polkitAgent: Use dialog as confirmation when the user has no password

When a user has no password and a polkit authentication is started,
instead of blindly initiating the admin session, the regular
"Authentication Requested" dialog is shown (but without the password
entry). This means that the user's admin session is only effectively
started after the user chooses to proceed with the authentication which
provides an extra confirmation step that can be vital for critical
tasks.

Ideally we should use a different wording than "authentication" when the
user has no password set, and use "confirmation" instead. However polkit
already sends the requests with such messages (e.g. "Authentication is
required to configure software repositories"), and it's important to
show those to the user, so this patch keeps the regular wording.
This commit is contained in:
Joaquim Rocha 2017-07-19 13:42:34 +02:00
parent 7f8a1ec1fb
commit 903036e244

View File

@ -27,6 +27,11 @@ var WORK_SPINNER_ICON_SIZE = 16;
var WORK_SPINNER_ANIMATION_DELAY = 1.0; var WORK_SPINNER_ANIMATION_DELAY = 1.0;
var WORK_SPINNER_ANIMATION_TIME = 0.3; var WORK_SPINNER_ANIMATION_TIME = 0.3;
const DialogMode = {
AUTH: 0,
CONFIRM: 1
};
var AuthenticationDialog = new Lang.Class({ var AuthenticationDialog = new Lang.Class({
Name: 'AuthenticationDialog', Name: 'AuthenticationDialog',
Extends: ModalDialog.ModalDialog, Extends: ModalDialog.ModalDialog,
@ -59,10 +64,6 @@ var AuthenticationDialog = new Lang.Class({
this._user = AccountsService.UserManager.get_default().get_user(userName); this._user = AccountsService.UserManager.get_default().get_user(userName);
let userRealName = this._user.get_real_name() let userRealName = this._user.get_real_name()
this._userLoadedId = this._user.connect('notify::is_loaded',
Lang.bind(this, this._onUserChanged));
this._userChangedId = this._user.connect('changed',
Lang.bind(this, this._onUserChanged));
// Special case 'root' // Special case 'root'
let userIsRoot = false; let userIsRoot = false;
@ -98,10 +99,14 @@ var AuthenticationDialog = new Lang.Class({
y_align: St.Align.MIDDLE }); y_align: St.Align.MIDDLE });
} }
this._onUserChanged();
this._passwordBox = new St.BoxLayout({ vertical: false, style_class: 'prompt-dialog-password-box' }); this._passwordBox = new St.BoxLayout({ vertical: false, style_class: 'prompt-dialog-password-box' });
content.messageBox.add(this._passwordBox); content.messageBox.add(this._passwordBox);
// onUserChanged needs to be called after we have the _passwordBox set
this._user.connect('notify::is_loaded', Lang.bind(this, this._onUserChanged));
this._user.connect('changed', Lang.bind(this, this._onUserChanged));
this._onUserChanged();
this._passwordLabel = new St.Label(({ style_class: 'prompt-dialog-password-label' })); this._passwordLabel = new St.Label(({ style_class: 'prompt-dialog-password-label' }));
this._passwordBox.add(this._passwordLabel, { y_fill: false, y_align: St.Align.MIDDLE }); this._passwordBox.add(this._passwordLabel, { y_fill: false, y_align: St.Align.MIDDLE });
this._passwordEntry = new St.Entry({ style_class: 'prompt-dialog-password-entry', this._passwordEntry = new St.Entry({ style_class: 'prompt-dialog-password-entry',
@ -182,7 +187,7 @@ var AuthenticationDialog = new Lang.Class({
} }
}, },
performAuthentication: function() { _initiateSession: function() {
this.destroySession(); this.destroySession();
this._session = new PolkitAgent.Session({ identity: this._identityToAuth, this._session = new PolkitAgent.Session({ identity: this._identityToAuth,
cookie: this._cookie }); cookie: this._cookie });
@ -193,6 +198,12 @@ var AuthenticationDialog = new Lang.Class({
this._session.initiate(); this._session.initiate();
}, },
performAuthentication: function() {
if (this._mode == DialogMode.AUTH)
this._initiateSession();
this._ensureOpen();
},
_ensureOpen: function() { _ensureOpen: function() {
// NOTE: ModalDialog.open() is safe to call if the dialog is // NOTE: ModalDialog.open() is safe to call if the dialog is
// already open - it just returns true without side-effects // already open - it just returns true without side-effects
@ -243,7 +254,10 @@ var AuthenticationDialog = new Lang.Class({
}, },
_onAuthenticateButtonPressed: function() { _onAuthenticateButtonPressed: function() {
this._onEntryActivate(); if (this._mode == DialogMode.CONFIRM)
this._initiateSession();
else
this._onEntryActivate();
}, },
_onSessionCompleted: function(session, gainedAuthorization) { _onSessionCompleted: function(session, gainedAuthorization) {
@ -329,6 +343,13 @@ var AuthenticationDialog = new Lang.Class({
this._userAvatar.update(); this._userAvatar.update();
this._userAvatar.actor.show(); this._userAvatar.actor.show();
} }
if (this._user.get_password_mode() == AccountsService.UserPasswordMode.NONE) {
this._mode = DialogMode.CONFIRM;
this._passwordBox.hide();
} else {
this._mode = DialogMode.AUTH;
}
}, },
cancel: function() { cancel: function() {