X-Git-Url: https://git.arvados.org/arvados-workbench2.git/blobdiff_plain/9dba704e6e39056af0ec49a64cb2151b2f4321d0..ec121e0e865fe99c5df5453ed5fa819594b1cdd6:/src/store/auth/auth-action.ts diff --git a/src/store/auth/auth-action.ts b/src/store/auth/auth-action.ts index b889adf5..4fdb29a1 100644 --- a/src/store/auth/auth-action.ts +++ b/src/store/auth/auth-action.ts @@ -4,26 +4,27 @@ import { ofType, unionize, UnionOf } from '~/common/unionize'; import { Dispatch } from "redux"; -import { AxiosInstance } from "axios"; import { RootState } from "../store"; import { ServiceRepository } from "~/services/services"; import { SshKeyResource } from '~/models/ssh-key'; -import { User, UserResource } from "~/models/user"; +import { User } from "~/models/user"; import { Session } from "~/models/session"; -import { getClusterConfigURL, Config, ClusterConfigJSON, mapRemoteHosts } from '~/common/config'; -import { initSessions } from "~/store/auth/auth-action-session"; -import { cancelLinking } from '~/store/link-account-panel/link-account-panel-actions'; +import { Config } from '~/common/config'; import { matchTokenRoute, matchFedTokenRoute } from '~/routes/routes'; -import Axios from "axios"; -import { AxiosError } from "axios"; +import { createServices, setAuthorizationHeader } from "~/services/services"; +import { cancelLinking } from '~/store/link-account-panel/link-account-panel-actions'; +import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions"; +import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions'; +import { addRemoteConfig, getRemoteHostConfig } from './auth-action-session'; +import { getTokenV2 } from '~/models/api-client-authorization'; export const authActions = unionize({ - SAVE_API_TOKEN: ofType(), - SAVE_USER: ofType(), LOGIN: {}, - LOGOUT: {}, - CONFIG: ofType<{ config: Config }>(), - INIT: ofType<{ user: User, token: string }>(), + LOGOUT: ofType<{ deleteLinkData: boolean }>(), + SET_CONFIG: ofType<{ config: Config }>(), + SET_EXTRA_TOKEN: ofType<{ extraApiToken: string, extraApiTokenExpiration?: Date }>(), + RESET_EXTRA_TOKEN: {}, + INIT_USER: ofType<{ user: User, token: string, tokenExpiration?: Date }>(), USER_DETAILS_REQUEST: {}, USER_DETAILS_SUCCESS: ofType(), SET_SSH_KEYS: ofType(), @@ -37,102 +38,119 @@ export const authActions = unionize({ REMOTE_CLUSTER_CONFIG: ofType<{ config: Config }>(), }); -export function setAuthorizationHeader(services: ServiceRepository, token: string) { - services.apiClient.defaults.headers.common = { - Authorization: `OAuth2 ${token}` - }; - services.webdavClient.defaults.headers = { - Authorization: `OAuth2 ${token}` - }; -} - -function removeAuthorizationHeader(client: AxiosInstance) { - delete client.defaults.headers.common.Authorization; -} - -export const initAuth = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { +export const initAuth = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { // Cancel any link account ops in progress unless the user has // just logged in or there has been a successful link operation const data = services.linkAccountService.getLinkOpStatus(); - if (!matchTokenRoute(location.pathname) && (!matchFedTokenRoute(location.pathname)) && data === undefined) { - dispatch(cancelLinking()).then(() => { - dispatch(init(config)); - }); - } - else { - dispatch(init(config)); + if (!matchTokenRoute(location.pathname) && + (!matchFedTokenRoute(location.pathname)) && data === undefined) { + await dispatch(cancelLinking()); } + return dispatch(init(config)); }; -const init = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - const user = services.authService.getUser(); +const init = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const remoteHosts = () => getState().auth.remoteHosts; const token = services.authService.getApiToken(); - const homeCluster = services.authService.getHomeCluster(); - if (token) { - setAuthorizationHeader(services, token); - } - dispatch(authActions.CONFIG({ config })); - dispatch(authActions.SET_HOME_CLUSTER(homeCluster || config.uuidPrefix)); - if (token && user) { - dispatch(authActions.INIT({ user, token })); - dispatch(initSessions(services.authService, config, user)); - dispatch(getUserDetails()).then((user: User) => { - dispatch(authActions.INIT({ user, token })); - }).catch((err: AxiosError) => { - if (err.response) { - // Bad token - if (err.response.status === 401) { - logout()(dispatch, getState, services); - } - } - }); + let homeCluster = services.authService.getHomeCluster(); + if (homeCluster && !config.remoteHosts[homeCluster]) { + homeCluster = undefined; } - Object.keys(config.remoteHosts).map((k) => { - Axios.get(getClusterConfigURL(config.remoteHosts[k])) - .then(response => { - const remoteConfig = new Config(); - remoteConfig.uuidPrefix = response.data.ClusterID; - remoteConfig.workbench2Url = response.data.Services.Workbench2.ExternalURL; - mapRemoteHosts(response.data, remoteConfig); - dispatch(authActions.REMOTE_CLUSTER_CONFIG({ config: remoteConfig})); - }); + dispatch(authActions.SET_CONFIG({ config })); + Object.keys(remoteHosts()).forEach((remoteUuid: string) => { + const remoteHost = remoteHosts()[remoteUuid]; + if (remoteUuid !