X-Git-Url: https://git.arvados.org/arvados-workbench2.git/blobdiff_plain/f9dafeec8d45f0cb19d71326b7fa877891a7eb9e..2787be4c060410a37dc3cf4b512ccb0561d5c394:/src/store/auth/auth-action.ts diff --git a/src/store/auth/auth-action.ts b/src/store/auth/auth-action.ts index 4ed34875..6eb8356f 100644 --- a/src/store/auth/auth-action.ts +++ b/src/store/auth/auth-action.ts @@ -2,164 +2,169 @@ // // SPDX-License-Identifier: AGPL-3.0 -import { ofType, unionize, UnionOf } from '~/common/unionize'; +import { ofType, unionize, UnionOf } from 'common/unionize'; import { Dispatch } from "redux"; -import { reset, stopSubmit, startSubmit, FormErrors } from 'redux-form'; -import { AxiosInstance } from "axios"; import { RootState } from "../store"; -import { snackbarActions } from '~/store/snackbar/snackbar-actions'; -import { dialogActions } from '~/store/dialog/dialog-actions'; -import { setBreadcrumbs } from '~/store/breadcrumbs/breadcrumbs-actions'; -import { ServiceRepository } from "~/services/services"; -import { getAuthorizedKeysServiceError, AuthorizedKeysServiceError } from '~/services/authorized-keys-service/authorized-keys-service'; -import { KeyType, SshKeyResource } from '~/models/ssh-key'; -import { User } from "~/models/user"; +import { ServiceRepository } from "services/services"; +import { SshKeyResource } from 'models/ssh-key'; +import { User } from "models/user"; +import { Session } from "models/session"; +import { Config } from 'common/config'; +import { matchTokenRoute, matchFedTokenRoute } from 'routes/routes'; +import { createServices, setAuthorizationHeader } from "services/services"; +import { cancelLinking } from 'store/link-account-panel/link-account-panel-actions'; +import { progressIndicatorActions } from "store/progress-indicator/progress-indicator-actions"; +import { WORKBENCH_LOADING_SCREEN } from 'store/workbench/workbench-actions'; +import { addRemoteConfig, getRemoteHostConfig } from './auth-action-session'; +import { getTokenV2 } from 'models/api-client-authorization'; export const authActions = unionize({ - SAVE_API_TOKEN: ofType(), LOGIN: {}, - LOGOUT: {}, - INIT: ofType<{ user: User, token: string }>(), + LOGOUT: ofType<{ deleteLinkData: boolean }>(), + SET_CONFIG: ofType<{ config: Config }>(), + SET_EXTRA_TOKEN: ofType<{ extraApiToken: string, extraApiTokenExpiration?: Date }>(), + RESET_EXTRA_TOKEN: {}, + INIT_USER: ofType<{ user: User, token: string, tokenExpiration?: Date, tokenLocation?: string }>(), USER_DETAILS_REQUEST: {}, USER_DETAILS_SUCCESS: ofType(), SET_SSH_KEYS: ofType(), ADD_SSH_KEY: ofType(), - REMOVE_SSH_KEY: ofType() + REMOVE_SSH_KEY: ofType(), + SET_HOME_CLUSTER: ofType(), + SET_SESSIONS: ofType(), + ADD_SESSION: ofType(), + REMOVE_SESSION: ofType(), + UPDATE_SESSION: ofType(), + REMOTE_CLUSTER_CONFIG: ofType<{ config: Config }>(), }); -export const SSH_KEY_CREATE_FORM_NAME = 'sshKeyCreateFormName'; -export const SSH_KEY_PUBLIC_KEY_DIALOG = 'sshKeyPublicKeyDialog'; -export const SSH_KEY_REMOVE_DIALOG = 'sshKeyRemoveDialog'; -export const SSH_KEY_ATTRIBUTES_DIALOG = 'sshKeyAttributesDialog'; - -export interface SshKeyCreateFormDialogData { - publicKey: string; - name: string; -} - -function setAuthorizationHeader(services: ServiceRepository, token: string) { - services.apiClient.defaults.headers.common = { - Authorization: `OAuth2 ${token}` - }; - services.webdavClient.defaults.headers = { - Authorization: `OAuth2 ${token}` - }; -} - -function removeAuthorizationHeader(client: AxiosInstance) { - delete client.defaults.headers.common.Authorization; -} - -export const initAuth = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - const user = services.authService.getUser(); - const token = services.authService.getApiToken(); - if (token) { - setAuthorizationHeader(services, token); - } - if (token && user) { - dispatch(authActions.INIT({ user, token })); +export const initAuth = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { + // Cancel any link account ops in progress unless the user has + // just logged in or there has been a successful link operation + const data = services.linkAccountService.getLinkOpStatus(); + if (!matchTokenRoute(window.location.pathname) && + (!matchFedTokenRoute(window.location.pathname)) && data === undefined) { + await dispatch(cancelLinking()); } + return dispatch(init(config)); }; -export const saveApiToken = (token: string) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.saveApiToken(token); - setAuthorizationHeader(services, token); - dispatch(authActions.SAVE_API_TOKEN(token)); -}; +const init = (config: Config) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const remoteHosts = () => getState().auth.remoteHosts; + const token = services.authService.getApiToken(); + let homeCluster = services.authService.getHomeCluster(); + if (homeCluster && !config.remoteHosts[homeCluster]) { + homeCluster = undefined; + } + dispatch(authActions.SET_CONFIG({ config })); + Object.keys(remoteHosts()).forEach((remoteUuid: string) => { + const remoteHost = remoteHosts()[remoteUuid]; + if (remoteUuid !== config.uuidPrefix) { + dispatch(addRemoteConfig(remoteHost)); + } + }); + dispatch(authActions.SET_HOME_CLUSTER(config.loginCluster || homeCluster || config.uuidPrefix)); -export const login = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.login(); - dispatch(authActions.LOGIN()); + if (token && token !== "undefined") { + dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN)); + try { + await dispatch(saveApiToken(token)); + } finally { + dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN)); + } + } }; -export const logout = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - services.authService.removeApiToken(); - services.authService.removeUser(); - removeAuthorizationHeader(services.apiClient); - services.authService.logout(); - dispatch(authActions.LOGOUT()); +export const getConfig = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Config => { + const state = getState().auth; + return state.remoteHostsConfig[state.localCluster]; }; -export const getUserDetails = () => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { - dispatch(authActions.USER_DETAILS_REQUEST()); - return services.authService.getUserDetails().then(user => { - services.authService.saveUser(user); - dispatch(authActions.USER_DETAILS_SUCCESS(user)); - return user; - }); +export const getLocalCluster = (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): string => { + return getState().auth.localCluster; }; -export const openSshKeyCreateDialog = () => dialogActions.OPEN_DIALOG({ id: SSH_KEY_CREATE_FORM_NAME, data: {} }); - -export const openPublicKeyDialog = (name: string, publicKey: string) => - dialogActions.OPEN_DIALOG({ id: SSH_KEY_PUBLIC_KEY_DIALOG, data: { name, publicKey } }); +export const saveApiToken = (token: string) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository): Promise => { + let config: any; + const tokenParts = token.split('/'); + const auth = getState().auth; + config = dispatch(getConfig); -export const openSshKeyAttributesDialog = (uuid: string) => - (dispatch: Dispatch, getState: () => RootState) => { - const sshKey = getState().auth.sshKeys.find(it => it.uuid === uuid); - dispatch(dialogActions.OPEN_DIALOG({ id: SSH_KEY_ATTRIBUTES_DIALOG, data: { sshKey } })); - }; - -export const openSshKeyRemoveDialog = (uuid: string) => - (dispatch: Dispatch, getState: () => RootState) => { - dispatch(dialogActions.OPEN_DIALOG({ - id: SSH_KEY_REMOVE_DIALOG, - data: { - title: 'Remove public key', - text: 'Are you sure you want to remove this public key?', - confirmButtonLabel: 'Remove', - uuid - } - })); - }; + // If the token is from a LoginCluster federation, get user & token data + // from the token issuing cluster. + if (!config) { + return; + } + const lc = (config as Config).loginCluster + const tokenCluster = tokenParts.length === 3 + ? tokenParts[1].substring(0, 5) + : undefined; + if (tokenCluster && tokenCluster !