clear_temp() {
if [[ -z "$temp" ]]; then
- # we didn't even get as far as making a temp dir
+ # we did not even get as far as making a temp dir
:
elif [[ -z "$temp_preserve" ]]; then
+ # Go creates readonly dirs in the module cache, which cause
+ # "rm -rf" to fail unless we chmod first.
+ chmod -R u+w "$temp"
rm -rf "$temp"
else
echo "Leaving behind temp dirs in $temp"
tmpdir_gem_home="$(env - PATH="$PATH" HOME="$GEMHOME" gem env gempath | cut -f1 -d:)"
PATH="$tmpdir_gem_home/bin:$PATH"
- export GEM_PATH="$tmpdir_gem_home"
+ export GEM_PATH="$tmpdir_gem_home:$(gem env gempath)"
echo "Will install dependencies to $(gem env gemdir)"
- echo "Will install arvados gems to $tmpdir_gem_home"
+ echo "Will install bundler and arvados gems to $tmpdir_gem_home"
echo "Gem search path is GEM_PATH=$GEM_PATH"
- bundle="$(gem env gempath | cut -f1 -d:)/bin/bundle"
+ bundle="$tmpdir_gem_home/bin/bundle"
(
export HOME=$GEMHOME
bundlers="$(gem list --details bundler)"
package localdb
import (
+ "bytes"
"context"
- "errors"
"fmt"
+ "html/template"
"git.arvados.org/arvados.git/lib/controller/rpc"
"git.arvados.org/arvados.git/sdk/go/arvados"
}
func (ctrl *testLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
- return arvados.LoginResponse{}, errors.New("interactive login is not available")
+ tmpl, err := template.New("form").Parse(loginform)
+ if err != nil {
+ return arvados.LoginResponse{}, err
+ }
+ var buf bytes.Buffer
+ err = tmpl.Execute(&buf, opts)
+ if err != nil {
+ return arvados.LoginResponse{}, err
+ }
+ return arvados.LoginResponse{HTML: buf}, nil
}
func (ctrl *testLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
}
return arvados.APIClientAuthorization{}, fmt.Errorf("authentication failed for user %q with password len=%d", opts.Username, len(opts.Password))
}
+
+const loginform = `
+<!doctype html>
+<html>
+ <head><title>Arvados test login</title>
+ <script>
+ async function authenticate(event) {
+ event.preventDefault()
+ document.getElementById('error').innerHTML = ''
+ const resp = await fetch('/arvados/v1/users/authenticate', {
+ method: 'POST',
+ mode: 'same-origin',
+ headers: {'Content-Type': 'application/json'},
+ body: JSON.stringify({
+ username: document.getElementById('username').value,
+ password: document.getElementById('password').value,
+ }),
+ })
+ if (!resp.ok) {
+ document.getElementById('error').innerHTML = 'authentication failed (default accounts are user/user, admin/admin)'
+ return
+ }
+ var redir = document.getElementById('return_to').value
+ if (redir.indexOf('?') > 0) {
+ redir += '&'
+ } else {
+ redir += '?'
+ }
+ const respj = await resp.json()
+ document.location = redir + "api_token=" + respj.api_token
+ }
+ </script>
+ </head>
+ <body>
+ <h3>Arvados test login</h3>
+ <form method="POST">
+ <input id="return_to" type="hidden" name="return_to" value="{{.ReturnTo}}">
+ username <input id="username" type="text" name="username" size=16>
+ password <input id="password" type="password" name="password" size=16>
+ <input type="submit" value="Log in">
+ <br>
+ <p id="error"></p>
+ </form>
+ </body>
+ <script>
+ document.getElementsByTagName('form')[0].onsubmit = authenticate
+ </script>
+</html>
+`
}
}
}
+
+func (s *TestUserSuite) TestLoginForm(c *check.C) {
+ resp, err := s.ctrl.Login(s.ctx, arvados.LoginOptions{
+ ReturnTo: "https://localhost:12345/example",
+ })
+ c.Check(err, check.IsNil)
+ c.Check(resp.HTML.String(), check.Matches, `(?ms).*<form method="POST".*`)
+ c.Check(resp.HTML.String(), check.Matches, `(?ms).*<input id="return_to" type="hidden" name="return_to" value="https://localhost:12345/example">.*`)
+}
ARVADOS_ROOT="$ARVBOX_DATA/arvados"
fi
-if test -z "$SSO_ROOT" ; then
- SSO_ROOT="$ARVBOX_DATA/sso-devise-omniauth-provider"
-fi
-
if test -z "$COMPOSER_ROOT" ; then
