Merge pull request galaxyproject#21234 from nuwang/combine_psa_keycloak

Reimplement keycloak/cilogon as PSA providers and remove custos

Author: ahmedhamidawan

client/src/components/Login/LoginForm.test.ts

@@ -45,7 +45,7 @@ describe("LoginForm", () => {
         axiosMock = new MockAdapter(axios);
         server.use(
             http.get("/api/configuration", ({ response }) => {
-                return response.untyped(HttpResponse.json({ oidc: { cilogon: false, custos: false } }));
+                return response.untyped(HttpResponse.json({ oidc: { cilogon: false } }));
             }),
         );
     });

client/src/components/Register/RegisterForm.vue

@@ -32,7 +32,7 @@ interface Props {
     enableOidc?: boolean;
     mailingJoinAddr?: string;
     oidcIdps?: OIDCConfig;
-    preferCustosLogin?: boolean;
+    preferOidcLogin?: boolean;
     redirect?: string;
     registrationWarningMessage?: string;
     serverMailConfigured?: boolean;
@@ -58,8 +58,8 @@ const labelSubscribe = ref(localize("Stay in the loop and join the galaxy-announ
 
 const idpsWithRegistration = computed(() => (props.oidcIdps ? getOIDCIdpsWithRegistration(props.oidcIdps) : {}));
 
-const custosPreferred = computed(() => {
-    return props.enableOidc && props.preferCustosLogin;
+const oidcPreferred = computed(() => {
+    return props.enableOidc && props.preferOidcLogin;
 });
 
 /** This decides if all register options should be displayed in column style
@@ -107,30 +107,30 @@ async function submit() {
 
                 <BForm id="registration" @submit.prevent="submit()">
                     <BCard no-body>
-                        <!-- OIDC and Custos enabled and prioritized: encourage users to use it instead of local registration -->
-                        <span v-if="custosPreferred">
+                        <!-- OIDC enabled and prioritized: encourage users to use it instead of local registration -->
+                        <span v-if="oidcPreferred">
                             <BCardHeader v-b-toggle.accordion-oidc role="button">
                                 Register using institutional account
                             </BCardHeader>
 
                             <BCollapse id="accordion-oidc" visible role="tabpanel" accordion="registration_acc">
                                 <BCardBody>
                                     Create a Galaxy account using an institutional account (e.g.:Google/JHU). This will
-                                    redirect you to your institutional login through Custos.
+                                    redirect you to your institutional login through OIDC.
                                     <ExternalLogin class="mt-2" />
                                 </BCardBody>
                             </BCollapse>
                         </span>
 
                         <!-- Local Galaxy Registration -->
-                        <BCardHeader v-if="!custosPreferred" v-localize>Create a Galaxy account</BCardHeader>
+                        <BCardHeader v-if="!oidcPreferred" v-localize>Create a Galaxy account</BCardHeader>
                         <BCardHeader v-else v-localize v-b-toggle.accordion-register role="button">
                             Or, register with email
                         </BCardHeader>
 
                         <BCollapse
                             id="accordion-register"
-                            :visible="!custosPreferred"
+                            :visible="!oidcPreferred"
                             role="tabpanel"
                             accordion="registration_acc">
                             <BCardBody :class="{ 'd-flex w-100': !registerColumnDisplay }">

client/src/components/User/ExternalIdentities/ExternalIDHelper.ts

@@ -26,7 +26,7 @@ export type OIDCConfigWithRegistration = Record<
 
 /** Return the per-IDP config, minus anything the caller wants to hide. */
 export function getFilteredOIDCIdps(oidcConfig: OIDCConfig, exclude: string[] = []): OIDCConfig {
-    const blacklist = new Set(["cilogon", "custos", ...exclude]);
+    const blacklist = new Set(["cilogon", ...exclude]);
     const filtered: OIDCConfig = {};
     Object.entries(oidcConfig).forEach(([idp, cfg]) => {
         if (!blacklist.has(idp)) {
@@ -51,11 +51,11 @@ export function getOIDCIdpsWithRegistration(oidcConfig: OIDCConfig): OIDCConfigW
 
