[ARVADOS] created: 1.1.2-113-g4dda3a5
Git user
git at public.curoverse.com
Mon Jan 22 13:19:12 EST 2018
at 4dda3a5b85afbac450d958d81e2acb013c5bae20 (commit)
commit 4dda3a5b85afbac450d958d81e2acb013c5bae20
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date: Mon Jan 22 15:16:20 2018 -0300
11454: (WIP) Login to remote clusters using federated identity.
Expanded the multi site search's SessionDB to allow logins
using salted tokens.
Pending: Do the right thing on every combination of federation
settings.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>
diff --git a/apps/workbench/app/assets/javascripts/application.js b/apps/workbench/app/assets/javascripts/application.js
index b90081f..270a4c7 100644
--- a/apps/workbench/app/assets/javascripts/application.js
+++ b/apps/workbench/app/assets/javascripts/application.js
@@ -34,6 +34,7 @@
//= require npm-dependencies
//= require mithril/stream/stream
//= require awesomplete
+//= require jssha
//= require_tree .
Es6ObjectAssign.polyfill()
diff --git a/apps/workbench/app/assets/javascripts/components/search.js b/apps/workbench/app/assets/javascripts/components/search.js
index 2fe7319..5cb292b 100644
--- a/apps/workbench/app/assets/javascripts/components/search.js
+++ b/apps/workbench/app/assets/javascripts/components/search.js
@@ -90,7 +90,7 @@ window.SearchResultsTable = {
window.Search = {
oninit: function(vnode) {
- vnode.state.sessionDB = new SessionDB()
+ vnode.state.sessionDB = new SessionDB(vnode.attrs.remoteHosts)
vnode.state.searchEntered = m.stream()
vnode.state.searchActive = m.stream()
// When searchActive changes (e.g., when restoring state
@@ -154,7 +154,8 @@ window.Search = {
})
},
view: function(vnode) {
- var sessions = vnode.state.sessionDB.loadAll()
+ // FIXME: The line below seems superfluous
+ // var sessions = vnode.state.sessionDB.loadAll()
return m('form', {
onsubmit: function() {
vnode.state.searchActive(vnode.state.searchEntered())
diff --git a/apps/workbench/app/assets/javascripts/models/session_db.js b/apps/workbench/app/assets/javascripts/models/session_db.js
index a43cd79..28c5cc4 100644
--- a/apps/workbench/app/assets/javascripts/models/session_db.js
+++ b/apps/workbench/app/assets/javascripts/models/session_db.js
@@ -2,9 +2,10 @@
//
// SPDX-License-Identifier: AGPL-3.0
-window.SessionDB = function() {
+window.SessionDB = function(rhosts) {
var db = this
Object.assign(db, {
+ remoteHosts: rhosts || [],
discoveryCache: {},
loadFromLocalStorage: function() {
try {
@@ -81,7 +82,10 @@ window.SessionDB = function() {
// also call checkForNewToken() on (at least) its first
// render. Otherwise, the login procedure can't be
// completed.
- document.location = baseURL + 'login?return_to=' + encodeURIComponent(document.location.href.replace(/\?.*/, '')+'?baseURL='+encodeURIComponent(baseURL))
+ var remoteAPI = new URL(baseURL)
+ db.saltedToken(remoteAPI.hostname.split('.')[0]).then(function(token) {
+ document.location = baseURL + 'login?return_to=' + encodeURIComponent(document.location.href.replace(/\?.*/, '')+'?baseURL='+encodeURIComponent(baseURL)) + '&api_token='+encodeURIComponent(token)
+ })
return false
},
logout: function(k) {
@@ -92,6 +96,28 @@ window.SessionDB = function() {
delete sessions[k].token
db.save(k, sessions[k])
},
+ saltedToken: function(uuid_prefix) {
+ // Takes a cluster UUID prefix and returns a salted token to allow
+ // log into said cluster using federated identity.
+ var session = db.loadLocal()
+ var st = m.stream()
+ return db.request(session, '/arvados/v1/api_client_authorizations', {
+ data: {
+ filters: JSON.stringify([['api_token', '=', session.token]]),
+ }
+ }).then(function(resp) {
+ if (resp.items.length == 1) {
+ var token_uuid = resp.items[0].uuid
+ if (token_uuid.length !== '') {
+ var shaObj = new jsSHA("SHA-1", "TEXT")
+ shaObj.setHMACKey(session.token, "TEXT")
+ shaObj.update(uuid_prefix)
+ var hmac = shaObj.getHMAC("HEX")
+ return 'v2/' + token_uuid + '/' + hmac
+ } else { return null }
+ }
+ }).catch(function(err) { return null })
+ },
checkForNewToken: function() {
// If there's a token and baseURL in the location bar (i.e.,
// we just landed here after a successful login), save it and
@@ -127,7 +153,7 @@ window.SessionDB = function() {
},
}).then(function(user) {
session.user = user
- db.save(user.uuid.slice(0, 5), session)
+ db.save(user.owner_uuid.slice(0, 5), session)
db.trash(key)
})
})
diff --git a/apps/workbench/app/views/search/index.html b/apps/workbench/app/views/search/index.html
deleted file mode 100644
index 6bcad0b..0000000
--- a/apps/workbench/app/views/search/index.html
+++ /dev/null
@@ -1,5 +0,0 @@
-<!-- Copyright (C) The Arvados Authors. All rights reserved.
-
-SPDX-License-Identifier: AGPL-3.0 -->
-
-<div data-mount-mithril="Search"></div>
diff --git a/apps/workbench/config/application.default.yml b/apps/workbench/config/application.default.yml
index 1878450..4cf7b5e 100644
--- a/apps/workbench/config/application.default.yml
+++ b/apps/workbench/config/application.default.yml
@@ -313,4 +313,9 @@ common:
#
# Link to use for Arvados Workflow Composer app, or false if not available.
#
- composer_url: false
\ No newline at end of file
+ composer_url: false
+
+ # Multi site search federation feature:
+ # * remote_hosts: List of API servers that allow logins from accounts on this
+ # workbench's cluster.
+ remote_hosts: []
diff --git a/apps/workbench/npm_packages b/apps/workbench/npm_packages
index c126b55..64f58ac 100644
--- a/apps/workbench/npm_packages
+++ b/apps/workbench/npm_packages
@@ -8,6 +8,7 @@
npm 'browserify', require: false
npm 'jquery'
npm 'awesomplete'
+npm 'jssha'
npm 'mithril'
npm 'es6-object-assign'
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list