Fix some additional issues with bearer-token login/logout flow and ad…

…d some logging statements so that users are aware that bearer tokens are being used.
informatics-isi-edu · Jul 21, 2023 · cc79d9f · cc79d9f
1 parent a29a16a
commit cc79d9f
Showing 3 changed files with 24 additions and 14 deletions.
diff --git a/deriva/qt/auth_agent/ui/auth_widget.py b/deriva/qt/auth_agent/ui/auth_widget.py
@@ -109,17 +109,20 @@ def set_current_html(self, html):
         self.update()
         qApp.processEvents()
 
-    def authenticated(self):
-        if self.authn_session is None:
+    def authenticated(self, get_session=True):
+        if self.authn_session is None and get_session:
             credentials = get_credential(self.config["host"])
             if credentials and 'bearer-token' in credentials:
-                self._session.headers.update(
-                    {'Authorization': 'Bearer {token}'.format(token=credentials['bearer-token'])})
-                r = self._session.get(self.auth_url.toString() + "/authn/session")
-                if r.status_code == 200:
-                    self._onSessionContent(r.json())
-                    self.token = self._session.headers["Authorization"]
-                    return True
+                if not self.token:
+                    logging.info("Authenticating to [%s] using externally issued bearer token." %
+                                 self.auth_url.toString())
+                    self._session.headers.update(
+                        {'Authorization': 'Bearer {token}'.format(token=credentials['bearer-token'])})
+                    r = self._session.get(self.auth_url.toString() + "/authn/session")
+                    if r.status_code == 200:
+                        self._onSessionContent(r.json())
+                        self.token = self._session.headers["Authorization"]
+                        return True
             return False
 
         now = time.time()
@@ -134,7 +137,7 @@ def login(self):
         if not (self.auth_url and (self.auth_url.host() and self.auth_url.scheme())):
             logging.error("Missing or invalid hostname parameter in configuration.")
             return
-        logging.info("Authenticating with host: %s" % self.auth_url.toString())
+        logging.info("Authenticating to host: %s" % self.auth_url.toString())
         qApp.setOverrideCursor(Qt.WaitCursor)
         self._cleanup()
         self.authn_session_page = QWebEnginePage(self.private_profile, self.parent) \
@@ -156,9 +159,14 @@ def login(self):
     def logout(self, delete_cookies=False):
         if not (self.auth_url and (self.auth_url.host() and self.auth_url.scheme())):
             return
-        if self.authenticated():
+        if self.authenticated(False):
             try:
                 logging.info("Logging out of host: %s" % self.auth_url.toString())
+                auth_header = self._session.headers.get("Authorization")
+                if auth_header and (auth_header.startswith("Bearer ") or auth_header.startswith("bearer ")):
+                    logging.info("An externally created bearer token was used to login to: %s. The logout process will "
+                                 "invalidate your current session but will not automatically revoke this token." %
+                                 self.auth_url.toString())
                 if delete_cookies and self.cookie_persistence:
                     if self.authn_session_page:
                         self.authn_session_page.profile().cookieStore().deleteAllCookies()

diff --git a/deriva/qt/auth_agent/ui/embedded_auth_window.py b/deriva/qt/auth_agent/ui/embedded_auth_window.py
@@ -32,8 +32,8 @@ def __init__(self,
         self.cookie_persistence = cookie_persistence
         self.log_level = log_level
 
-    def authenticated(self):
-        return self.ui.authWidget.authenticated()
+    def authenticated(self, get_session=True):
+        return self.ui.authWidget.authenticated(get_session)
 
     def login(self):
         self.ui.authWidget.login()

diff --git a/deriva/qt/upload_gui/ui/upload_window.py b/deriva/qt/upload_gui/ui/upload_window.py
@@ -448,6 +448,8 @@ def on_actionLogin_triggered(self):
                 self.getNewAuthWindow()
             else:
                 return
+        if self.auth_window.authenticated():
+            return
         self.auth_window.show()
         self.auth_window.login()
 
@@ -482,7 +484,7 @@ def quitEvent(self):
         self.deleteLater()
 
     def logoutConfirmation(self):
-        if self.auth_window and (not self.auth_window.authenticated() or not self.auth_window.cookie_persistence):
+        if self.auth_window and (not self.auth_window.authenticated(False) or not self.auth_window.cookie_persistence):
             return
         msg = QMessageBox()
         msg.setIcon(QMessageBox.Warning)