== config.uuidPrefix) { + dispatch(addRemoteConfig(remoteHost)); + } }); -}; + dispatch(authActions.SET_HOME_CLUSTER(config.loginCluster || homeCluster || config.uuidPrefix)); -export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveApiToken(token); - setAuthorizationHeader(services, token); - dispatch(authActions.SAVE_API_TOKEN(token)); + if (token && token !== "undefined") { + dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN)); + try { + await dispatch(saveApiToken(token)); + } finally { + dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN)); + } + } }; -export const saveUser = (user: UserResource) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveUser(user); - dispatch(authActions.SAVE_USER(user)); +export const getConfig = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Config => { + const state = getState().auth; + return state.remoteHostsConfig[state.localCluster]; }; -export const login = (uuidPrefix: string, homeCluster: string, remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.login(uuidPrefix, homeCluster, remoteHosts); - dispatch(authActions.LOGIN()); -}; +export const saveApiToken = (token: string) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { + let config: any; + const tokenParts = token.split('/'); + const auth = getState().auth; + config = dispatch(getConfig); -export const logout = (deleteLinkData: boolean = false) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - if (deleteLinkData) { - services.linkAccountService.removeAccountToLink(); + // If federated token, get user & token data from the token issuing cluster + if (tokenParts.length === 3 && tokenParts[1].substring(0, 5) !== auth.localCluster) { + config = await getRemoteHostConfig(auth.remoteHosts[tokenParts[1].substring(0, 5)]); } - services.authService.removeApiToken(); - services.authService.removeUser(); - removeAuthorizationHeader(services.apiClient); - services.authService.logout(); - dispatch(authActions.LOGOUT()); -}; -export const getUserDetails = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { - dispatch(authActions.USER_DETAILS_REQUEST()); - return services.authService.getUserDetails().then(user => { - services.authService.saveUser(user); - dispatch(authActions.USER_DETAILS_SUCCESS(user)); - return user; - }); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, token); + try { + const user = await svc.authService.getUserDetails(); + const client = await svc.apiClientAuthorizationService.get('current'); + const tokenExpiration = client.expiresAt ? new Date(client.expiresAt) : undefined; + dispatch(authActions.INIT_USER({ user, token, tokenExpiration })); + } catch (e) { + dispatch(authActions.LOGOUT({ deleteLinkData: false })); + } }; +export const getNewExtraToken = (reuseStored: boolean = false) => + async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const extraToken = getState().auth.extraApiToken; + if (reuseStored && extraToken !== undefined) { + const config = dispatch(getConfig); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, extraToken); + try { + // Check the extra token's validity before using it. Refresh its + // expiration date just in case it changed. + const client = await svc.apiClientAuthorizationService.get('current'); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: extraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt): undefined, + })); + return extraToken; + } catch (e) { + dispatch(authActions.RESET_EXTRA_TOKEN()); + } + } + const user = getState().auth.user; + const loginCluster = getState().auth.config.clusterConfig.Login.LoginCluster; + if (user === undefined) { return; } + if (loginCluster !== "" && getState().auth.homeCluster !== loginCluster) { return; } + try { + // Do not show errors on the create call, cluster security configuration may not + // allow token creation and there's no way to know that from workbench2 side in advance. + const client = await services.apiClientAuthorizationService.create(undefined, false); + const newExtraToken = getTokenV2(client); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: newExtraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt): undefined, + })); + return newExtraToken; + } catch { + console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings."); + return; + } + }; + +export const login = (uuidPrefix: string, homeCluster: string, loginCluster: string, + remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + services.authService.login(uuidPrefix, homeCluster, loginCluster, remoteHosts); + dispatch(authActions.LOGIN()); + }; + +export const logout = (deleteLinkData: boolean = false) => + (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => + dispatch(authActions.LOGOUT({ deleteLinkData })); + export type AuthAction = UnionOf;