theme_macros.login_overlay() and re-use the Allura version directly instead of duplicating
     
  • Dave Brondsema

    Dave Brondsema - 2013-09-12
    • status: code-review --> in-progress
     
  • Cory Johns

    Cory Johns - 2013-09-16
    • status: in-progress --> code-review
     
  • Cory Johns

    Cory Johns - 2013-09-16

    Pushed to all of:
    allura:cj/6529
    sftheme:cj/6529
    sfx:cj/6529

    Btw, I couldn't get a decorator to work because the _check_security happens before the view method is even resolved so the decorator never comes in to play. I definitely don't like the exceptions parameter but I couldn't figure out a better way to do it. I'd love suggestions.

     
  • Dave Brondsema

    Dave Brondsema - 2013-09-16
    • status: code-review --> closed
     

Log in to post a comment.