[ARVADOS] updated: 1.3.0-2411-g7010ed0b9
Git user
git at public.arvados.org
Wed Apr 1 19:51:26 UTC 2020
Summary of changes:
lib/controller/handler.go | 2 +-
lib/controller/localdb/login.go | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
via 7010ed0b94f9c572f2f7220a2a1eb17b61325fe7 (commit)
via d4a861700727d2dfb19b68126b26c2bdddf47570 (commit)
from 16b5f7275ffa2bd4347134f7269744f4cd4baa2a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 7010ed0b94f9c572f2f7220a2a1eb17b61325fe7
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Apr 1 11:50:03 2020 -0400
16212: Return error for users/authenticate endpoint in SSO mode.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index 2d2053171..ae5984999 100644
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -7,8 +7,10 @@ package localdb
import (
"context"
"errors"
+ "net/http"
"git.arvados.org/arvados.git/sdk/go/arvados"
+ "git.arvados.org/arvados.git/sdk/go/httpserver"
)
type loginController interface {
@@ -25,7 +27,7 @@ func chooseLoginController(cluster *arvados.Cluster, railsProxy *railsProxy) log
case wantGoogle && !wantSSO && !wantPAM:
return &googleLoginController{Cluster: cluster, RailsProxy: railsProxy}
case !wantGoogle && wantSSO && !wantPAM:
- return railsProxy
+ return &ssoLoginController{railsProxy}
case !wantGoogle && !wantSSO && wantPAM:
return &pamLoginController{Cluster: cluster, RailsProxy: railsProxy}
default:
@@ -35,6 +37,14 @@ func chooseLoginController(cluster *arvados.Cluster, railsProxy *railsProxy) log
}
}
+// Login and Logout are passed through to the wrapped railsProxy;
+// UserAuthenticate is rejected.
+type ssoLoginController struct{ *railsProxy }
+
+func (ctrl *ssoLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
+}
+
type errorLoginController struct{ error }
func (ctrl errorLoginController) Login(context.Context, arvados.LoginOptions) (arvados.LoginResponse, error) {
commit d4a861700727d2dfb19b68126b26c2bdddf47570
Author: Tom Clegg <tom at tomclegg.ca>
Date: Wed Apr 1 11:49:16 2020 -0400
16212: Don't forward users/authenticate to Rails in legacy mode.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index d7bc9bd9a..d62ffe2fd 100644
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -79,13 +79,13 @@ func (h *Handler) setup() {
rtr := router.New(federation.New(h.Cluster))
mux.Handle("/arvados/v1/config", rtr)
+ mux.Handle("/"+arvados.EndpointUserAuthenticate.Path, rtr)
if !h.Cluster.ForceLegacyAPI14 {
mux.Handle("/arvados/v1/collections", rtr)
mux.Handle("/arvados/v1/collections/", rtr)
mux.Handle("/arvados/v1/users", rtr)
mux.Handle("/arvados/v1/users/", rtr)
- mux.Handle("/"+arvados.EndpointUserAuthenticate.Path, rtr)
mux.Handle("/login", rtr)
mux.Handle("/logout", rtr)
}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list