Improve blocking of non local urls

It was found that the original check didn't stop
http:www.google.com forwards. This fixes that issue.

Tested: Verified that the url forward didn't work

Change-Id

Improve blocking of non local urls

It was found that the original check didn't stop
http:www.google.com forwards. This fixes that issue.

Tested: Verified that the url forward didn't work

Change-Id: I44a9b84218e15ddd0d37d5fbda633b66326da1f4
Signed-off-by: James Feist <james.feist@linux.intel.com>

show more ...

Block forwarding to non-local url

Currently we don't protect against forwarding to remote
url, so things like:

https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com

can be used to forward an uns

Block forwarding to non-local url

Currently we don't protect against forwarding to remote
url, so things like:

https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com

can be used to forward an unsuspecting user to a different
url. This fixes that issue.

Tested: Local redirects still work, above link does not

Closes #109

Change-Id: I4d6c52880156802860f405af43037fb84235912f
Signed-off-by: James Feist <james.feist@linux.intel.com>

show more ...

Clean up color values

This update will clean up slight color variations in the
code base by creating and using Sass color variables
instead of hex values. Available colors are defined in
colors.scss

Clean up color values

This update will clean up slight color variations in the
code base by creating and using Sass color variables
instead of hex values. Available colors are defined in
colors.scss. Any usage of CSS color properties should
refer to the mapped color variables in colors.scss.

- Removed tags.scss file since tag components no longer used

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I045030a158469e59d07a9fa8cd8aa9f125f0d383

show more ...

Consolidate button styles

This patchset will create consistent button styling according
to the styleguide and remove redundant button styles by creating
reusable button classes.

This patchset also

Consolidate button styles

This patchset will create consistent button styling according
to the styleguide and remove redundant button styles by creating
reusable button classes.

This patchset also implements a consistent strategy for including
icon assets. Currently, svg icons are imported as CSS background
images or inlined into the markup. Inlining an svg is preferred,
especially when used with buttons or links so the colors can
be easily changed for different states (hover, focus, disabled)
without having to request variants.
The icon provider allows us to inline svgs without cluttering
the markup. Webpack config was adjusted to use svg-inline-loader
when resolving svgs that are used by the icon provider directive.

- All svgs were optimized to remove unncessary information.
- Removed unused svg color variants
- Moved icons used by icon provider to separate directory to
avoid Webpack parsing the files twice
- Small changes to navigation icons

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I1ca214b74fc502e6b6e760cfee88b48110237c43

show more ...

Add .ng-leave and .ng-enter rulesets for page transition

Adding ngAnimation dependency created added animation to pages during
route or location changes. Added transitions to create an elegant
trans

Add .ng-leave and .ng-enter rulesets for page transition

Adding ngAnimation dependency created added animation to pages during
route or location changes. Added transitions to create an elegant
transition.

Tested: I navigated to every page including logging in
and out in Chrome, Firefox and Safari to assure all
browsers handle the transition consistently.

Resolves openbmc/phosphor-webui#86

Signed-off-by: Derick Montague <derick.montague@ibm.com>
Change-Id: I14fa1bd790e80f977b7a0ccceccc3eb20ce33ae6

show more ...

Fix login error message

Respose for invalid credentials changed and login page
was no longer displaying the correct error message to
the user when invalid credentials were entered.

Resolves openbmc

Fix login error message

Respose for invalid credentials changed and login page
was no longer displaying the correct error message to
the user when invalid credentials were entered.

Resolves openbmc/phosphor-webui#72

Tested: Logged in with incorrect credentials and saw the
correct message. Also logged in with an unreachable
host and saw that that message was displaying
correctly.

Change-Id: I65cc6d6a061986568aded09555c5f75bcd59fe56
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Form validation on login page

Using ngMessages, adds form validation to login page. Also creates a
directive, hasError, to be used to validate form field by passing
in a boolean. This is a proposed

Form validation on login page

Using ngMessages, adds form validation to login page. Also creates a
directive, hasError, to be used to validate form field by passing
in a boolean. This is a proposed pattern to be used moving forward,
as form validation is added to additional pages.

Validation error messages are shown on $touched and on submit.
Unreachable Server and Invalid username and password error messages
remain until input is no longer $pristine after form submission.

In addition, this removes unneeded and unused css styling

Resolves openbmc/phosphor-webui#47

Change-Id: I7a067af67ac74d4cf2977d10f66445720ecae9eb
Signed-off-by: beccabroek <beccabroek@gmail.com>

show more ...

Fix issue for responsive design: Login screen

This push fixes the issue of the logo and input alignment in login
screen on tablets portrait and landscape mode. They are centrally
aligned in these vi

Fix issue for responsive design: Login screen

This push fixes the issue of the logo and input alignment in login
screen on tablets portrait and landscape mode. They are centrally
aligned in these views. Gets rid of the unwanted horizontal scrollbar
in tablets.

Change-Id: I31fd9caa881e0ffb6b1cd58701d911ee916dd419
Signed-off-by: Ryan Arnell <iffy.ryan@ibm.com>

show more ...

phosphor-webui: Allow after login redirects

When redirecting a user to a login url, it is helpful to be able to
point them to a url that after login, will forward to the requested
page.

This is acc

phosphor-webui: Allow after login redirects

When redirecting a user to a login url, it is helpful to be able to
point them to a url that after login, will forward to the requested
page.

This is accomplished by the use of a url param named "next" which
specifies the URL that the user wants to be redirected to after login.
If no next url is specified, the user is redirected to the overview
page, like the vehavior before.

