X-Git-Url: https://git.arvados.org/arvados-workbench2.git/blobdiff_plain/e677489047822fed2dcd48d904ccc46fae5b1615..1d7fbccb64462c349ea223df3ac02817ba60bfe1:/src/store/auth/auth-action.ts diff --git a/src/store/auth/auth-action.ts b/src/store/auth/auth-action.ts index baf80595..49a82b95 100644 --- a/src/store/auth/auth-action.ts +++ b/src/store/auth/auth-action.ts @@ -4,21 +4,26 @@ import { ofType, unionize, UnionOf } from '~/common/unionize'; import { Dispatch } from "redux"; -import { AxiosInstance } from "axios"; import { RootState } from "../store"; import { ServiceRepository } from "~/services/services"; import { SshKeyResource } from '~/models/ssh-key'; import { User } from "~/models/user"; import { Session } from "~/models/session"; import { Config } from '~/common/config'; -import { initSessions } from "~/store/auth/auth-action-session"; +import { matchTokenRoute, matchFedTokenRoute } from '~/routes/routes'; +import { createServices, setAuthorizationHeader } from "~/services/services"; +import { cancelLinking } from '~/store/link-account-panel/link-account-panel-actions'; +import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions"; +import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions'; +import { addRemoteConfig } from './auth-action-session'; +import { getTokenV2 } from '~/models/api-client-authorization'; export const authActions = unionize({ - SAVE_API_TOKEN: ofType(), LOGIN: {}, - LOGOUT: {}, - CONFIG: ofType<{ config: Config }>(), - INIT: ofType<{ user: User, token: string }>(), + LOGOUT: ofType<{ deleteLinkData: boolean }>(), + SET_CONFIG: ofType<{ config: Config }>(), + SET_EXTRA_TOKEN: ofType<{ extraToken: string }>(), + INIT_USER: ofType<{ user: User, token: string }>(), USER_DETAILS_REQUEST: {}, USER_DETAILS_SUCCESS: ofType(), SET_SSH_KEYS: ofType(), @@ -28,64 +33,94 @@ export const authActions = unionize({ SET_SESSIONS: ofType(), ADD_SESSION: ofType(), REMOVE_SESSION: ofType(), - UPDATE_SESSION: ofType() + UPDATE_SESSION: ofType(), + REMOTE_CLUSTER_CONFIG: ofType<{ config: Config }>(), }); -function setAuthorizationHeader(services: ServiceRepository, token: string) { - services.apiClient.defaults.headers.common = { - Authorization: `OAuth2 ${token}` - }; - services.webdavClient.defaults.headers = { - Authorization: `OAuth2 ${token}` - }; -} - -function removeAuthorizationHeader(client: AxiosInstance) { - delete client.defaults.headers.common.Authorization; -} - export const initAuth = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - const user = services.authService.getUser(); - const token = services.authService.getApiToken(); - if (token) { - setAuthorizationHeader(services, token); - } - dispatch(authActions.CONFIG({ config })); - if (token && user) { - dispatch(authActions.INIT({ user, token })); - dispatch(initSessions(services.authService, config, user)); - dispatch(getUserDetails()).then((user: User) => { - dispatch(authActions.INIT({ user, token })); + // Cancel any link account ops in progress unless the user has + // just logged in or there has been a successful link operation + const data = services.linkAccountService.getLinkOpStatus(); + if (!matchTokenRoute(location.pathname) && + (!matchFedTokenRoute(location.pathname)) && data === undefined) { + dispatch(cancelLinking()).then(() => { + dispatch(init(config)); }); + } else { + dispatch(init(config)); } }; -export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveApiToken(token); - setAuthorizationHeader(services, token); - dispatch(authActions.SAVE_API_TOKEN(token)); -}; +const init = (config: Config) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const remoteHosts = () => getState().auth.remoteHosts; + const token = services.authService.getApiToken(); + let homeCluster = services.authService.getHomeCluster(); + if (homeCluster && !config.remoteHosts[homeCluster]) { + homeCluster = undefined; + } + dispatch(authActions.SET_CONFIG({ config })); + Object.keys(remoteHosts()).forEach((remoteUuid: string) => { + const remoteHost = remoteHosts()[remoteUuid]; + if (remoteUuid !== config.uuidPrefix) { + dispatch(addRemoteConfig(remoteHost)); + } + }); + dispatch(authActions.SET_HOME_CLUSTER(config.loginCluster || homeCluster || config.uuidPrefix)); -export const login = (uuidPrefix: string, homeCluster: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.login(uuidPrefix, homeCluster); - dispatch(authActions.LOGIN()); + if (token && token !== "undefined") { + dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN)); + dispatch(saveApiToken(token)).then(() => { + dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN)); + }).catch(() => { + dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN)); + }); + } }; -export const logout = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.removeApiToken(); - services.authService.removeUser(); - removeAuthorizationHeader(services.apiClient); - services.authService.logout(); - dispatch(authActions.LOGOUT()); +export const getConfig = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Config => { + const state = getState().auth; + return state.remoteHostsConfig[state.localCluster]; }; -export const getUserDetails = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { - dispatch(authActions.USER_DETAILS_REQUEST()); - return services.authService.getUserDetails().then(user => { - services.authService.saveUser(user); - dispatch(authActions.USER_DETAILS_SUCCESS(user)); - return user; +export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { + const config = dispatch(getConfig); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, token); + return svc.authService.getUserDetails().then((user: User) => { + dispatch(authActions.INIT_USER({ user, token })); + // Upon user init, request an extra token that won't be expired on logout + // for other uses like the "get token" dialog, or S3 URL building. + dispatch(getNewExtraToken()); + }).catch(() => { + dispatch(authActions.LOGOUT({ deleteLinkData: false })); }); }; +export const getNewExtraToken = () => + async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const user = getState().auth.user; + if (user === undefined) { return; } + try { + // Do not show errors on the create call, cluster security configuration may not + // allow token creation and there's no way to know that from workbench2 side in advance. + const client = await services.apiClientAuthorizationService.create(undefined, false); + const newExtraToken = getTokenV2(client); + dispatch(authActions.SET_EXTRA_TOKEN({ extraToken: newExtraToken })); + return newExtraToken; + } catch { + console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings."); + return; + } + }; + +export const login = (uuidPrefix: string, homeCluster: string, loginCluster: string, + remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + services.authService.login(uuidPrefix, homeCluster, loginCluster, remoteHosts); + dispatch(authActions.LOGIN()); + }; + +export const logout = (deleteLinkData: boolean = false) => + (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => + dispatch(authActions.LOGOUT({ deleteLinkData })); + export type AuthAction = UnionOf;