If the cluster's config API.TokenLifetime isn't zero, creating new tokens
isn't allowed. From wb2's side, there's no way to know in advance if this
will be allowed so this commit avoids showing the error on app's bootup
and shows a warning message on the UI when the user tries to do it manually.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
ownerUuid: string;
defaultOwnerUuid: string;
scopes: string[];
ownerUuid: string;
defaultOwnerUuid: string;
scopes: string[];
-}
\ No newline at end of file
+}
+
+export const getTokenV2 = (aca: ApiClientAuthorization): string =>
+ `v2/${aca.uuid}/${aca.apiToken}`;
\ No newline at end of file
- create(data?: Partial<T>) {
+ create(data?: Partial<T>, showErrors?: boolean) {
return CommonService.defaultResponse(
this.serverApi
.post<T>(this.resourceType, data && CommonService.mapKeys(_.snakeCase)(data)),
return CommonService.defaultResponse(
this.serverApi
.post<T>(this.resourceType, data && CommonService.mapKeys(_.snakeCase)(data)),
+ this.actions,
+ true, // mapKeys
+ showErrors
import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions";
import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions';
import { addRemoteConfig } from './auth-action-session';
import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions";
import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions';
import { addRemoteConfig } from './auth-action-session';
+import { getTokenV2 } from '~/models/api-client-authorization';
export const authActions = unionize({
LOGIN: {},
export const authActions = unionize({
LOGIN: {},
const user = getState().auth.user;
if (user === undefined) { return; }
try {
const user = getState().auth.user;
if (user === undefined) { return; }
try {
- const aca = await services.apiClientAuthorizationService.create();
- const newExtraToken = `v2/${aca.uuid}/${aca.apiToken}`;
+ // Do not show errors on the create call, cluster security configuration may not
+ // allow token creation and there's no way to know that from workbench2 side in advance.
+ const client = await services.apiClientAuthorizationService.create(undefined, false);
+ const newExtraToken = getTokenV2(client);
dispatch(authActions.SET_EXTRA_TOKEN({ extraToken: newExtraToken }));
return newExtraToken;
} catch {
dispatch(authActions.SET_EXTRA_TOKEN({ extraToken: newExtraToken }));
return newExtraToken;
} catch {
+ console.warn("Cannot create new tokens with the current token, probably because of cluster's security settings.");
import { getResource } from '~/store/resources/resources';
import { navigateTo, navigateToUsers, navigateToRootProject } from "~/store/navigation/navigation-action";
import { authActions } from '~/store/auth/auth-action';
import { getResource } from '~/store/resources/resources';
import { navigateTo, navigateToUsers, navigateToRootProject } from "~/store/navigation/navigation-action";
import { authActions } from '~/store/auth/auth-action';
+import { getTokenV2 } from "~/models/api-client-authorization";
export const USERS_PANEL_ID = 'usersPanel';
export const USER_ATTRIBUTES_DIALOG = 'userAttributesDialog';
export const USERS_PANEL_ID = 'usersPanel';
export const USER_ATTRIBUTES_DIALOG = 'userAttributesDialog';
const data = getResource<UserResource>(uuid)(resources);
const client = await services.apiClientAuthorizationService.create({ ownerUuid: uuid });
if (data) {
const data = getResource<UserResource>(uuid)(resources);
const client = await services.apiClientAuthorizationService.create({ ownerUuid: uuid });
if (data) {
- dispatch<any>(authActions.INIT_USER({ user: data, token: `v2/${client.uuid}/${client.apiToken}` }));
+ dispatch<any>(authActions.INIT_USER({ user: data, token: getTokenV2(client) }));
location.reload();
dispatch<any>(navigateToRootProject);
}
location.reload();
dispatch<any>(navigateToRootProject);
}
hideDuration: 2000,
kind: SnackbarKind.SUCCESS
}));
hideDuration: 2000,
kind: SnackbarKind.SUCCESS
}));
+ } else {
+ this.props.dispatch(snackbarActions.OPEN_SNACKBAR({
+ message: 'Creating new tokens is not allowed',
+ hideDuration: 2000,
+ kind: SnackbarKind.WARNING
+ }));