projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
20472: Always do "select for update" before priority update
[arvados.git] / services / api / app / controllers / user_sessions_controller.rb
diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index da0523d2b0e54f01c24130b31e9f222c07a81889..ae34fa76006aabe6c7866cee09d8249f58254567 100644 (file)
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -11,7 +11,7 @@ class UserSessionsController < ApplicationController
 
   respond_to :html
 
-  # omniauth callback method
+  # create a new session
   def create
     if !Rails.configuration.Login.LoginCluster.empty? and Rails.configuration.Login.LoginCluster != Rails.configuration.ClusterID
       raise "Local login disabled when LoginCluster is set"
@@ -27,9 +27,7 @@ class UserSessionsController < ApplicationController
       authinfo = SafeJSON.load(params[:auth_info])
       max_expires_at = authinfo["expires_at"]
     else
-      # omniauth middleware verified the user and is passing auth_info
-      # in request.env.
-      authinfo = request.env['omniauth.auth']['info'].with_indifferent_access
+      return send_error "Legacy code path no longer supported", status: 404
     end
 
     if !authinfo['user_uuid'].blank?
@@ -92,19 +90,17 @@ class UserSessionsController < ApplicationController
     flash[:notice] = params[:message]
   end
 
-  # logout - Clear our rack session BUT essentially redirect to the provider
-  # to clean up the Devise session from there too !
+  # logout - this gets intercepted by controller, so this is probably
+  # mostly dead code at this point.
   def logout
     session[:user_id] = nil
 
     flash[:notice] = 'You have logged off'
     return_to = params[:return_to] || root_url
-    redirect_to "#{Rails.configuration.Services.SSO.ExternalURL}users/sign_out?redirect_uri=#{CGI.escape return_to}"
+    redirect_to return_to
   end
 
-  # login - Just bounce to /auth/joshid. The only purpose of this function is
-  # to save the return_to parameter (if it exists; see the application
-  # controller). /auth/joshid bypasses the application controller.
+  # login.  Redirect to LoginCluster.
   def login
     if params[:remote] !~ /^[0-9a-z]{5}$/ && !params[:remote].nil?
       return send_error 'Invalid remote cluster id', status: 400
@@ -136,13 +132,7 @@ class UserSessionsController < ApplicationController
       p << "return_to=#{CGI.escape(params[:return_to])}" if params[:return_to]
       redirect_to "#{login_cluster}/login?#{p.join('&')}"
     else
-      if params[:return_to]
-        # Encode remote param inside callback's return_to, so that we'll get it on
-        # create() after login.
-        remote_param = params[:remote].nil? ? '' : params[:remote]
-        p << "return_to=#{CGI.escape(remote_param + ',' + params[:return_to])}"
-      end
-      redirect_to "/auth/joshid?#{p.join('&')}"
+      return send_error "Legacy code path no longer supported", status: 404
     end
   end
 
@@ -158,9 +148,9 @@ class UserSessionsController < ApplicationController
     end
     if Rails.configuration.Login.TokenLifetime > 0
       if token_expiration == nil
-        token_expiration = Time.now + Rails.configuration.Login.TokenLifetime
+        token_expiration = db_current_time + Rails.configuration.Login.TokenLifetime
       else
-        token_expiration = [token_expiration, Time.now + Rails.configuration.Login.TokenLifetime].min
+        token_expiration = [token_expiration, db_current_time + Rails.configuration.Login.TokenLifetime].min
       end
     end