COMPOSER_ROOT="$ARVBOX_DATA/composer"
fi
docker_run_dev() {
docker run \
"--volume=$ARVADOS_ROOT:/usr/src/arvados:rw" \
- "--volume=$SSO_ROOT:/usr/src/sso:rw" \
"--volume=$COMPOSER_ROOT:/usr/src/composer:rw" \
"--volume=$WORKBENCH2_ROOT:/usr/src/workbench2:rw" \
"--volume=$PG_DATA:/var/lib/postgresql:rw" \
if ! test -d "$ARVADOS_ROOT" ; then
git clone https://git.arvados.org/arvados.git "$ARVADOS_ROOT"
fi
- if ! test -d "$SSO_ROOT" ; then
- git clone https://github.com/arvados/sso-devise-omniauth-provider.git "$SSO_ROOT"
- fi
if ! test -d "$COMPOSER_ROOT" ; then
git clone https://github.com/arvados/composer.git "$COMPOSER_ROOT"
git -C "$COMPOSER_ROOT" checkout arvados-fork
/usr/local/lib/arvbox/runsu.sh \
/usr/local/lib/arvbox/waitforpostgres.sh
- docker exec -ti \
- $ARVBOX_CONTAINER \
- /usr/local/lib/arvbox/runsu.sh \
- /var/lib/arvbox/service/sso/run-service --only-setup
-
docker exec -ti \
$ARVBOX_CONTAINER \
/usr/local/lib/arvbox/runsu.sh \
exit 1
fi
set -x
+ chmod -R u+w "$ARVBOX_DATA"
rm -rf "$ARVBOX_DATA"
else
if test "$1" != -f ; then
"$ARVBOX_BASE/$1/gopath" \
"$ARVBOX_BASE/$1/Rlibs" \
"$ARVBOX_BASE/$1/arvados" \
- "$ARVBOX_BASE/$1/sso-devise-omniauth-provider" \
"$ARVBOX_BASE/$1/composer" \
"$ARVBOX_BASE/$1/workbench2" \
"$ARVBOX_BASE/$2"
FROM arvados/arvbox-base
ARG arvados_version
-ARG sso_version=master
ARG composer_version=arvados-fork
ARG workbench2_version=master
git clone --no-checkout https://github.com/arvados/arvados.git && \
git -C arvados checkout ${arvados_version} && \
git -C arvados pull && \
- git clone --no-checkout https://github.com/arvados/sso-devise-omniauth-provider.git sso && \
- git -C sso checkout ${sso_version} && \
- git -C sso pull && \
git clone --no-checkout https://github.com/arvados/composer.git && \
git -C composer checkout ${composer_version} && \
git -C composer pull && \
RUN ln -sf /var/lib/arvbox/service /etc
RUN mkdir -p /var/lib/arvados
RUN echo "production" > /var/lib/arvados/api_rails_env
-RUN echo "production" > /var/lib/arvados/sso_rails_env
RUN echo "production" > /var/lib/arvados/workbench_rails_env
RUN /usr/local/lib/arvbox/createusers.sh
RUN sudo -u arvbox /var/lib/arvbox/service/composer/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/workbench2/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/keep-web/run-service --only-deps
-RUN sudo -u arvbox /var/lib/arvbox/service/sso/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/workbench/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/doc/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/vm/run-service --only-deps
RUN ln -sf /var/lib/arvbox/service /etc
RUN mkdir -p /var/lib/arvados
RUN echo "development" > /var/lib/arvados/api_rails_env
-RUN echo "development" > /var/lib/arvados/sso_rails_env
RUN echo "development" > /var/lib/arvados/workbench_rails_env
RUN mkdir /etc/test-service && \
secret_token=$(cat /var/lib/arvados/api_secret_token)
blob_signing_key=$(cat /var/lib/arvados/blob_signing_key)
management_token=$(cat /var/lib/arvados/management_token)
- sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
database_pw=$(cat /var/lib/arvados/api_database_pw)
vm_uuid=$(cat /var/lib/arvados/vm-uuid)
uuid_prefix: $uuid_prefix
secret_token: $secret_token
blob_signing_key: $blob_signing_key
- sso_app_secret: $sso_app_secret
- sso_app_id: arvados-server
- sso_provider_url: "https://$localip:${services[sso]}"
- sso_insecure: false
workbench_address: "https://$localip/"
websocket_address: "wss://$localip:${services[websockets-ssl]}/websocket"
git_repo_ssh_base: "git@$localip:"
fi
system_root_token=$(cat /var/lib/arvados/system_root_token)
-if ! test -s /var/lib/arvados/sso_app_secret ; then
- ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_app_secret
-fi
-sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
if ! test -s /var/lib/arvados/vm-uuid ; then
echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > /var/lib/arvados/vm-uuid
fi
ExternalURL: "https://$localip:${services[workbench]}"
Workbench2:
ExternalURL: "https://$localip:${services[workbench2-ssl]}"
- SSO:
- ExternalURL: "https://$localip:${services[sso]}"
Keepproxy:
ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
InternalURLs:
DefaultReplication: 1
TrustAllContent: true
Login:
- SSO:
+ Test:
Enable: true
- ProviderAppSecret: $sso_app_secret
- ProviderAppID: arvados-server
+ Users:
+ admin:
+ Email: admin@example.com
+ Password: admin
+ user:
+ Email: user@example.com
+ Password: user
Users:
NewUsersAreActive: true
- AutoAdminFirstUser: true
+ AutoAdminUserWithEmail: admin@example.com
AutoSetupNewUsers: true
AutoSetupNewUsersWithVmUUID: $vm_uuid
AutoSetupNewUsersWithRepository: true
[api]=8004
[controller]=8003
[controller-ssl]=8000
- [sso]=8900
[composer]=4200
[arv-git-httpd-ssl]=9000
[arv-git-httpd]=9001
gemlockcount=0
for l in /usr/src/arvados/services/api/Gemfile.lock \
- /usr/src/arvados/apps/workbench/Gemfile.lock \
- /usr/src/sso/Gemfile.lock ; do
+ /usr/src/arvados/apps/workbench/Gemfile.lock ; do
gc=$(cat $l \
| grep -vE "(GEM|PLATFORMS|DEPENDENCIES|BUNDLED|GIT|$^|remote:|specs:|revision:)" \
| sed 's/^ *//' | sed 's/(.*)//' | sed 's/ *$//' | sort | uniq | wc -l)
+++ /dev/null
-/usr/local/lib/arvbox/logger
\ No newline at end of file
+++ /dev/null
-/usr/local/lib/arvbox/runsu.sh
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-exec 2>&1
-set -ex -o pipefail
-
-. /usr/local/lib/arvbox/common.sh
-
-cd /usr/src/sso
-if test -s /var/lib/arvados/sso_rails_env ; then
- export RAILS_ENV=$(cat /var/lib/arvados/sso_rails_env)
-else
- export RAILS_ENV=development
-fi
-
-run_bundler --without=development
-bundle exec passenger-config build-native-support
-bundle exec passenger-config install-standalone-runtime
-
-if test "$1" = "--only-deps" ; then
- exit
-fi
-
-set -u
-
-uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
-
-if ! test -s /var/lib/arvados/sso_secret_token ; then
- ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_secret_token
-fi
-secret_token=$(cat /var/lib/arvados/sso_secret_token)
-
-openssl verify -CAfile $root_cert $server_cert
-
-cat >config/application.yml <<EOF
-$RAILS_ENV:
- uuid_prefix: $uuid_prefix
- secret_token: $secret_token
- default_link_url: "http://$localip"
- allow_account_registration: true
-EOF
-
-(cd config && /usr/local/lib/arvbox/yml_override.py application.yml)
-
-if ! test -f /var/lib/arvados/sso_database_pw ; then
- ruby -e 'puts rand(2**128).to_s(36)' > /var/lib/arvados/sso_database_pw
-fi
-database_pw=$(cat /var/lib/arvados/sso_database_pw)
-
-if ! (psql postgres -c "\du" | grep "^ arvados_sso ") >/dev/null ; then
- psql postgres -c "create user arvados_sso with password '$database_pw'"
- psql postgres -c "ALTER USER arvados_sso CREATEDB;"
-fi
-
-sed "s/password:.*/password: $database_pw/" <config/database.yml.example >config/database.yml
-
-if ! test -f /var/lib/arvados/sso_database_setup ; then
- bundle exec rake db:setup
-
- app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
- bundle exec rails console <<EOF
-c = Client.new
-c.name = "joshid"
-c.app_id = "arvados-server"
-c.app_secret = "$app_secret"
-c.save!
-EOF
-
- touch /var/lib/arvados/sso_database_setup
-fi
-
-rm -rf tmp
-mkdir -p tmp/cache
-
-bundle exec rake assets:precompile
-bundle exec rake db:migrate
-
-set +u
-if test "$1" = "--only-setup" ; then
- exit
-fi
-
-exec bundle exec passenger start --port=${services[sso]} \
- --ssl --ssl-certificate=/var/lib/arvados/server-cert-${localip}.pem \
- --ssl-certificate-key=/var/lib/arvados/server-cert-${localip}.key
projects / arvados.git / commitdiff