1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
5 import { Dispatch } from "redux";
6 import { RootState } from "~/store/store";
7 import { ServiceRepository, createServices, setAuthorizationHeader } from "~/services/services";
8 import { setBreadcrumbs } from "~/store/breadcrumbs/breadcrumbs-actions";
9 import { snackbarActions, SnackbarKind } from "~/store/snackbar/snackbar-actions";
10 import { LinkAccountType, AccountToLink, LinkAccountStatus } from "~/models/link-account";
11 import { authActions, getConfig } from "~/store/auth/auth-action";
12 import { unionize, ofType, UnionOf } from '~/common/unionize';
13 import { UserResource } from "~/models/user";
14 import { GroupResource } from "~/models/group";
15 import { LinkAccountPanelError, OriginatingUser } from "./link-account-panel-reducer";
16 import { login, logout } from "~/store/auth/auth-action";
17 import { progressIndicatorActions } from "~/store/progress-indicator/progress-indicator-actions";
18 import { WORKBENCH_LOADING_SCREEN } from '~/store/workbench/workbench-actions';
20 export const linkAccountPanelActions = unionize({
22 targetUser: UserResource | undefined
25 originatingUser: OriginatingUser | undefined,
26 targetUser: UserResource | undefined,
27 targetUserToken: string | undefined,
28 userToLink: UserResource | undefined,
29 userToLinkToken: string | undefined
31 LINK_INVALID: ofType<{
32 originatingUser: OriginatingUser | undefined,
33 targetUser: UserResource | undefined,
34 userToLink: UserResource | undefined,
35 error: LinkAccountPanelError
37 SET_SELECTED_CLUSTER: ofType<{
38 selectedCluster: string
40 SET_IS_PROCESSING: ofType<{
46 export type LinkAccountPanelAction = UnionOf<typeof linkAccountPanelActions>;
48 function validateLink(userToLink: UserResource, targetUser: UserResource) {
49 if (userToLink.uuid === targetUser.uuid) {
50 return LinkAccountPanelError.SAME_USER;
52 else if (userToLink.isAdmin && !targetUser.isAdmin) {
53 return LinkAccountPanelError.NON_ADMIN;
55 else if (!targetUser.isActive) {
56 return LinkAccountPanelError.INACTIVE;
58 return LinkAccountPanelError.NONE;
61 const newServices = (dispatch: Dispatch<any>, token: string) => {
62 const config = dispatch<any>(getConfig);
63 const svc = createServices(config, { progressFn: () => { }, errorFn: () => { } });
64 setAuthorizationHeader(svc, token);
68 export const checkForLinkStatus = () =>
69 (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
70 const status = services.linkAccountService.getLinkOpStatus();
71 if (status !== undefined) {
73 let msgKind: SnackbarKind;
74 if (status.valueOf() === LinkAccountStatus.CANCELLED) {
75 msg = "Account link cancelled!", msgKind = SnackbarKind.INFO;
77 else if (status.valueOf() === LinkAccountStatus.FAILED) {
78 msg = "Account link failed!", msgKind = SnackbarKind.ERROR;
80 else if (status.valueOf() === LinkAccountStatus.SUCCESS) {
81 msg = "Account link success!", msgKind = SnackbarKind.SUCCESS;
84 msg = "Unknown Error!", msgKind = SnackbarKind.ERROR;
86 dispatch(snackbarActions.OPEN_SNACKBAR({ message: msg, kind: msgKind, hideDuration: 3000 }));
87 services.linkAccountService.removeLinkOpStatus();
91 export const switchUser = (user: UserResource, token: string) =>
92 (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
93 dispatch(authActions.INIT({ user, token }));
96 export const linkFailed = () =>
97 (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
98 // If the link fails, switch to the user account that originated the link operation
99 const linkState = getState().linkAccountPanel;
100 if (linkState.userToLink && linkState.userToLinkToken && linkState.targetUser && linkState.targetUserToken) {
101 if (linkState.originatingUser === OriginatingUser.TARGET_USER) {
102 dispatch(switchUser(linkState.targetUser, linkState.targetUserToken));
104 else if ((linkState.originatingUser === OriginatingUser.USER_TO_LINK)) {
105 dispatch(switchUser(linkState.userToLink, linkState.userToLinkToken));
108 services.linkAccountService.removeAccountToLink();
109 services.linkAccountService.saveLinkOpStatus(LinkAccountStatus.FAILED);
113 export const loadLinkAccountPanel = () =>
114 async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
116 // If there are remote hosts, set the initial selected cluster by getting the first cluster that isn't the local cluster
117 if (getState().linkAccountPanel.selectedCluster === undefined) {
118 const localCluster = getState().auth.localCluster;
119 let selectedCluster = localCluster;
120 for (const key in getState().auth.remoteHosts) {
121 if (key !== localCluster) {
122 selectedCluster = key;
126 dispatch(linkAccountPanelActions.SET_SELECTED_CLUSTER({ selectedCluster }));
129 // First check if an account link operation has completed
130 dispatch(checkForLinkStatus());
132 // Continue loading the link account panel
133 dispatch(setBreadcrumbs([{ label: 'Link account' }]));
134 const curUser = getState().auth.user;
135 const curToken = getState().auth.apiToken;
136 if (curUser && curToken) {
138 // If there is link account session data, then the user has logged in a second time
139 const linkAccountData = services.linkAccountService.getAccountToLink();
140 if (linkAccountData) {
142 dispatch(linkAccountPanelActions.SET_IS_PROCESSING({ isProcessing: true }));
143 const curUserResource = await services.userService.get(curUser.uuid);
145 // Use the token of the user we are getting data for. This avoids any admin/non-admin permissions
146 // issues since a user will always be able to query the api server for their own user data.
