yasithdev opened a new pull request, #179: URL: https://github.com/apache/airavata-portals/pull/179
## Summary The browser session login authenticated against Keycloak fine but then **hung**: `login(request, user)` → `user_logged_in` → `signals.initialize_user_profile` made a Thrift `user_profile_client_pool.doesUserExist` call, and `gateway_groups_middleware` made Thrift `getGatewayGroups` + `group_manager` calls — both time out because the legacy Thrift server read-times-out. - **`signals.initialize_user_profile`** → `request.airavata.iam.does_user_exist`; drop the Thrift `initializeUserProfile` (the gRPC backend provisions the profile server-side; admins are still emailed for new complete profiles). Wrapped so a failure never blocks login. - **`middleware.set_admin_group_attributes` / `gateway_groups_middleware`** → `request.airavata.compute.get_gateway_groups()` (admins/read-only group ids) and `request.airavata.sharing.gm_get_all_groups_user_belongs()` instead of the Thrift client + `profile_service`. - **`KeycloakTokenAuthentication`**: when there is no `Bearer` header, fall back to the session-stored `ACCESS_TOKEN`, so the existing browser session authenticates against the token-only API without a frontend change (**interim** until the frontend sends the token as a Bearer header and the session login is removed). ## Test plan Verified end-to-end with a cookie-jar flow: - Login POST → **302 to the dashboard in ~0.08s** (was hanging on Thrift timeout). - A subsequent `/api/projects/` call carrying **only the session cookie** → **200** via the session-token bridge. This unblocks browser end-to-end testing of the migrated UI. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
