Have external login always make an API request to get the authorization URL

This makes the OIDC lookup lazy, ensuring that the rest of the registry and app continues working even if one OIDC provider goes down.
2017-01-23 19:06:19 -05:00 · 2017-01-23 19:06:19 -05:00 · a9791ea419
commit a9791ea419
parent fda203e4d7
9 changed files with 128 additions and 49 deletions
--- a/static/js/directives/ui/external-login-button.js
+++ b/static/js/directives/ui/external-login-button.js
@ -20,9 +20,7 @@ angular.module('quay').directive('externalLoginButton', function () {

      $scope.startSignin = function() {
        $scope.signInStarted({'service': $scope.provider});
-        ApiService.generateExternalLoginToken().then(function(data) {
-          var url = ExternalLoginService.getLoginUrl($scope.provider, $scope.action || 'login');
-          url = url + '&state=' + encodeURIComponent(data['token']);
+        ExternalLoginService.getLoginUrl($scope.provider, $scope.action || 'login', function(url) {

          // Save the redirect URL in a cookie so that we can redirect back after the service returns to us.
          var redirectURL = $scope.redirectUrl || window.location.toString();
@ -34,7 +32,7 @@ angular.module('quay').directive('externalLoginButton', function () {
          $timeout(function() {
            document.location = url;
          }, 250);
-        }, ApiService.errorDisplay('Could not perform sign in'));
+        });
      };
    }
  };
--- a/static/js/directives/ui/header-bar.js
+++ b/static/js/directives/ui/header-bar.js
@ -16,7 +16,9 @@ angular.module('quay').directive('headerBar', function () {
          PlanService, ApiService, NotificationService, Config, Features,
          DocumentationService, ExternalLoginService) {

-      $scope.externalSigninUrl = ExternalLoginService.getSingleSigninUrl();
+      ExternalLoginService.getSingleSigninUrl(function(url) {
+        $scope.externalSigninUrl = url;
+      });

      var hotkeysAdded = false;
      var userUpdated = function(cUser) {
--- a/static/js/pages/signin.js
+++ b/static/js/pages/signin.js
@ -11,9 +11,10 @@
  function SignInCtrl($scope, $location, ExternalLoginService, Features) {
    $scope.redirectUrl = '/';

-    var singleUrl = ExternalLoginService.getSingleSigninUrl();
-    if (singleUrl) {
-      document.location = singleUrl;
-    }
+    ExternalLoginService.getSingleSigninUrl(function(singleUrl) {
+      if (singleUrl) {
+        document.location = singleUrl;
+      }
+    });
  }
 })();
--- a/static/js/services/external-login-service.js
+++ b/static/js/services/external-login-service.js
@ -1,40 +1,43 @@
 /**
 * Service which exposes the supported external logins.
 */
-angular.module('quay').factory('ExternalLoginService', ['Features', 'Config',
-  function(Features, Config) {
+angular.module('quay').factory('ExternalLoginService', ['Features', 'Config', 'ApiService',
+  function(Features, Config, ApiService) {
  var externalLoginService = {};

  externalLoginService.EXTERNAL_LOGINS = window.__external_login;

-  externalLoginService.getLoginUrl = function(loginService, action) {
-    var loginUrl = loginService['config']['AUTHORIZE_ENDPOINT'];
-    var clientId = loginService['config']['CLIENT_ID'];
+  externalLoginService.getLoginUrl = function(loginService, action, callback) {
+    var errorDisplay = ApiService.errorDisplay('Could not load external login service ' +
+                                               'information. Please contact your service ' +
+                                               'administrator.')

-    var scope = loginService.scopes.join(' ');
-    var redirectUri = Config.getUrl('/oauth2/' + loginService['id'] + '/callback');
+    var params = {
+      'service_id': loginService['id']
+    };

-    if (action == 'attach') {
-      redirectUri += '/attach';
-    }
+    var data = {
+      'kind': action
+    };

-    var url = loginUrl + 'client_id=' + clientId + '&scope=' + scope + '&redirect_uri=' +
-              redirectUri;
-    return url;
+    ApiService.retrieveExternalLoginAuthorizationUrl(data, params).then(function(resp) {
+      callback(resp['auth_url']);
+    }, errorDisplay);
  };

  externalLoginService.hasSingleSignin = function() {
    return externalLoginService.EXTERNAL_LOGINS.length == 1 && !Features.DIRECT_LOGIN;
  };

-  externalLoginService.getSingleSigninUrl = function() {
-    // If there is a single external login service and direct login is disabled,
-    // then redirect to the external login directly.
-    if (externalLoginService.hasSingleSignin()) {
-      return externalLoginService.getLoginUrl(externalLoginService.EXTERNAL_LOGINS[0]);
+  externalLoginService.getSingleSigninUrl = function(callback) {
+    if (!externalLoginService.hasSingleSignin()) {
+      callback(null);
+      return;
    }

-    return null;
+    // If there is a single external login service and direct login is disabled,
+    // then redirect to the external login directly.
+    externalLoginService.getLoginUrl(externalLoginService.EXTERNAL_LOGINS[0], 'login', callback);
  };

  return externalLoginService;