import { ofType, unionize, UnionOf } from '~/common/unionize';
import { Dispatch } from "redux";
-import { reset, stopSubmit, startSubmit, FormErrors } from 'redux-form';
-import { AxiosInstance } from "axios";
import { RootState } from "../store";
-import { snackbarActions } from '~/store/snackbar/snackbar-actions';
-import { dialogActions } from '~/store/dialog/dialog-actions';
-import { setBreadcrumbs } from '~/store/breadcrumbs/breadcrumbs-actions';
import { ServiceRepository } from "~/services/services";
-import { getAuthorizedKeysServiceError, AuthorizedKeysServiceError } from '~/services/authorized-keys-service/authorized-keys-service';
-import { KeyType, SshKeyResource } from '~/models/ssh-key';
+import { SshKeyResource } from '~/models/ssh-key';
import { User } from "~/models/user";
-import * as Routes from '~/routes/routes';
+import { Session } from "~/models/session";
+import { Config } from '~/common/config';
+import { matchTokenRoute, matchFedTokenRoute } from '~/routes/routes';
+import { createServices, setAuthorizationHeader } from "~/services/services";
+import { cancelLinking } from '~/store/link-account-panel/link-account-panel-actions';
+import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions";
+import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions';
+import { addRemoteConfig, getRemoteHostConfig } from './auth-action-session';
+import { getTokenV2 } from '~/models/api-client-authorization';
export const authActions = unionize({
- SAVE_API_TOKEN: ofType<string>(),
LOGIN: {},
- LOGOUT: {},
- INIT: ofType<{ user: User, token: string }>(),
+ LOGOUT: ofType<{ deleteLinkData: boolean }>(),
+ SET_CONFIG: ofType<{ config: Config }>(),
+ SET_EXTRA_TOKEN: ofType<{ extraApiToken: string, extraApiTokenExpiration?: Date }>(),
+ RESET_EXTRA_TOKEN: {},
+ INIT_USER: ofType<{ user: User, token: string, tokenExpiration?: Date }>(),
USER_DETAILS_REQUEST: {},
USER_DETAILS_SUCCESS: ofType<User>(),
SET_SSH_KEYS: ofType<SshKeyResource[]>(),
ADD_SSH_KEY: ofType<SshKeyResource>(),
- REMOVE_SSH_KEY: ofType<string>()
+ REMOVE_SSH_KEY: ofType<string>(),
+ SET_HOME_CLUSTER: ofType<string>(),
+ SET_SESSIONS: ofType<Session[]>(),
+ ADD_SESSION: ofType<Session>(),
+ REMOVE_SESSION: ofType<string>(),
+ UPDATE_SESSION: ofType<Session>(),
+ REMOTE_CLUSTER_CONFIG: ofType<{ config: Config }>(),
});
-export const SSH_KEY_CREATE_FORM_NAME = 'sshKeyCreateFormName';
-export const SSH_KEY_PUBLIC_KEY_DIALOG = 'sshKeyPublicKeyDialog';
-export const SSH_KEY_REMOVE_DIALOG = 'sshKeyRemoveDialog';
-export const SSH_KEY_ATTRIBUTES_DIALOG = 'sshKeyAttributesDialog';
-
-export interface SshKeyCreateFormDialogData {
- publicKey: string;
- name: string;
-}
-
-function setAuthorizationHeader(services: ServiceRepository, token: string) {
- services.apiClient.defaults.headers.common = {
- Authorization: `OAuth2 ${token}`
- };
- services.webdavClient.defaults.headers = {
- Authorization: `OAuth2 ${token}`
- };
-}
-
-function removeAuthorizationHeader(client: AxiosInstance) {
- delete client.defaults.headers.common.Authorization;
-}
+export const initAuth = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise<any> => {
+ // Cancel any link account ops in progress unless the user has
+ // just logged in or there has been a successful link operation
+ const data = services.linkAccountService.getLinkOpStatus();
+ if (!matchTokenRoute(location.pathname) &&
+ (!matchFedTokenRoute(location.pathname)) && data === undefined) {
+ await dispatch<any>(cancelLinking());
+ }
+ return dispatch<any>(init(config));
+};
-export const initAuth = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- const user = services.authService.getUser();
+const init = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
+ const remoteHosts = () => getState().auth.remoteHosts;
const token = services.authService.getApiToken();
- if (token) {
- setAuthorizationHeader(services, token);
+ let homeCluster = services.authService.getHomeCluster();
