1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
5 import { Dispatch } from "redux";
6 import { setBreadcrumbs } from "~/store/breadcrumbs/breadcrumbs-actions";
7 import { RootState } from "~/store/store";
8 import { ServiceRepository } from "~/services/services";
9 import Axios from "axios";
10 import { getUserFullname, User } from "~/models/user";
11 import { authActions } from "~/store/auth/auth-action";
12 import { Config, ClusterConfigJSON, CLUSTER_CONFIG_URL, ARVADOS_API_PATH } from "~/common/config";
13 import { Session, SessionStatus } from "~/models/session";
14 import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions";
15 import { AuthService, UserDetailsResponse } from "~/services/auth-service/auth-service";
16 import * as jsSHA from "jssha";
18 const getRemoteHostBaseUrl = async (remoteHost: string): Promise<string | null> => {
20 if (url.indexOf('://') < 0) {
21 url = 'https://' + url;
23 const origin = new URL(url).origin;
24 let baseUrl: string | null = null;
27 const resp = await Axios.get<ClusterConfigJSON>(`${origin}/${CLUSTER_CONFIG_URL}`);
28 baseUrl = `${resp.data.Services.Controller.ExternalURL}/${ARVADOS_API_PATH}`;
31 const resp = await Axios.get<any>(`${origin}/status.json`);
32 baseUrl = resp.data.apiBaseURL;
37 if (baseUrl && baseUrl[baseUrl.length - 1] === '/') {
38 baseUrl = baseUrl.substr(0, baseUrl.length - 1);
44 const getUserDetails = async (baseUrl: string, token: string): Promise<UserDetailsResponse> => {
45 const resp = await Axios.get<UserDetailsResponse>(`${baseUrl}/users/current`, {
47 Authorization: `OAuth2 ${token}`
53 const getTokenUuid = async (baseUrl: string, token: string): Promise<string> => {
54 if (token.startsWith("v2/")) {
55 const uuid = token.split("/")[1];
56 return Promise.resolve(uuid);
59 const resp = await Axios.get(`${baseUrl}api_client_authorizations`, {
61 Authorization: `OAuth2 ${token}`
64 filters: JSON.stringify([['api_token', '=', token]])
68 return resp.data.items[0].uuid;
71 export const getSaltedToken = (clusterId: string, tokenUuid: string, token: string) => {
72 const shaObj = new jsSHA("SHA-1", "TEXT");
74 if (token.startsWith("v2/")) {
75 secret = token.split("/")[2];
77 shaObj.setHMACKey(secret, "TEXT");
78 shaObj.update(clusterId);
79 const hmac = shaObj.getHMAC("HEX");
80 return `v2/${tokenUuid}/${hmac}`;
83 const clusterLogin = async (clusterId: string, baseUrl: string, activeSession: Session): Promise<{ user: User, token: string }> => {
84 const tokenUuid = await getTokenUuid(activeSession.baseUrl, activeSession.token);
85 const saltedToken = getSaltedToken(clusterId, tokenUuid, activeSession.token);
86 const user = await getUserDetails(baseUrl, saltedToken);
89 firstName: user.first_name,
90 lastName: user.last_name,
92 ownerUuid: user.owner_uuid,
94 isAdmin: user.is_admin,
95 isActive: user.is_active,
96 username: user.username,
103 export const getActiveSession = (sessions: Session[]): Session | undefined => sessions.find(s => s.active);
105 export const validateCluster = async (remoteHost: string, clusterId: string, activeSession: Session): Promise<{ user: User; token: string, baseUrl: string }> => {
106 const baseUrl = await getRemoteHostBaseUrl(remoteHost);
108 return Promise.reject(`Could not find base url for ${remoteHost}`);
110 const { user, token } = await clusterLogin(clusterId, baseUrl, activeSession);
111 return { baseUrl, user, token };
114 export const validateSession = (session: Session, activeSession: Session) =>
115 async (dispatch: Dispatch): Promise<Session> => {
116 dispatch(authActions.UPDATE_SESSION({ ...session, status: SessionStatus.BEING_VALIDATED }));
117 session.loggedIn = false;
119 const { baseUrl, user, token } = await validateCluster(session.remoteHost, session.clusterId, activeSession);
120 session.baseUrl = baseUrl;
121 session.token = token;
122 session.email = user.email;
123 session.username = getUserFullname(user);
124 session.loggedIn = true;
126 session.loggedIn = false;
128 session.status = SessionStatus.VALIDATED;
129 dispatch(authActions.UPDATE_SESSION(session));
134 export const validateSessions = () =>
135 async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
136 const sessions = getState().auth.sessions;
137 const activeSession = getActiveSession(sessions);
139 dispatch(progressIndicatorActions.START_WORKING("sessionsValidation"));
140 for (const session of sessions) {
141 if (session.status === SessionStatus.INVALIDATED) {
142 await dispatch(validateSession(session, activeSession));
145 services.authService.saveSessions(sessions);
146 dispatch(progressIndicatorActions.STOP_WORKING("sessionsValidation"));
150 export const addSession = (remoteHost: string) =>
151 async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
152 const sessions = getState().auth.sessions;
153 const activeSession = getActiveSession(sessions);
155 const clusterId = remoteHost.match(/^(\w+)\./)![1];
156 if (sessions.find(s => s.clusterId === clusterId)) {
157 return Promise.reject("Cluster already exists");
160 const { baseUrl, user, token } = await validateCluster(remoteHost, clusterId, activeSession);
163 status: SessionStatus.VALIDATED,
166 username: getUserFullname(user),
173 dispatch(authActions.ADD_SESSION(session));
174 services.authService.saveSessions(getState().auth.sessions);
180 return Promise.reject("Could not validate cluster");
183 export const toggleSession = (session: Session) =>
184 async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
185 let s = { ...session };
187 if (session.loggedIn) {
190 const sessions = getState().auth.sessions;
191 const activeSession = getActiveSession(sessions);
193 s = await dispatch<any>(validateSession(s, activeSession)) as Session;
197 dispatch(authActions.UPDATE_SESSION(s));
198 services.authService.saveSessions(getState().auth.sessions);
201 export const initSessions = (authService: AuthService, config: Config, user: User) =>
202 (dispatch: Dispatch<any>) => {
203 const sessions = authService.buildSessions(config, user);
204 authService.saveSessions(sessions);
205 dispatch(authActions.SET_SESSIONS(sessions));
208 export const loadSiteManagerPanel = () =>
209 async (dispatch: Dispatch<any>) => {
211 dispatch(setBreadcrumbs([{ label: 'Site Manager' }]));
212 dispatch(validateSessions());