1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
12 "git.arvados.org/arvados.git/sdk/go/arvados"
13 "git.arvados.org/arvados.git/sdk/go/httpserver"
16 type loginController interface {
17 Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error)
18 Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error)
19 UserAuthenticate(ctx context.Context, options arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error)
22 func chooseLoginController(cluster *arvados.Cluster, railsProxy *railsProxy) loginController {
23 wantGoogle := cluster.Login.GoogleClientID != ""
24 wantSSO := cluster.Login.ProviderAppID != ""
25 wantPAM := cluster.Login.PAM
27 case wantGoogle && !wantSSO && !wantPAM:
28 return &googleLoginController{Cluster: cluster, RailsProxy: railsProxy}
29 case !wantGoogle && wantSSO && !wantPAM:
30 return &ssoLoginController{railsProxy}
31 case !wantGoogle && !wantSSO && wantPAM:
32 return &pamLoginController{Cluster: cluster, RailsProxy: railsProxy}
34 return errorLoginController{
35 error: errors.New("configuration problem: exactly one of Login.GoogleClientID, Login.ProviderAppID, or Login.PAM must be configured"),
40 // Login and Logout are passed through to the wrapped railsProxy;
41 // UserAuthenticate is rejected.
42 type ssoLoginController struct{ *railsProxy }
44 func (ctrl *ssoLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
45 return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
48 type errorLoginController struct{ error }
50 func (ctrl errorLoginController) Login(context.Context, arvados.LoginOptions) (arvados.LoginResponse, error) {
51 return arvados.LoginResponse{}, ctrl.error
53 func (ctrl errorLoginController) Logout(context.Context, arvados.LogoutOptions) (arvados.LogoutResponse, error) {
54 return arvados.LogoutResponse{}, ctrl.error
56 func (ctrl errorLoginController) UserAuthenticate(context.Context, arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
57 return arvados.APIClientAuthorization{}, ctrl.error
60 func noopLogout(cluster *arvados.Cluster, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
61 target := opts.ReturnTo
63 if cluster.Services.Workbench2.ExternalURL.Host != "" {
64 target = cluster.Services.Workbench2.ExternalURL.String()
66 target = cluster.Services.Workbench1.ExternalURL.String()
69 return arvados.LogoutResponse{RedirectLocation: target}, nil