+ if (homeCluster && !config.remoteHosts[homeCluster]) {
+ homeCluster = undefined;
}
- if (token && user) {
- dispatch(authActions.INIT({ user, token }));
+ dispatch(authActions.SET_CONFIG({ config }));
+ Object.keys(remoteHosts()).forEach((remoteUuid: string) => {
+ const remoteHost = remoteHosts()[remoteUuid];
+ if (remoteUuid !== config.uuidPrefix) {
+ dispatch<any>(addRemoteConfig(remoteHost));
+ }
+ });
+ dispatch(authActions.SET_HOME_CLUSTER(config.loginCluster || homeCluster || config.uuidPrefix));
+
+ if (token && token !== "undefined") {
+ dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN));
+ try {
+ await dispatch<any>(saveApiToken(token));
+ } catch (e) {}
+ dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN));
}
};
-export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- services.authService.saveApiToken(token);
- setAuthorizationHeader(services, token);
- dispatch(authActions.SAVE_API_TOKEN(token));
+export const getConfig = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Config => {
+ const state = getState().auth;
+ return state.remoteHostsConfig[state.localCluster];
};
-export const login = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- services.authService.login();
- dispatch(authActions.LOGIN());
-};
+export const saveApiToken = (token: string) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise<any> => {
+ let config: any;
+ const tokenParts = token.split('/');
+ const auth = getState().auth;
+ config = dispatch<any>(getConfig);
-export const logout = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- services.authService.removeApiToken();
- services.authService.removeUser();
- removeAuthorizationHeader(services.apiClient);
- services.authService.logout();
- dispatch(authActions.LOGOUT());
-};
+ // If federated token, get user & token data from the token issuing cluster
+ if (tokenParts.length === 3 && tokenParts[1].substring(0, 5) !== auth.localCluster) {
+ config = await getRemoteHostConfig(auth.remoteHosts[tokenParts[1].substring(0, 5)]);
+ }
-export const getUserDetails = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise<User> => {
- dispatch(authActions.USER_DETAILS_REQUEST());
- return services.authService.getUserDetails().then(user => {
- services.authService.saveUser(user);
- dispatch(authActions.USER_DETAILS_SUCCESS(user));
- return user;
- });
+ const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } });
+ setAuthorizationHeader(svc, token);
+ try {
+ const user = await svc.authService.getUserDetails();
+ const client = await svc.apiClientAuthorizationService.get('current');
+ const tokenExpiration = client.expiresAt ? new Date(client.expiresAt) : undefined;
+ dispatch(authActions.INIT_USER({ user, token, tokenExpiration }));
+ } catch (e) {
+ dispatch(authActions.LOGOUT({ deleteLinkData: false }));
+ }
};
-export const openSshKeyCreateDialog = () => dialogActions.OPEN_DIALOG({ id: SSH_KEY_CREATE_FORM_NAME, data: {} });
-
-export const openPublicKeyDialog = (name: string, publicKey: string) =>
- dialogActions.OPEN_DIALOG({ id: SSH_KEY_PUBLIC_KEY_DIALOG, data: { name, publicKey } });
-
-export const openSshKeyAttributesDialog = (uuid: string) =>
- (dispatch: Dispatch, getState: () => RootState) => {
- const sshKey = getState().auth.sshKeys.find(it => it.uuid === uuid);
- dispatch(dialogActions.OPEN_DIALOG({ id: SSH_KEY_ATTRIBUTES_DIALOG, data: { sshKey } }));
- };
-
-export const openSshKeyRemoveDialog = (uuid: string) =>
- (dispatch: Dispatch, getState: () => RootState) => {
- dispatch(dialogActions.OPEN_DIALOG({
- id: SSH_KEY_REMOVE_DIALOG,
- data: {
- title: 'Remove public key',
- text: 'Are you sure you want to remove this public key?',
- confirmButtonLabel: 'Remove',
- uuid
- }
- }));
- };
-
-export const removeSshKey = (uuid: string) =>
- async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- dispatch(snackbarActions.OPEN_SNACKBAR({ message: 'Removing ...' }));
- await services.authorizedKeysService.delete(uuid);
