X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e46caaf835e32106e2da5aa7f895435bd4718da6..fb96637bf76fe8779e7a7e58f052b8f55ed76f4f:/lib/controller/localdb/login.go diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go index 01fa84ea4f..3c7b01baad 100644 --- a/lib/controller/localdb/login.go +++ b/lib/controller/localdb/login.go @@ -30,15 +30,14 @@ type loginController interface { func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginController { wantGoogle := cluster.Login.Google.Enable wantOpenIDConnect := cluster.Login.OpenIDConnect.Enable - wantSSO := cluster.Login.SSO.Enable wantPAM := cluster.Login.PAM.Enable wantLDAP := cluster.Login.LDAP.Enable wantTest := cluster.Login.Test.Enable wantLoginCluster := cluster.Login.LoginCluster != "" && cluster.Login.LoginCluster != cluster.ClusterID switch { - case 1 != countTrue(wantGoogle, wantOpenIDConnect, wantSSO, wantPAM, wantLDAP, wantTest, wantLoginCluster): + case 1 != countTrue(wantGoogle, wantOpenIDConnect, wantPAM, wantLDAP, wantTest, wantLoginCluster): return errorLoginController{ - error: errors.New("configuration problem: exactly one of Login.Google, Login.OpenIDConnect, Login.SSO, Login.PAM, Login.LDAP, Login.Test, or Login.LoginCluster must be set"), + error: errors.New("configuration problem: exactly one of Login.Google, Login.OpenIDConnect, Login.PAM, Login.LDAP, Login.Test, or Login.LoginCluster must be set"), } case wantGoogle: return &oidcLoginController{ @@ -54,18 +53,18 @@ func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginControll } case wantOpenIDConnect: return &oidcLoginController{ - Cluster: cluster, - Parent: parent, - Issuer: cluster.Login.OpenIDConnect.Issuer, - ClientID: cluster.Login.OpenIDConnect.ClientID, - ClientSecret: cluster.Login.OpenIDConnect.ClientSecret, - AuthParams: cluster.Login.OpenIDConnect.AuthenticationRequestParameters, - EmailClaim: cluster.Login.OpenIDConnect.EmailClaim, - EmailVerifiedClaim: cluster.Login.OpenIDConnect.EmailVerifiedClaim, - UsernameClaim: cluster.Login.OpenIDConnect.UsernameClaim, + Cluster: cluster, + Parent: parent, + Issuer: cluster.Login.OpenIDConnect.Issuer, + ClientID: cluster.Login.OpenIDConnect.ClientID, + ClientSecret: cluster.Login.OpenIDConnect.ClientSecret, + AuthParams: cluster.Login.OpenIDConnect.AuthenticationRequestParameters, + EmailClaim: cluster.Login.OpenIDConnect.EmailClaim, + EmailVerifiedClaim: cluster.Login.OpenIDConnect.EmailVerifiedClaim, + UsernameClaim: cluster.Login.OpenIDConnect.UsernameClaim, + AcceptAccessToken: cluster.Login.OpenIDConnect.AcceptAccessToken, + AcceptAccessTokenScope: cluster.Login.OpenIDConnect.AcceptAccessTokenScope, } - case wantSSO: - return &ssoLoginController{Parent: parent} case wantPAM: return &pamLoginController{Cluster: cluster, Parent: parent} case wantLDAP: @@ -91,20 +90,6 @@ func countTrue(vals ...bool) int { return n } -// Login and Logout are passed through to the parent's railsProxy; -// UserAuthenticate is rejected. -type ssoLoginController struct{ Parent *Conn } - -func (ctrl *ssoLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) { - return ctrl.Parent.railsProxy.Login(ctx, opts) -} -func (ctrl *ssoLoginController) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) { - return ctrl.Parent.railsProxy.Logout(ctx, opts) -} -func (ctrl *ssoLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) { - return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest) -} - type errorLoginController struct{ error } func (ctrl errorLoginController) Login(context.Context, arvados.LoginOptions) (arvados.LoginResponse, error) {