 /** Do we need to show the institution picker at all? */
 export const getNeedShowCilogonInstitutionList = (cfg: OIDCConfig): boolean => {
-    return Boolean(cfg.cilogon || cfg.custos);
+    return Boolean(cfg.cilogon);
 };
 
 /**
- * Generic OIDC login (all providers *except* CILogon/Custos).
+ * Generic OIDC login (all providers *except* CILogon).
  * Returns the redirect URI Galaxy gives back, or throws.
  */
 export async function submitOIDCLogon(idp: string, redirectParam: string | null = null): Promise<string | null> {
@@ -73,13 +73,12 @@ export async function submitOIDCLogon(idp: string, redirectParam: string | null
 }
 
 /**
- * CILogon/Custos login.
- * @param idp        "cilogon" | "custos"
+ * CILogon login.
  * @param useIDPHint If true, append ?idphint=
  * @param idpHint    The entityID to hint with (ignored when useIDPHint = false)
  */
-export async function submitCILogon(idp: string, useIDPHint = false, idpHint?: string): Promise<string | null> {
-    let url = withPrefix(`/authnz/${idp}/login/`);
+export async function submitCILogon(useIDPHint = false, idpHint?: string): Promise<string | null> {
+    let url = withPrefix("/authnz/cilogon/login/");
     if (useIDPHint && idpHint) {
         url += `?idphint=${encodeURIComponent(idpHint)}`;
     }
@@ -108,8 +107,8 @@ export async function redirectToSingleProvider(config: OIDCConfig): Promise<stri
         throw new Error("OIDC provider key is undefined.");
     }
 
-    if (idp === "cilogon" || idp === "custos") {
-        const redirectUri = await submitCILogon(idp, false);
+    if (idp === "cilogon") {
+        const redirectUri = await submitCILogon(false);
         return redirectUri;
     } else {
         const redirectUri = await submitOIDCLogon(idp, "");

client/src/components/User/ExternalIdentities/ExternalIdentities.vue

@@ -121,7 +121,6 @@ export default {
             doomedItem: null,
             errorMessage: null,
             enable_oidc: galaxy.config.enable_oidc,
-            cilogonOrCustos: null,
             userEmail: galaxy.user.get("email"),
         };
     },

client/src/components/User/ExternalIdentities/ExternalLogin.vue

@@ -17,7 +17,6 @@ import { errorMessageAsString } from "@/utils/simple-error";
 import { capitalizeFirstLetter } from "@/utils/strings";
 
 import GButton from "@/components/BaseComponents/GButton.vue";
-import GButtonGroup from "@/components/BaseComponents/GButtonGroup.vue";
 import VerticalSeparator from "@/components/Common/VerticalSeparator.vue";
 import LoadingSpan from "@/components/LoadingSpan.vue";
 
@@ -50,34 +49,22 @@ const messageVariant = ref<string | null>(null);
 const cILogonIdps = ref<Idp[]>([]);
 const selected = ref<Idp | null>(null);
 const rememberIdp = ref(false);
-const cilogonOrCustos = ref<"cilogon" | "custos" | null>(null);
-const toggleCilogon = ref(false);
 
 const oIDCIdps = computed<OIDCConfig>(() => (isConfigLoaded.value ? config.value.oidc : {}));
 
 const filteredOIDCIdps = computed(() => getFilteredOIDCIdps(oIDCIdps.value, props.excludeIdps));
 
-const cilogonListShow = computed(() => getNeedShowCilogonInstitutionList(oIDCIdps.value));
-
-const cILogonEnabled = computed(() => oIDCIdps.value.cilogon);
-const custosEnabled = computed(() => oIDCIdps.value.custos);
+const cILogonConfigured = computed(() => getNeedShowCilogonInstitutionList(oIDCIdps.value));
 
 onMounted(async () => {
     rememberIdp.value = getIdpPreference() !== null;
 
-    // Only fetch CILogonIDPs if custos/cilogon configured
-    if (cilogonListShow.value) {
+    // Only fetch CILogonIDPs if cilogon configured
+    if (cILogonConfigured.value) {
         await getCILogonIdps();
     }
 });
 
