X-Git-Url: https://git.arvados.org/arvados-workbench2.git/blobdiff_plain/8753f89e9f786a12cf72374ffb1c9146b598d285..5e805cf2209d3afe42699e4658d8a12e50bcd5a4:/src/store/auth/auth-action-session.ts diff --git a/src/store/auth/auth-action-session.ts b/src/store/auth/auth-action-session.ts index d36d5a33..7e81f2d9 100644 --- a/src/store/auth/auth-action-session.ts +++ b/src/store/auth/auth-action-session.ts @@ -3,134 +3,176 @@ // SPDX-License-Identifier: AGPL-3.0 import { Dispatch } from "redux"; -import { setBreadcrumbs } from "~/store/breadcrumbs/breadcrumbs-actions"; -import { RootState } from "~/store/store"; -import { ServiceRepository } from "~/services/services"; -import Axios from "axios"; -import { getUserFullname, User } from "~/models/user"; -import { authActions } from "~/store/auth/auth-action"; -import { Config, DISCOVERY_URL } from "~/common/config"; -import { Session, SessionStatus } from "~/models/session"; -import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions"; -import { AuthService, UserDetailsResponse } from "~/services/auth-service/auth-service"; -import * as jsSHA from "jssha"; - -const getRemoteHostBaseUrl = async (remoteHost: string): Promise => { - let url = remoteHost; - if (url.indexOf('://') < 0) { - url = 'https://' + url; - } - const origin = new URL(url).origin; - let baseUrl: string | null = null; +import { setBreadcrumbs } from "store/breadcrumbs/breadcrumbs-actions"; +import { RootState } from "store/store"; +import { ServiceRepository, createServices, setAuthorizationHeader } from "services/services"; +import Axios, { AxiosInstance } from "axios"; +import { User, getUserDisplayName } from "models/user"; +import { authActions } from "store/auth/auth-action"; +import { + Config, ClusterConfigJSON, CLUSTER_CONFIG_PATH, DISCOVERY_DOC_PATH, + buildConfig, mockClusterConfigJSON +} from "common/config"; +import { normalizeURLPath } from "common/url"; +import { Session, SessionStatus } from "models/session"; +import { progressIndicatorActions } from "store/progress-indicator/progress-indicator-actions"; +import { AuthService } from "services/auth-service/auth-service"; +import { snackbarActions, SnackbarKind } from "store/snackbar/snackbar-actions"; +import jsSHA from "jssha"; +const getClusterConfig = async (origin: string, apiClient: AxiosInstance): Promise => { + let configFromDD: Config | undefined; try { - const resp = await Axios.get(`${origin}/${DISCOVERY_URL}`); - baseUrl = resp.data.baseUrl; - } catch (err) { - try { - const resp = await Axios.get(`${origin}/status.json`); - baseUrl = resp.data.apiBaseURL; - } catch (err) { - } - } + const dd = (await apiClient.get(`${origin}/${DISCOVERY_DOC_PATH}`)).data; + configFromDD = { + baseUrl: normalizeURLPath(dd.baseUrl), + keepWebServiceUrl: dd.keepWebServiceUrl, + keepWebInlineServiceUrl: dd.keepWebInlineServiceUrl, + remoteHosts: dd.remoteHosts, + rootUrl: dd.rootUrl, + uuidPrefix: dd.uuidPrefix, + websocketUrl: dd.websocketUrl, + workbenchUrl: dd.workbenchUrl, + workbench2Url: dd.workbench2Url, + loginCluster: "", + vocabularyUrl: "", + fileViewersConfigUrl: "", + clusterConfig: mockClusterConfigJSON({}), + apiRevision: parseInt(dd.revision, 10), + }; + } catch { } - if (baseUrl && baseUrl[baseUrl.length - 1] === '/') { - baseUrl = baseUrl.substr(0, baseUrl.length - 1); + // Try public config endpoint + try { + const config = (await apiClient.get(`${origin}/${CLUSTER_CONFIG_PATH}`)).data; + return { ...buildConfig(config), apiRevision: configFromDD ? configFromDD.apiRevision : 0 }; + } catch { } + + // Fall back to discovery document + if (configFromDD !