- dispatch(authActions.REMOVE_SSH_KEY(uuid));
- dispatch(snackbarActions.OPEN_SNACKBAR({ message: 'Public Key has been successfully removed.', hideDuration: 2000 }));
- };
-
-export const createSshKey = (data: SshKeyCreateFormDialogData) =>
+export const getNewExtraToken = (reuseStored: boolean = false) =>
async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
- const userUuid = getState().auth.user!.uuid;
- const { name, publicKey } = data;
- dispatch(startSubmit(SSH_KEY_CREATE_FORM_NAME));
- try {
- const newSshKey = await services.authorizedKeysService.create({
- name,
- publicKey,
- keyType: KeyType.SSH,
- authorizedUserUuid: userUuid
- });
- dispatch(authActions.ADD_SSH_KEY(newSshKey));
- dispatch(dialogActions.CLOSE_DIALOG({ id: SSH_KEY_CREATE_FORM_NAME }));
- dispatch(reset(SSH_KEY_CREATE_FORM_NAME));
- dispatch(snackbarActions.OPEN_SNACKBAR({
- message: "Public key has been successfully created.",
- hideDuration: 2000
- }));
- } catch (e) {
- const error = getAuthorizedKeysServiceError(e);
- if (error === AuthorizedKeysServiceError.UNIQUE_PUBLIC_KEY) {
- dispatch(stopSubmit(SSH_KEY_CREATE_FORM_NAME, { publicKey: 'Public key already exists.' } as FormErrors));
- } else if (error === AuthorizedKeysServiceError.INVALID_PUBLIC_KEY) {
- dispatch(stopSubmit(SSH_KEY_CREATE_FORM_NAME, { publicKey: 'Public key is invalid' } as FormErrors));
+ const extraToken = getState().auth.extraApiToken;
+ if (reuseStored && extraToken !== undefined) {
+ const config = dispatch<any>(getConfig);
+ const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } });
+ setAuthorizationHeader(svc, extraToken);
+ try {
+ // Check the extra token's validity before using it. Refresh its
+ // expiration date just in case it changed.
+ const client = await svc.apiClientAuthorizationService.get('current');
+ dispatch(authActions.SET_EXTRA_TOKEN({
+ extraApiToken: extraToken,
+ extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt): undefined,
+ }));
+ return extraToken;
+ } catch (e) {
+ dispatch(authActions.RESET_EXTRA_TOKEN());
}
}
- };
-
-export const loadSshKeysPanel = () =>
- async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
+ const user = getState().auth.user;
+ const loginCluster = getState().auth.config.clusterConfig.Login.LoginCluster;
+ if (user === undefined) { return; }
+ if (loginCluster !== "" && getState().auth.homeCluster !== loginCluster) { return; }
try {
- const userUuid = getState().auth.user!.uuid;
- const { router } = getState();
- const pathname = router.location ? router.location.pathname : '';
- dispatch(setBreadcrumbs([{ label: 'SSH Keys' }]));
- const response = await services.authorizedKeysService.list();
- const userSshKeys = response.items.find(it => it.ownerUuid === userUuid);
- return Routes.matchSshKeysAdminRoute(pathname) ? dispatch(authActions.SET_SSH_KEYS(response.items)) : dispatch(authActions.SET_SSH_KEYS([userSshKeys!]));
- } catch (e) {
+ // Do not show errors on the create call, cluster security configuration may not
+ // allow token creation and there's no way to know that from workbench2 side in advance.
+ const client = await services.apiClientAuthorizationService.create(undefined, false);
+ const newExtraToken = getTokenV2(client);
+ dispatch(authActions.SET_EXTRA_TOKEN({
+ extraApiToken: newExtraToken,
+ extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt): undefined,
+ }));
+ return newExtraToken;
+ } catch {
+ console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings.");
return;
}
};
+export const login = (uuidPrefix: string, homeCluster: string, loginCluster: string,
+ remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
+ services.authService.login(uuidPrefix, homeCluster, loginCluster, remoteHosts);
+ dispatch(authActions.LOGIN());
+ };
+
+export const logout = (deleteLinkData: boolean = false) =>
+ (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) =>
+ dispatch(authActions.LOGOUT({ deleteLinkData }));
+
export type AuthAction = UnionOf<typeof authActions>;