-function toggleCILogon(idp: "cilogon" | "custos") {
-    if (cilogonOrCustos.value === idp || cilogonOrCustos.value === null) {
-        toggleCilogon.value = !toggleCilogon.value;
-    }
-    cilogonOrCustos.value = toggleCilogon.value ? idp : null;
-}
-
 async function clickOIDCLogin(idp: string) {
     if (loading.value) {
         return;
@@ -99,15 +86,15 @@ async function clickOIDCLogin(idp: string) {
     }
 }
 
-async function clickCILogin(idp: string | null) {
+async function clickCILogonLogin() {
     if (loading.value) {
         return;
     }
     if (props.loginPage) {
         setIdpPreference();
     }
 
-    if (!selected.value || !idp) {
+    if (!selected.value) {
         messageVariant.value = "danger";
         messageText.value = "Please select an institution.";
         return;
@@ -116,9 +103,9 @@ async function clickCILogin(idp: string | null) {
     loading.value = true;
 
     try {
-        const redirectUri = await submitCILogon(idp, true, selected.value.EntityID);
+        const redirectUri = await submitCILogon(true, selected.value.EntityID);
 
-        localStorage.setItem("galaxy-provider", idp);
+        localStorage.setItem("galaxy-provider", "cilogon");
 
         if (redirectUri) {
             window.location.href = redirectUri;
@@ -183,11 +170,9 @@ function getIdpPreference() {
         </BAlert>
 
         <div :class="{ 'd-flex h-100': !props.columnDisplay }">
-            <!-- OIDC login-->
-            <BForm v-if="cilogonListShow" id="externalLogin" class="cilogon">
-                <div v-if="props.loginPage">
-                    <!--Only Display if CILogon/Custos is configured-->
-                    <BFormGroup label="Use existing institutional login">
+            <BForm v-if="cILogonConfigured" id="externalLogin" class="cilogon">
+                <div>
+                    <BFormGroup :label="`Use ${props.loginPage ? `existing` : ``} institutional login`">
                         <Multiselect
                             v-model="selected"
                             placeholder="Select your institution"
@@ -205,72 +190,23 @@ function getIdpPreference() {
                         </BFormCheckbox>
                     </BFormGroup>
 
-                    <GButton
-                        v-if="cILogonEnabled"
-                        :disabled="loading || selected === null"
-                        @click="clickCILogin('cilogon')">
+                    <GButton :disabled="loading || selected === null" @click="clickCILogonLogin">
                         <LoadingSpan v-if="loading" message="Signing In" />
                         <span v-else>Sign in with Institutional Credentials*</span>
                     </GButton>
-                    <!--convert to v-else-if to allow only one or the other. if both enabled, put the one that should be default first-->
-                    <GButton
-                        v-if="Object.prototype.hasOwnProperty.call(oIDCIdps, 'custos')"
-                        :disabled="loading || selected === null"
-                        @click="clickCILogin('custos')">
-                        <LoadingSpan v-if="loading" message="Signing In" />
-                        <span v-else>Sign in with Custos*</span>
-                    </GButton>
-                </div>
-
-                <div v-else>
-                    <GButtonGroup class="w-100">
-                        <GButton
-                            v-if="cILogonEnabled"
-                            :pressed="cilogonOrCustos === 'cilogon'"
-                            @click="toggleCILogon('cilogon')">
-                            Sign in with Institutional Credentials*
-                        </GButton>
-
-                        <GButton
-                            v-if="custosEnabled"
-                            :pressed="cilogonOrCustos === 'custos'"
-                            @click="toggleCILogon('custos')">
-                            Sign in with Custos*
-                        </GButton>
-                    </GButtonGroup>
-
-                    <BFormGroup v-if="toggleCilogon" class="mt-1">
-                        <Multiselect
-                            v-model="selected"
-                            placeholder="Select your institution"
-                            :options="cILogonIdps"
-                            label="DisplayName"
-                            select-label=""
-                            deselect-label=""
-                            :allow-empty="false"
-                            track-by="EntityID" />
-
-                        <GButton
-                            v-if="toggleCilogon"
-                            class="mt-1"
-                            :disabled="loading || selected === null"
-                            @click="clickCILogin(cilogonOrCustos)">
-                            Login via {{ cilogonOrCustos === "cilogon" ? "CILogon" : "Custos" }} *
-                        </GButton>
-                    </BFormGroup>
                 </div>
 
