Arvados » Arvados Workbench 2

Updates at arvados-workbench2|211054b9 - branch 16848-token-handling-improvements
Test run: developer-tests-workbench2: #289

• Renames "Get current token" dialog to "Get API Token".
• Synchronizes session idle timer between different browser tabs/windows.
• On app startup, and after session initialization, store a second token to be used on parts of the UI that hands out tokens to the user.
• Use the extra token on the "Get API Token" and "Open as network folder or S3 bucket" dialogs. This is to avoid giving the user tokens that may be expired by a wb2 logout action.
• Adds a "Get new token" button to the "Get API token" dialog.
• When API.TokenLifetime is set, users cannot create tokens, so:
  • Don't show token creation errors on app startup.
  • Show wb2's token when a token is needed.
  • Show a warning message when the user clicks on the "Get new token" button saying it isn't allowed.
• When Login.LoginCluster is set and it isn't wb2's home cluster, don't request the extra token and hide the "Get new token" button.

Updates at arvados-workbench2|7d797c64
Test run: developer-tests-workbench2: #291

Fixes unit test

• How hard would it be to have the "extra" token created the first time it is needed by the "Get Token" or "Open as S3 bucket" dialogs? If I am reading this right, the current approach will create an extra token every time the application loads, whether it is used or not.

• Didn't we talk about making the "Get Token" dialog box display the time the token would expire? I don't see that here.

Updates at arvados-workbench2|a51a9c10
Test run: developer-tests-workbench2: #298 (just one new flaky test failing)

• Avoid creating a new token at session init time, only when requested by the user.
• Show token expiration date on the "Get API Token" dialog when available.

Lucas Di Pentima wrote:

Updates at arvados-workbench2|a51a9c10
Test run: developer-tests-workbench2: #298 (just one new flaky test failing)

• Avoid creating a new token at session init time, only when requested by the user.
• Show token expiration date on the "Get API Token" dialog when available.

A few more comments:

When the expiration date is empty or null, it should say something like "This token does not have an expiration date" instead of rendering nothing.

In getNewExtraToken(), this seems to be missing "extraApiTokenExpiration":

dispatch(authActions.SET_EXTRA_TOKEN({ extraToken: newExtraToken }));

If you set the expiration on the token some other way (such as the command line) Workbench will not notice. I suggest that when (reuseStored && extraApiToken) it should fetch the api_client_authorization record for that token using cthe "api_client_authorization.current" endpoint (which probably needs to be added to ApiClientAuthorizationService) because that it will fail if the token is invalid. If "api_client_authorization.current" fails it can try to create a new token.

developer-tests-workbench2: #306

• Added message for non-expiring tokens on the "Get API token" dialog.
• The getNewExtraToken() function checks the cached token's validity before returning it. Also refresh its expiration date on the store just in case it changed.

Pending: I'm struggling with getNewExtraToken()'s unit testing because of the amount of previous state required and multiple API calls involved, trying to mock all that.

Update at arvados-workbench2|eb633efd
Test run: developer-tests-workbench2: #308

• Resets cached token when not valid.

Ok I apologize because this is absolutely scope creep and you can tell me to go pound sand, but: could we add button to copy only the token and not the entire block of shell code? I'm thinking the text would be something like this:

The Arvados API token is a secret key that enables the Arvados SDKs to access Arvados with the proper permissions.
For more information see Getting an API token.

Your Arvados API host is: ... [copy to clipboard button]
Your token is: v2/x2b8c-gj3su-qjoa01idfdfyczx/5kf9gdosqvvmsn8jthhrbq2ws5sx1ogvwtruo1oid6p0i1tfos [copy to clipboard button]
This token expires at ... / This token does not have an expiration date

[Generate new Token]

Paste the following lines at a shell prompt to set up the necessary environment for Arvados SDKs to authenticate to your account.

HISTIGNORE=$HISTIGNORE:'export ARVADOS_API_TOKEN=*'
export ARVADOS_API_TOKEN=v2/x2b8c-gj3su-qjoa01idfdfyczx/5kf9gdosqvvmsn8jthhrbq2ws5sx1ogvwtruo1oid6p0i1tfos
export ARVADOS_API_HOST=172.17.0.2:8000
unset ARVADOS_API_HOST_INSECURE

[Copy to clipboard]

Updates at arvados-workbench2|21cb7a9d
Test run: developer-tests-workbench2: #313

• Applies suggested updates from the above comments on the 'Get API token' dialog.

Updates at arvados-workbench2|e84e9949
Test run: developer-tests-workbench2: #316

• Adds unit test for getNewExtraToken()

Lucas Di Pentima wrote:

Updates at arvados-workbench2|e84e9949
Test run: developer-tests-workbench2: #316

• Adds unit test for getNewExtraToken()

Just one more suggestion, maybe use <DetailsAttribute> and label them "API Host", "API Token" and "Token Expiration"?

Rest LGTM.

Updates at: arvados-workbench2|835fca71

Changed data display layout to use <DetailsAttribute /> as suggested. Reduced the shell code block's font size a little so it doesn't show an horizontal scrollbar.

Will merge to master.

Unit tests failing because of the use of DetailsAttribute component that requires a mocked store.

Fix at arvados-workbench2|4c2c72d6 - branch 16848-unit-tests-fixes
Test run: developer-tests-workbench2: #332