X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0b0b4c7b23e96a6efb3cfd88b0ba7224158e9544..14d8cfa18f28586ad296e3e598d0a2a536be0613:/lib/controller/localdb/login.go diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go index 0d6f2ef027..2b20491a04 100644 --- a/lib/controller/localdb/login.go +++ b/lib/controller/localdb/login.go @@ -30,15 +30,14 @@ type loginController interface { func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginController { wantGoogle := cluster.Login.Google.Enable wantOpenIDConnect := cluster.Login.OpenIDConnect.Enable - wantSSO := cluster.Login.SSO.Enable wantPAM := cluster.Login.PAM.Enable wantLDAP := cluster.Login.LDAP.Enable wantTest := cluster.Login.Test.Enable wantLoginCluster := cluster.Login.LoginCluster != "" && cluster.Login.LoginCluster != cluster.ClusterID switch { - case 1 != countTrue(wantGoogle, wantOpenIDConnect, wantSSO, wantPAM, wantLDAP, wantTest, wantLoginCluster): + case 1 != countTrue(wantGoogle, wantOpenIDConnect, wantPAM, wantLDAP, wantTest, wantLoginCluster): return errorLoginController{ - error: errors.New("configuration problem: exactly one of Login.Google, Login.OpenIDConnect, Login.SSO, Login.PAM, Login.LDAP, Login.Test, or Login.LoginCluster must be set"), + error: errors.New("configuration problem: exactly one of Login.Google, Login.OpenIDConnect, Login.PAM, Login.LDAP, Login.Test, or Login.LoginCluster must be set"), } case wantGoogle: return &oidcLoginController{ @@ -66,8 +65,6 @@ func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginControll AcceptAccessToken: cluster.Login.OpenIDConnect.AcceptAccessToken, AcceptAccessTokenScope: cluster.Login.OpenIDConnect.AcceptAccessTokenScope, } - case wantSSO: - return &ssoLoginController{Parent: parent} case wantPAM: return &pamLoginController{Cluster: cluster, Parent: parent} case wantLDAP: @@ -93,20 +90,6 @@ func countTrue(vals ...bool) int { return n } -// Login and Logout are passed through to the parent's railsProxy; -// UserAuthenticate is rejected. -type ssoLoginController struct{ Parent *Conn } - -func (ctrl *ssoLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) { - return ctrl.Parent.railsProxy.Login(ctx, opts) -} -func (ctrl *ssoLoginController) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) { - return ctrl.Parent.railsProxy.Logout(ctx, opts) -} -func (ctrl *ssoLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) { - return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest) -} - type errorLoginController struct{ error } func (ctrl errorLoginController) Login(context.Context, arvados.LoginOptions) (arvados.LoginResponse, error) { @@ -164,13 +147,13 @@ func (conn *Conn) CreateAPIClientAuthorization(ctx context.Context, rootToken st tokensecret = tokenparts[2] } } - var exp sql.NullString + var exp sql.NullTime var scopes []byte err = tx.QueryRowxContext(ctx, "select uuid, api_token, expires_at, scopes from api_client_authorizations where api_token=$1", tokensecret).Scan(&resp.UUID, &resp.APIToken, &exp, &scopes) if err != nil { return } - resp.ExpiresAt = exp.String + resp.ExpiresAt = exp.Time if len(scopes) > 0 { err = json.Unmarshal(scopes, &resp.Scopes) if err != nil {