X-Git-Url: https://git.arvados.org/arvados-workbench2.git/blobdiff_plain/9dba704e6e39056af0ec49a64cb2151b2f4321d0..HEAD:/src/store/auth/auth-action.ts diff --git a/src/store/auth/auth-action.ts b/src/store/auth/auth-action.ts index b889adf5..145a461c 100644 --- a/src/store/auth/auth-action.ts +++ b/src/store/auth/auth-action.ts @@ -2,28 +2,29 @@ // // SPDX-License-Identifier: AGPL-3.0 -import { ofType, unionize, UnionOf } from '~/common/unionize'; +import { ofType, unionize, UnionOf } from 'common/unionize'; import { Dispatch } from "redux"; -import { AxiosInstance } from "axios"; import { RootState } from "../store"; -import { ServiceRepository } from "~/services/services"; -import { SshKeyResource } from '~/models/ssh-key'; -import { User, UserResource } from "~/models/user"; -import { Session } from "~/models/session"; -import { getClusterConfigURL, Config, ClusterConfigJSON, mapRemoteHosts } from '~/common/config'; -import { initSessions } from "~/store/auth/auth-action-session"; -import { cancelLinking } from '~/store/link-account-panel/link-account-panel-actions'; -import { matchTokenRoute, matchFedTokenRoute } from '~/routes/routes'; -import Axios from "axios"; -import { AxiosError } from "axios"; +import { ServiceRepository } from "services/services"; +import { SshKeyResource } from 'models/ssh-key'; +import { User } from "models/user"; +import { Session } from "models/session"; +import { Config } from 'common/config'; +import { matchTokenRoute, matchFedTokenRoute } from 'routes/routes'; +import { createServices, setAuthorizationHeader } from "services/services"; +import { cancelLinking } from 'store/link-account-panel/link-account-panel-actions'; +import { progressIndicatorActions } from "store/progress-indicator/progress-indicator-actions"; +import { WORKBENCH_LOADING_SCREEN } from 'store/workbench/workbench-actions'; +import { addRemoteConfig, getRemoteHostConfig } from './auth-action-session'; +import { getTokenV2 } from 'models/api-client-authorization'; export const authActions = unionize({ - SAVE_API_TOKEN: ofType(), - SAVE_USER: ofType(), LOGIN: {}, - LOGOUT: {}, - CONFIG: ofType<{ config: Config }>(), - INIT: ofType<{ user: User, token: string }>(), + LOGOUT: ofType<{ deleteLinkData: boolean, preservePath: boolean }>(), + SET_CONFIG: ofType<{ config: Config }>(), + SET_EXTRA_TOKEN: ofType<{ extraApiToken: string, extraApiTokenExpiration?: Date }>(), + RESET_EXTRA_TOKEN: {}, + INIT_USER: ofType<{ user: User, token: string, tokenExpiration?: Date, tokenLocation?: string }>(), USER_DETAILS_REQUEST: {}, USER_DETAILS_SUCCESS: ofType(), SET_SSH_KEYS: ofType(), @@ -37,102 +38,133 @@ export const authActions = unionize({ REMOTE_CLUSTER_CONFIG: ofType<{ config: Config }>(), }); -export function setAuthorizationHeader(services: ServiceRepository, token: string) { - services.apiClient.defaults.headers.common = { - Authorization: `OAuth2 ${token}` - }; - services.webdavClient.defaults.headers = { - Authorization: `OAuth2 ${token}` - }; -} - -function removeAuthorizationHeader(client: AxiosInstance) { - delete client.defaults.headers.common.Authorization; -} - -export const initAuth = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { +export const initAuth = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { // Cancel any link account ops in progress unless the user has // just logged in or there has been a successful link operation const data = services.linkAccountService.getLinkOpStatus(); - if (!matchTokenRoute(location.pathname) && (!matchFedTokenRoute(location.pathname)) && data === undefined) { - dispatch(cancelLinking()).then(() => { - dispatch(init(config)); - }); - } - else { - dispatch(init(config)); + if (!matchTokenRoute(window.location.pathname) && + (!matchFedTokenRoute(window.location.pathname)) && data === undefined) { + await dispatch(cancelLinking()); } + return dispatch(init(config)); }; -const init = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - const user = services.authService.getUser(); +const init = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const remoteHosts = () => getState().auth.remoteHosts; const token = services.authService.getApiToken(); - const homeCluster = services.authService.getHomeCluster(); - if (token) { - setAuthorizationHeader(services, token); + let homeCluster = services.authService.getHomeCluster(); + if (homeCluster && !config.remoteHosts[homeCluster]) { + homeCluster = undefined; } - dispatch(authActions.CONFIG({ config })); - dispatch(authActions.SET_HOME_CLUSTER(homeCluster || config.uuidPrefix)); - if (token && user) { - dispatch(authActions.INIT({ user, token })); - dispatch(initSessions(services.authService, config, user)); - dispatch(getUserDetails()).then((user: User) => { - dispatch(authActions.INIT({ user, token })); - }).catch((err: AxiosError) => { - if (err.response) { - // Bad token - if (err.response.status === 401) { - logout()(dispatch, getState, services); - } - } - }); - } - Object.keys(config.remoteHosts).map((k) => { - Axios.get(getClusterConfigURL(config.remoteHosts[k])) - .then(response => { - const remoteConfig = new Config(); - remoteConfig.uuidPrefix = response.data.ClusterID; - remoteConfig.workbench2Url = response.data.Services.Workbench2.ExternalURL; - mapRemoteHosts(response.data, remoteConfig); - dispatch(authActions.REMOTE_CLUSTER_CONFIG({ config: remoteConfig})); - }); + dispatch(authActions.SET_CONFIG({ config })); + Object.keys(remoteHosts()).forEach((remoteUuid: string) => { + const remoteHost = remoteHosts()[remoteUuid]; + if (remoteUuid !