== undefined) { + return configFromDD; } - return baseUrl; + return null; }; -const getUserDetails = async (baseUrl: string, token: string): Promise => { - const resp = await Axios.get(`${baseUrl}/users/current`, { - headers: { - Authorization: `OAuth2 ${token}` - } - }); - return resp.data; -}; +export const getRemoteHostConfig = async (remoteHost: string, useApiClient?: AxiosInstance): Promise => { + const apiClient = useApiClient || Axios.create({ headers: {} }); + + let url = remoteHost; + if (url.indexOf('://') < 0) { + url = 'https://' + url; + } + const origin = new URL(url).origin; -const getTokenUuid = async (baseUrl: string, token: string): Promise => { - if (token.startsWith("v2/")) { - const uuid = token.split("/")[1]; - return Promise.resolve(uuid); + // Maybe it is an API server URL, try fetching config and discovery doc + let r = await getClusterConfig(origin, apiClient); + if (r !== null) { + return r; } - const resp = await Axios.get(`${baseUrl}/api_client_authorizations`, { - headers: { - Authorization: `OAuth2 ${token}` - }, - data: { - filters: JSON.stringify([['api_token', '=', token]]) + // Maybe it is a Workbench2 URL, try getting config.json + try { + r = await getClusterConfig((await apiClient.get(`${origin}/config.json`)).data.API_HOST, apiClient); + if (r !== null) { + return r; + } + } catch { } + + // Maybe it is a Workbench1 URL, try getting status.json + try { + r = await getClusterConfig((await apiClient.get(`${origin}/status.json`)).data.apiBaseURL, apiClient); + if (r !== null) { + return r; } - }); + } catch { } - return resp.data.items[0].uuid; + return null; }; -const getSaltedToken = (clusterId: string, tokenUuid: string, token: string) => { +const invalidV2Token = "Must be a v2 token"; + +export const getSaltedToken = (clusterId: string, token: string) => { const shaObj = new jsSHA("SHA-1", "TEXT"); - let secret = token; - if (token.startsWith("v2/")) { - secret = token.split("/")[2]; + const [ver, uuid, secret] = token.split("/"); + if (ver !== "v2") { + throw new Error(invalidV2Token); + } + let salted = secret; + if (uuid.substring(0, 5) !== clusterId) { + shaObj.setHMACKey(secret, "TEXT"); + shaObj.update(clusterId); + salted = shaObj.getHMAC("HEX"); } - shaObj.setHMACKey(secret, "TEXT"); - shaObj.update(clusterId); - const hmac = shaObj.getHMAC("HEX"); - return `v2/${tokenUuid}/${hmac}`; + return `v2/${uuid}/${salted}`; }; -const clusterLogin = async (clusterId: string, baseUrl: string, activeSession: Session): Promise<{ user: User, token: string }> => { - const tokenUuid = await getTokenUuid(activeSession.baseUrl, activeSession.token); - const saltedToken = getSaltedToken(clusterId, tokenUuid, activeSession.token); - const user = await getUserDetails(baseUrl, saltedToken); - return { - user: { - firstName: user.first_name, - lastName: user.last_name, - uuid: user.uuid, - ownerUuid: user.owner_uuid, - email: user.email, - isAdmin: user.is_admin, - identityUrl: user.identity_url, - prefs: user.prefs - }, - token: saltedToken - }; -}; +export const getActiveSession = (sessions: Session[]): Session | undefined => sessions.find(s => s.active); -const getActiveSession = (sessions: Session[]): Session | undefined => sessions.find(s => s.active); +export const validateCluster = async (config: Config, useToken: string): + Promise<{ user: User; token: string }> => { -export const validateCluster = async (remoteHost: string, clusterId: string, activeSession: Session): Promise<{ user: User; token: string, baseUrl: string }> => { - const baseUrl = await getRemoteHostBaseUrl(remoteHost); - if (!baseUrl) { - return Promise.reject(`Could not find base url for ${remoteHost}`); - } - const { user, token } = await clusterLogin(clusterId, baseUrl, activeSession); - return { baseUrl, user, token }; + const saltedToken = getSaltedToken(config.uuidPrefix, useToken); + + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, saltedToken); + + const