147 const svc = newServices(dispatch, linkAccountData.token);
148 const savedUserResource = await svc.userService.get(linkAccountData.userUuid);
151 if (linkAccountData.type === LinkAccountType.ACCESS_OTHER_ACCOUNT || linkAccountData.type === LinkAccountType.ACCESS_OTHER_REMOTE_ACCOUNT) {
153 originatingUser: OriginatingUser.USER_TO_LINK,
154 targetUser: curUserResource,
155 targetUserToken: curToken,
156 userToLink: savedUserResource,
157 userToLinkToken: linkAccountData.token
160 else if (linkAccountData.type === LinkAccountType.ADD_OTHER_LOGIN || linkAccountData.type === LinkAccountType.ADD_LOCAL_TO_REMOTE) {
162 originatingUser: OriginatingUser.TARGET_USER,
163 targetUser: savedUserResource,
164 targetUserToken: linkAccountData.token,
165 userToLink: curUserResource,
166 userToLinkToken: curToken
170 throw new Error("Unknown link account type");
173 dispatch(switchUser(params.targetUser, params.targetUserToken));
174 const error = validateLink(params.userToLink, params.targetUser);
175 if (error === LinkAccountPanelError.NONE) {
176 dispatch(linkAccountPanelActions.LINK_LOAD(params));
179 dispatch(linkAccountPanelActions.LINK_INVALID({
180 originatingUser: params.originatingUser,
181 targetUser: params.targetUser,
182 userToLink: params.userToLink,
189 // If there is no link account session data, set the state to invoke the initial UI
190 const curUserResource = await services.userService.get(curUser.uuid);
191 dispatch(linkAccountPanelActions.LINK_INIT({ targetUser: curUserResource }));
197 dispatch(linkFailed());
200 dispatch(linkAccountPanelActions.SET_IS_PROCESSING({ isProcessing: false }));
204 export const startLinking = (t: LinkAccountType) =>
205 (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
206 const accountToLink = { type: t, userUuid: services.authService.getUuid(), token: services.authService.getApiToken() } as AccountToLink;
207 services.linkAccountService.saveAccountToLink(accountToLink);
209 const auth = getState().auth;
210 const isLocalUser = auth.user!.uuid.substring(0, 5) === auth.localCluster;
211 let homeCluster = auth.localCluster;
212 if (isLocalUser && t === LinkAccountType.ACCESS_OTHER_REMOTE_ACCOUNT) {
213 homeCluster = getState().linkAccountPanel.selectedCluster!;
217 dispatch(login(auth.localCluster, homeCluster, auth.loginCluster, auth.remoteHosts));
220 export const getAccountLinkData = () =>
221 (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
222 return services.linkAccountService.getAccountToLink();
225 export const cancelLinking = (reload: boolean = false) =>
226 async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
227 let user: UserResource | undefined;
229 // When linking is cancelled switch to the originating user (i.e. the user saved in session data)
230 dispatch(progressIndicatorActions.START_WORKING(WORKBENCH_LOADING_SCREEN));
231 const linkAccountData = services.linkAccountService.getAccountToLink();
232 if (linkAccountData) {
233 services.linkAccountService.removeAccountToLink();
234 const svc = newServices(dispatch, linkAccountData.token);
235 user = await svc.userService.get(linkAccountData.userUuid);
236 dispatch(switchUser(user, linkAccountData.token));
237 services.linkAccountService.saveLinkOpStatus(LinkAccountStatus.CANCELLED);
245 dispatch(progressIndicatorActions.STOP_WORKING(WORKBENCH_LOADING_SCREEN));
250 export const linkAccount = () =>
251 async (dispatch: Dispatch<any>, getState: () => RootState, services: ServiceRepository) => {
252 const linkState = getState().linkAccountPanel;
253 if (linkState.userToLink && linkState.userToLinkToken && linkState.targetUser && linkState.targetUserToken) {
255 // First create a project owned by the target user
256 const projectName = `Migrated from ${linkState.userToLink.email} (${linkState.userToLink.uuid})`;
257 let newGroup: GroupResource;
259 newGroup = await services.projectService.create({
261 ensure_unique_name: true
265 dispatch(linkFailed());
270 // The merge api links the user sending the request into the user
271 // specified in the request, so change the authorization header accordingly
272 const svc = newServices(dispatch, linkState.userToLinkToken);
273 await svc.linkAccountService.linkAccounts(linkState.targetUserToken, newGroup.uuid);
274 dispatch(switchUser(linkState.targetUser, linkState.targetUserToken));
275 services.linkAccountService.removeAccountToLink();
276 services.linkAccountService.saveLinkOpStatus(LinkAccountStatus.SUCCESS);
280 // If the link operation fails, delete the previously made project
282 const svc = newServices(dispatch, linkState.targetUserToken);
283 await svc.projectService.delete(newGroup.uuid);
286 dispatch(linkFailed());