[ARVADOS] updated: 2.1.0-258-gf5df3852a
Git user
git at public.arvados.org
Wed Jan 13 21:17:19 UTC 2021
Summary of changes:
lib/controller/rpc/conn.go | 4 ++++
.../app/controllers/user_sessions_controller.rb | 24 +++++-----------------
2 files changed, 9 insertions(+), 19 deletions(-)
via f5df3852a472d3c75cdcff394f0fa45423c05388 (commit)
from 7044c78d3c48cb3e43beb9a88e01aa770f12af2d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit f5df3852a472d3c75cdcff394f0fa45423c05388
Author: Nico Cesar <nico at nicocesar.com>
Date: Wed Jan 13 16:15:44 2021 -0500
auth/controller/callback fix in rpc/conn.go
Arvados-DCO-1.1-Signed-off-by: Nico Cesar <nico at curii.com>
diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index b0935bd33..15274cb78 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -453,6 +453,10 @@ type UserSessionCreateOptions struct {
func (conn *Conn) UserSessionCreate(ctx context.Context, options UserSessionCreateOptions) (arvados.LoginResponse, error) {
ep := arvados.APIEndpoint{Method: "POST", Path: "auth/controller/callback"}
+ // if ExpiresAt is empty value then add 2 hour expiration
+ if options.AuthInfo.ExpiresAt.IsZero() {
+ options.AuthInfo.ExpiresAt = time.Now().UTC().Add(2 * time.Hour)
+ }
var resp arvados.LoginResponse
err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
return resp, err
diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index 912c25694..3d109c49c 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -17,6 +17,7 @@ class UserSessionsController < ApplicationController
raise "Local login disabled when LoginCluster is set"
end
+ max_expires_at = nil
if params[:provider] == 'controller'
if request.headers['Authorization'] != 'Bearer ' + Rails.configuration.SystemRootToken
return send_error('Invalid authorization header', status: 401)
@@ -24,6 +25,7 @@ class UserSessionsController < ApplicationController
# arvados-controller verified the user and is passing auth_info
# in request params.
authinfo = SafeJSON.load(params[:auth_info])
+ max_expires_at = authinfo["expires_at"]
else
# omniauth middleware verified the user and is passing auth_info
# in request.env.
@@ -80,7 +82,7 @@ class UserSessionsController < ApplicationController
return send_error 'Invalid remote cluster id', status: 400
end
remote = nil if remote == ''
- return send_api_token_to(return_to_url, user, remote, params[:expires_at])
+ return send_api_token_to(return_to_url, user, remote, max_expires_at)
end
redirect_to @redirect_to
end
@@ -154,29 +156,13 @@ class UserSessionsController < ApplicationController
@api_client = ApiClient.
find_or_create_by(url_prefix: api_client_url_prefix)
end
-
- if token_expiration == nil
- puts "NICO token_expiration == nil"
- if Rails.configuration.Login.TokenLifetime > 0
- puts "NICO TokenLifetime > 0"
+ if Rails.configuration.Login.TokenLifetime > 0
+ if token_expiration == nil
token_expiration = Time.now + Rails.configuration.Login.TokenLifetime
else
- puts "NICO TokenLifetime =< 0"
- ## no token_expiration param nor TokenLifetime. What should we do?
- end
- else
- puts "NICO token_expiration != nil"
- if Rails.configuration.Login.TokenLifetime > 0
- puts "NICO TokenLifetime > 0"
token_expiration = [token_expiration, Time.now + Rails.configuration.Login.TokenLifetime].min
- else
- puts "NICO TokenLifetime =< 0"
end
- ## if token_expiration != nil and Rails.configuration.Login.TokenLifetime == 0
- ## do nothing, use token_expiration
end
- puts "NICO final result"
- puts token_expiration
@api_client_auth = ApiClientAuthorization.
new(user: user,
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list