== config.uuidPrefix) { + dispatch(addRemoteConfig(remoteHost)); + } }); -}; + dispatch(authActions.SET_HOME_CLUSTER(config.loginCluster || homeCluster || config.uuidPrefix)); -export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveApiToken(token); - setAuthorizationHeader(services, token); - dispatch(authActions.SAVE_API_TOKEN(token)); + if (token && token !== "undefined") { + dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN)); + try { + await dispatch(saveApiToken(token)); + } finally { + dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN)); + } + } }; -export const saveUser = (user: UserResource) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveUser(user); - dispatch(authActions.SAVE_USER(user)); +export const getConfig = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Config => { + const state = getState().auth; + return state.remoteHostsConfig[state.localCluster]; }; -export const login = (uuidPrefix: string, homeCluster: string, remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.login(uuidPrefix, homeCluster, remoteHosts); - dispatch(authActions.LOGIN()); +export const getLocalCluster = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): string => { + return getState().auth.localCluster; }; -export const logout = (deleteLinkData: boolean = false) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - if (deleteLinkData) { - services.linkAccountService.removeAccountToLink(); +export const saveApiToken = (token: string) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { + let config: any; + const tokenParts = token.split('/'); + const auth = getState().auth; + config = dispatch(getConfig); + + // If the token is from a LoginCluster federation, get user & token data + // from the token issuing cluster. + if (!config) { + return; + } + const lc = (config as Config).loginCluster + const tokenCluster = tokenParts.length === 3 + ? tokenParts[1].substring(0, 5) + : undefined; + if (tokenCluster && tokenCluster !== auth.localCluster && + lc && lc === tokenCluster) { + config = await getRemoteHostConfig(auth.remoteHosts[tokenCluster]); } - services.authService.removeApiToken(); - services.authService.removeUser(); - removeAuthorizationHeader(services.apiClient); - services.authService.logout(); - dispatch(authActions.LOGOUT()); -}; -export const getUserDetails = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { - dispatch(authActions.USER_DETAILS_REQUEST()); - return services.authService.getUserDetails().then(user => { - services.authService.saveUser(user); - dispatch(authActions.USER_DETAILS_SUCCESS(user)); - return user; - }); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, token); + try { + const user = await svc.authService.getUserDetails(); + const client = await svc.apiClientAuthorizationService.get('current'); + const tokenExpiration = client.expiresAt ? new Date(client.expiresAt) : undefined; + const tokenLocation = await svc.authService.getStorageType(); + dispatch(authActions.INIT_USER({ user, token, tokenExpiration, tokenLocation })); + } catch (e) { + dispatch(authActions.LOGOUT({ deleteLinkData: false, preservePath: false })); + } }; +export const getNewExtraToken = (reuseStored: boolean = false) => + async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const extraToken = getState().auth.extraApiToken; + if (reuseStored && extraToken !== undefined) { + const config = dispatch(getConfig); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, extraToken); + try { + // Check the extra token's validity before using it. Refresh its + // expiration date just in case it changed. + const client = await svc.apiClientAuthorizationService.get('current'); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: extraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt) : undefined, + })); + return extraToken; + } catch (e) { + dispatch(authActions.RESET_EXTRA_TOKEN()); + } + } + const user = getState().auth.user; + const loginCluster = getState().auth.config.clusterConfig.Login.LoginCluster; + if (user === undefined) { return; } + if (loginCluster !== "" && getState().auth.homeCluster !== loginCluster) { return; } + try { + // Do not show errors on the create call, cluster security configuration may not + // allow token creation and there's no way to know that from workbench2 side in advance. + const client = await services.apiClientAuthorizationService.create(undefined, false); + const newExtraToken = getTokenV2(client); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: newExtraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt) : undefined, + })); + return newExtraToken; + } catch { + console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings."); + return; + } + }; + +export const login = (uuidPrefix: string, homeCluster: string, loginCluster: string, + remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + services.authService.login(uuidPrefix, homeCluster, loginCluster, remoteHosts); + dispatch(authActions.LOGIN()); + }; + +export const logout = (deleteLinkData: boolean = false, preservePath: boolean = false) => + (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => + dispatch(authActions.LOGOUT({ deleteLinkData, preservePath })) + export type AuthAction = UnionOf;