Change-Id: Iff0da65632119a8f7ae3f35eb74147ca67563f30
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

login-controller.html: Fix indents

Change-Id: Ie6867b29eb7e785ad48c918d605ccfff955e3102
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Do not autocomplete username and password

Security scanners list autocomplete on as a medium priority
issue. The concern being someone could use it to compromise
a bmc with a password saved on a com

Do not autocomplete username and password

Security scanners list autocomplete on as a medium priority
issue. The concern being someone could use it to compromise
a bmc with a password saved on a compromised computer.

Resolves openbmc/phosphor-webui#18

Change-Id: Ie6936d84a0b94a81781a077d1542a6ce1d413d6d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Highlight correct fields on errors

If the error is 'Invalid username or password', the 'Username'
and 'Password' fields now becomes red.
On any other error (e.g. Server unreachable) the
'BMC Host or

Highlight correct fields on errors

If the error is 'Invalid username or password', the 'Username'
and 'Password' fields now becomes red.
On any other error (e.g. Server unreachable) the
'BMC Host or BMC IP Address' field is red.

Before the 'BMC Host or BMC IP Address' and 'Username'
were red on all errors.

Resolves openbmc/phosphor-webui#17

Tested: See correct fields highlighted.
Change-Id: I55514cfb428170cd125ec01eb4c7184fbadd3894
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Add comment for keyCode 13

keyCode 13 is the 'Enter' button.

Change-Id: I49d6fc00b8e009835b93ed1f62f7f22be083216e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Login: Remove unused APIUtils

Tested: Able to login

Change-Id: I50e459b5b3f35e731649377665449123d4934709
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Login: Remove unused routeParams

Tested: Able to login
Change-Id: Id87900c160781edf4cb473d32f7d7fa3112c6dd7
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Move to clang-format-6.0

The docker image moved from clang-format-5.0 to clang-format-6.0.

Change-Id: I3c615d7df1f21569531b4dc2cb0bc4f425cb43f8
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Remove unused app/constants/ dir

All the constants are defined here:
https://github.com/openbmc/phosphor-webui/blob/master/app/common/services/constants.js
Constants are injected as part of app.comm

Remove unused app/constants/ dir

All the constants are defined here:
https://github.com/openbmc/phosphor-webui/blob/master/app/common/services/constants.js
Constants are injected as part of app.common.services.
This environment-constants.js or environment-constants.json could
be repurposed to configure features but going with something else,
https://gerrit.openbmc-project.xyz/#/c/11311/.

Tested: Quick manual regression test on the pages.
Change-Id: I59ba4f47fe8a927cb5f68a2657dfea9c61cd5f28
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Format code using clang-format-5.0

Once merged, this repository will have CI enforce
the coding guidelines in the .clang-format file.

Change-Id: I96a05972665f9c67625c6850c3da25edc540be06
Signed-off

Format code using clang-format-5.0

Once merged, this repository will have CI enforce
the coding guidelines in the .clang-format file.

Change-Id: I96a05972665f9c67625c6850c3da25edc540be06
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

Run js-beautify and fixjsstyle on code

Found this pointer on stackoverflow:
https://stackoverflow.com/a/31660434/5508494

End goal is to get the code formatted well enough that
clang format will run

Run js-beautify and fixjsstyle on code

Found this pointer on stackoverflow:
https://stackoverflow.com/a/31660434/5508494

End goal is to get the code formatted well enough that
clang format will run correctly against it.

Change-Id: I80053e78d253d8eee49233e42d55e5807ae8fdc8
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

Rename BMC Host/IP field on login

Renamed the BMC Host/BMC IP Address field:
"BMC Host or BMC IP Address".
Like Password and Username, this is displayed as all caps.
We got feedback that "Host" coul

Rename BMC Host/IP field on login

Renamed the BMC Host/BMC IP Address field:
"BMC Host or BMC IP Address".
Like Password and Username, this is displayed as all caps.
We got feedback that "Host" could mean a lot of things
and should specify this is the BMC.

Closes openbmc/openbmc#3147

Change-Id: If8b4e7b8a8bf912631fb39cc271ee87ce38c470d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Remove the version from each file

Already have a Web UI version, no need to track the version
of each file. These have not been getting updated.

Change-Id: I1cd3a2c2d67b24ded5edcca9dbfd3f6806d93ed4

Remove the version from each file

Already have a Web UI version, no need to track the version
of each file. These have not been getting updated.

Change-Id: I1cd3a2c2d67b24ded5edcca9dbfd3f6806d93ed4
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Move login error to common error style

Created a generic error class, have the login error inherit it.

Tested: Verified the login error looks the same.
Change-Id: Ief373fa37ea655cfcb544861a4e540abb

Move login error to common error style

Created a generic error class, have the login error inherit it.

Tested: Verified the login error looks the same.
Change-Id: Ief373fa37ea655cfcb544861a4e540abbe65f77e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Show error message received from server side

When an error occurs during authorization, display the error message
received from server side instead hardcoded message.

Partially resolves openbmc/ope

Show error message received from server side

When an error occurs during authorization, display the error message
received from server side instead hardcoded message.

Partially resolves openbmc/openbmc#2974
Resolves openbmc/openbmc#3024

Tested: Enter invalid username or password and verify error message
Change-Id: I91ca29d5a69e12e12ce490ce3206173de7d41f09
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

Removed bypass login script

We had a script that allowed users to bypass login to see the app
interface. We did this for testing purpose. This commit removes that
functionality and improves security

Removed bypass login script

We had a script that allowed users to bypass login to see the app
interface. We did this for testing purpose. This commit removes that
functionality and improves security.

Change-Id: I17255f16082d5460015788130f2482f2849ce975
Signed-off-by: Iftekharul Islam <iffy.ryan@ibm.com>

show more ...

Remove trailing spaces from files

Tested: Manually tested GUI for any regressions
Change-Id: I8c0922b7bd67b03b07e8880bc4dba3b862220b33
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>