                 <p class="mt-3">
                     <small class="text-muted">
-                        * Galaxy uses CILogon via Custos to enable you to log in from this organization. By clicking
-                        'Sign In', you agree to the
+                        * Galaxy uses CILogon to enable you to log in from this organization. By clicking 'Sign In', you
+                        agree to the
                         <a href="https://ca.cilogon.org/policy/privacy">CILogon</a> privacy policy and you agree to
-                        share your username, email address, and affiliation with CILogon, Custos, and Galaxy.
+                        share your username, email address, and affiliation with CILogon and Galaxy.
                     </small>
                 </p>
             </BForm>
 
-            <template v-if="cilogonListShow && Object.keys(filteredOIDCIdps).length > 0">
+            <template v-if="cILogonConfigured && Object.keys(filteredOIDCIdps).length > 0">
                 <VerticalSeparator v-if="!props.columnDisplay">
                     <span v-localize>or</span>
                 </VerticalSeparator>

client/src/components/User/ExternalIdentities/service.js

@@ -7,7 +7,7 @@ const getUrl = (path) => getAppRoot() + path;
 export async function disconnectIdentity(doomed) {
     if (doomed) {
         let url;
-        if (doomed.provider === "custos" || doomed.provider === "cilogon") {
+        if (doomed.provider === "cilogon") {
             url = getUrl(`authnz/${doomed.provider}/disconnect/${doomed.email}`);
         } else {
             url = getUrl(`authnz/${doomed.provider}/disconnect/`);

client/src/entry/analysis/modules/Login.test.ts

@@ -21,7 +21,7 @@ beforeEach(() => {
         allow_local_account_creation: true,
         enable_oidc: true,
         mailing_join_addr: "mailing_join_addr",
-        prefer_custos_login: true,
+        prefer_oidc_login: true,
         registration_warning_message: "registration_warning_message",
         server_mail_configured: true,
         show_welcome_with_login: true,

client/src/entry/analysis/modules/Register.test.ts

@@ -21,7 +21,7 @@ beforeEach(() => {
         allow_local_account_creation: true,
         enable_oidc: true,
         mailing_join_addr: "mailing_join_addr",
-        prefer_custos_login: true,
+        prefer_oidc_login: true,
         registration_warning_message: "registration_warning_message",
         server_mail_configured: true,
         show_welcome_with_login: true,
@@ -59,7 +59,7 @@ describe("Register", () => {
         expect(props.sessionCsrfToken).toBe("session_csrf_token");
         expect(props.enableOidc).toBe(true);
         expect(props.mailingJoinAddr).toBe("mailing_join_addr");
-        expect(props.preferCustosLogin).toBe(true);
+        expect(props.preferOidcLogin).toBe(true);
         expect(props.serverMailConfigured).toBe(true);
         expect(props.registrationWarningMessage).toBe("registration_warning_message");
         expect(props.termsUrl).toBe("terms_url");

client/src/entry/analysis/modules/Register.vue

@@ -21,7 +21,7 @@ const sessionCsrfToken = computed(() => {
             :enable-oidc="config.enable_oidc"
             :mailing-join-addr="config.mailing_join_addr"
             :oidc-idps="config.oidc"
-            :prefer-custos-login="config.prefer_custos_login"
+            :prefer-oidc-login="config.prefer_oidc_login"
             :registration-warning-message="config.registration_warning_message"
             :server-mail-configured="config.server_mail_configured"
             :session-csrf-token="sessionCsrfToken"

doc/source/admin/galaxy_options.rst

@@ -3817,11 +3817,11 @@
 
 
 ~~~~~~~~~~~~~~~~~~~~~~~
-``prefer_custos_login``
+``prefer_oidc_login``
 ~~~~~~~~~~~~~~~~~~~~~~~
 
 :Description:
-    Controls the order of the login page to prefer Custos-based login
+    Controls the order of the login page to prefer OIDC-based login
     and registration.
 :Default: ``false``
 :Type: bool