11454: Conditional login to remote API servers.

When adding new sites to the multi site search, if the remote
site allows federated logins from the local site, created a
salted token to be able to start a session.
If not, use the classic login method.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima@veritasgenetics.com>

diff --git a/apps/workbench/app/assets/javascripts/models/session_db.js b/apps/workbench/app/assets/javascripts/models/session_db.js
index 28c5cc40788083459bc605e64ac244d99c69a3bb..79e98ca37e84a0b577e5c342e6a2e804cdf355eb 100644 (file)
--- a/apps/workbench/app/assets/javascripts/models/session_db.js
+++ b/apps/workbench/app/assets/javascripts/models/session_db.js
@@ -82,9 +82,20 @@ window.SessionDB = function(rhosts) {
             // also call checkForNewToken() on (at least) its first
             // render. Otherwise, the login procedure can't be
             // completed.
-            var remoteAPI = new URL(baseURL)
-            db.saltedToken(remoteAPI.hostname.split('.')[0]).then(function(token) {
-                document.location = baseURL + 'login?return_to=' + encodeURIComponent(document.location.href.replace(/\?.*/, '')+'?baseURL='+encodeURIComponent(baseURL)) + '&api_token='+encodeURIComponent(token)
+            var session = db.loadLocal()
+            var uuidPrefix = session.user.owner_uuid.slice(0, 5)
+            var apiHostname = new URL(session.baseURL).hostname
+            m.request(baseURL+'discovery/v1/apis/arvados/v1/rest').then(function(dd) {
+                if (uuidPrefix in dd.remoteHosts ||
+                    (dd.remoteHostsViaDNS && apiHostname.indexOf('arvadosapi.com') >= 0)) {
+                    // Federated identity login via salted token
+                    db.saltedToken(dd.uuidPrefix).then(function(token) {
+                        document.location = baseURL + 'login?return_to=' + encodeURIComponent(document.location.href.replace(/\?.*/, '')+'?baseURL='+encodeURIComponent(baseURL)) + '&api_token='+encodeURIComponent(token)
+                    })
+                } else {
+                    // Classic login
+                    document.location = baseURL + 'login?return_to=' + encodeURIComponent(document.location.href.replace(/\?.*/, '')+'?baseURL='+encodeURIComponent(baseURL))
+                }
             })
             return false
         },
@@ -100,7 +111,6 @@ window.SessionDB = function(rhosts) {
             // Takes a cluster UUID prefix and returns a salted token to allow
             // log into said cluster using federated identity.
             var session = db.loadLocal()
-            var st = m.stream()
             return db.request(session, '/arvados/v1/api_client_authorizations', {
                 data: {
                     filters: JSON.stringify([['api_token', '=', session.token]]),

diff --git a/apps/workbench/app/views/search/index.html.erb b/apps/workbench/app/views/search/index.html.erb
new file mode 100644 (file)
index 0000000..ff3e190
--- /dev/null
+++ b/apps/workbench/app/views/search/index.html.erb
@@ -0,0 +1,7 @@
+<!-- Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: AGPL-3.0 -->
+
+<div data-mount-mithril="Search" 
+    data-remote-hosts="<%= Rails.configuration.remote_hosts %>">
+</div>