user = await svc.authService.getUserDetails(false); + return { + user, + token: saltedToken, + }; }; -export const validateSession = (session: Session, activeSession: Session) => +export const validateSession = (session: Session, activeSession: Session, useApiClient?: AxiosInstance) => async (dispatch: Dispatch): Promise => { dispatch(authActions.UPDATE_SESSION({ ...session, status: SessionStatus.BEING_VALIDATED })); session.loggedIn = false; - try { - const { baseUrl, user, token } = await validateCluster(session.remoteHost, session.clusterId, activeSession); + + const setupSession = (baseUrl: string, user: User, token: string, apiRevision: number) => { session.baseUrl = baseUrl; session.token = token; session.email = user.email; - session.username = getUserFullname(user); + session.userIsActive = user.isActive; + session.uuid = user.uuid; + session.name = getUserDisplayName(user); session.loggedIn = true; - } catch { - session.loggedIn = false; - } finally { - session.status = SessionStatus.VALIDATED; - dispatch(authActions.UPDATE_SESSION(session)); + session.apiRevision = apiRevision; + }; + + let fail: Error | null = null; + const config = await getRemoteHostConfig(session.remoteHost, useApiClient); + if (config !== null) { + dispatch(authActions.REMOTE_CLUSTER_CONFIG({ config })); + try { + const { user, token } = await validateCluster(config, session.token); + setupSession(config.baseUrl, user, token, config.apiRevision); + } catch (e) { + fail = new Error(`Getting current user for ${session.remoteHost}: ${e.message}`); + try { + const { user, token } = await validateCluster(config, activeSession.token); + setupSession(config.baseUrl, user, token, config.apiRevision); + fail = null; + } catch (e2) { + if (e.message === invalidV2Token) { + fail = new Error(`Getting current user for ${session.remoteHost}: ${e2.message}`); + } + } + } + } else { + fail = new Error(`Could not get config for ${session.remoteHost}`); } + session.status = SessionStatus.VALIDATED; + dispatch(authActions.UPDATE_SESSION(session)); + + if (fail) { + throw fail; + } + return session; }; -export const validateSessions = () => +export const validateSessions = (useApiClient?: AxiosInstance) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { const sessions = getState().auth.sessions; const activeSession = getActiveSession(sessions); @@ -138,70 +180,142 @@ export const validateSessions = () => dispatch(progressIndicatorActions.START_WORKING("sessionsValidation")); for (const session of sessions) { if (session.status === SessionStatus.INVALIDATED) { - await dispatch(validateSession(session, activeSession)); + try { + /* Here we are dispatching a function, not an + action. This is legal (it calls the + function with a 'Dispatch' object as the + first parameter) but the typescript + annotations don't understand this case, so + we get an error from typescript unless + override it using Dispatch. This + pattern is used in a bunch of different + places in Workbench2. */ + await dispatch(validateSession(session, activeSession, useApiClient)); + } catch (e) { + // Don't do anything here. User may get + // spammed with multiple messages that are not + // helpful. They can see the individual + // errors by going to site manager and trying + // to toggle the session. + } } } - services.authService.saveSessions(sessions); + services.authService.saveSessions(getState().auth.sessions); dispatch(progressIndicatorActions.STOP_WORKING("sessionsValidation")); } }; -export const addSession = (remoteHost: string) => +export const addRemoteConfig = (remoteHost: string) => + async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const config = await getRemoteHostConfig(remoteHost); + if (!config) { + dispatch(snackbarActions.OPEN_SNACKBAR({ + message: `Could not get config for ${remoteHost}`, + kind: SnackbarKind.ERROR + })); + return; + } + dispatch(authActions.REMOTE_CLUSTER_CONFIG({ config })); + }; + +export const addSession = (remoteHost: string, token?: string, sendToLogin?: boolean) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { const sessions = getState().auth.sessions; const activeSession = getActiveSession(sessions); - if (activeSession) { - const clusterId = remoteHost.match(/^(\w+)\./)![1]; - if (sessions.find(s => s.clusterId === clusterId)) { - return Promise.reject("Cluster already exists"); + let useToken: string | null = null; + if (token) { + useToken = token; + } else if (activeSession) { + useToken = activeSession.token; + } + + if (useToken) { + const config = await getRemoteHostConfig(remoteHost); + if (!config) { + dispatch(snackbarActions.OPEN_SNACKBAR({ + message: `Could not get config for ${remoteHost}`, + kind: SnackbarKind.ERROR + })); + return; } + try { - const { baseUrl, user, token } = await validateCluster(remoteHost, clusterId, activeSession); + dispatch(authActions.REMOTE_CLUSTER_CONFIG({ config })); + const { user, token } = await validateCluster(config, useToken); const session = { loggedIn: true, status: SessionStatus.VALIDATED, active: false, email: user.email, - username: getUserFullname(user), + userIsActive: user.isActive, + name: getUserDisplayName(user), + uuid: user.uuid, + baseUrl: config.baseUrl, + clusterId: config.uuidPrefix, remoteHost, - baseUrl, - clusterId, - token + token, + apiRevision: config.apiRevision, }; - dispatch(authActions.ADD_SESSION(session)); + if (sessions.find(s => s.clusterId === config.uuidPrefix)) { + await dispatch(authActions.UPDATE_SESSION(session)); + } else { + await dispatch(authActions.ADD_SESSION(session)); + } services.authService.saveSessions(getState().auth.sessions); return session; - } catch (e) { + } catch { + if (sendToLogin) { + const rootUrl = new URL(config.baseUrl); + rootUrl.pathname = ""; + window.location.href = `${rootUrl.toString()}/login?return_to=` + encodeURI(`${window.location.protocol}//${window.location.host}/add-session?baseURL=` + encodeURI(rootUrl.toString())); + return; + } } } - return Promise.reject("Could not validate cluster"); + return Promise.reject(new Error("Could not validate cluster")); }; -export const toggleSession = (session: Session) => + +export const removeSession = (clusterId: string) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - let s = { ...session }; + await dispatch(authActions.REMOVE_SESSION(clusterId)); + services.authService.saveSessions(getState().auth.sessions); + }; + +export const toggleSession = (session: Session) => + async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const s: Session = { ...session }; if (session.loggedIn) { s.loggedIn = false; + dispatch(authActions.UPDATE_SESSION(s)); } else { const sessions = getState().auth.sessions; const activeSession = getActiveSession(sessions); if (activeSession) { - s = await dispatch(validateSession(s, activeSession)) as Session; + try { + await dispatch(validateSession(s, activeSession)); + } catch (e) { + dispatch(snackbarActions.OPEN_SNACKBAR({ + message: e.message, + kind: SnackbarKind.ERROR + })); + s.loggedIn = false; + dispatch(authActions.UPDATE_SESSION(s)); + } } } - dispatch(authActions.UPDATE_SESSION(s)); services.authService.saveSessions(getState().auth.sessions); }; export const initSessions = (authService: AuthService, config: Config, user: User) => (dispatch: Dispatch) => { const sessions = authService.buildSessions(config, user); - authService.saveSessions(sessions); dispatch(authActions.SET_SESSIONS(sessions)); + dispatch(validateSessions(authService.getApiClient())); }; export const loadSiteManagerPanel = () =>