== auth.localCluster && + lc && lc === tokenCluster) { + config = await getRemoteHostConfig(auth.remoteHosts[tokenCluster]); + } -export const removeSshKey = (uuid: string) => - async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - dispatch(snackbarActions.OPEN_SNACKBAR({ message: 'Removing ...' })); - await services.authorizedKeysService.delete(uuid); - dispatch(authActions.REMOVE_SSH_KEY(uuid)); - dispatch(snackbarActions.OPEN_SNACKBAR({ message: 'Public Key has been successfully removed.', hideDuration: 2000 })); - }; + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, token); + try { + const user = await svc.authService.getUserDetails(); + const client = await svc.apiClientAuthorizationService.get('current'); + const tokenExpiration = client.expiresAt ? new Date(client.expiresAt) : undefined; + const tokenLocation = await svc.authService.getStorageType(); + dispatch(authActions.INIT_USER({ user, token, tokenExpiration, tokenLocation })); + } catch (e) { + dispatch(authActions.LOGOUT({ deleteLinkData: false })); + } +}; -export const createSshKey = (data: SshKeyCreateFormDialogData) => +export const getNewExtraToken = (reuseStored: boolean = false) => async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { - const userUuid = getState().auth.user!.uuid; - const { name, publicKey } = data; - dispatch(startSubmit(SSH_KEY_CREATE_FORM_NAME)); - try { - const newSshKey = await services.authorizedKeysService.create({ - name, - publicKey, - keyType: KeyType.SSH, - authorizedUserUuid: userUuid - }); - dispatch(authActions.ADD_SSH_KEY(newSshKey)); - dispatch(dialogActions.CLOSE_DIALOG({ id: SSH_KEY_CREATE_FORM_NAME })); - dispatch(reset(SSH_KEY_CREATE_FORM_NAME)); - dispatch(snackbarActions.OPEN_SNACKBAR({ - message: "Public key has been successfully created.", - hideDuration: 2000 - })); - } catch (e) { - const error = getAuthorizedKeysServiceError(e); - if (error === AuthorizedKeysServiceError.UNIQUE_PUBLIC_KEY) { - dispatch(stopSubmit(SSH_KEY_CREATE_FORM_NAME, { publicKey: 'Public key already exists.' } as FormErrors)); - } else if (error === AuthorizedKeysServiceError.INVALID_PUBLIC_KEY) { - dispatch(stopSubmit(SSH_KEY_CREATE_FORM_NAME, { publicKey: 'Public key is invalid' } as FormErrors)); + const extraToken = getState().auth.extraApiToken; + if (reuseStored && extraToken !== undefined) { + const config = dispatch(getConfig); + const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } }); + setAuthorizationHeader(svc, extraToken); + try { + // Check the extra token's validity before using it. Refresh its + // expiration date just in case it changed. + const client = await svc.apiClientAuthorizationService.get('current'); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: extraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt) : undefined, + })); + return extraToken; + } catch (e) { + dispatch(authActions.RESET_EXTRA_TOKEN()); } } - }; - -export const loadSshKeysPanel = () => - async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + const user = getState().auth.user; + const loginCluster = getState().auth.config.clusterConfig.Login.LoginCluster; + if (user === undefined) { return; } + if (loginCluster !== "" && getState().auth.homeCluster !== loginCluster) { return; } try { - dispatch(setBreadcrumbs([{ label: 'SSH Keys'}])); - const response = await services.authorizedKeysService.list(); - dispatch(authActions.SET_SSH_KEYS(response.items)); - } catch (e) { + // Do not show errors on the create call, cluster security configuration may not + // allow token creation and there's no way to know that from workbench2 side in advance. + const client = await services.apiClientAuthorizationService.create(undefined, false); + const newExtraToken = getTokenV2(client); + dispatch(authActions.SET_EXTRA_TOKEN({ + extraApiToken: newExtraToken, + extraApiTokenExpiration: client.expiresAt ? new Date(client.expiresAt) : undefined, + })); + return newExtraToken; + } catch { + console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings."); return; } }; +export const login = (uuidPrefix: string, homeCluster: string, loginCluster: string, + remoteHosts: { [key: string]: string }) => (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => { + services.authService.login(uuidPrefix, homeCluster, loginCluster, remoteHosts); + dispatch(authActions.LOGIN()); + }; + +export const logout = (deleteLinkData: boolean = false) => + (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => + dispatch(authActions.LOGOUT({ deleteLinkData })); export type AuthAction = UnionOf;