yasithdev opened a new pull request, #179:
URL: https://github.com/apache/airavata-portals/pull/179

   ## Summary
   The browser session login authenticated against Keycloak fine but then 
**hung**: `login(request, user)` → `user_logged_in` → 
`signals.initialize_user_profile` made a Thrift 
`user_profile_client_pool.doesUserExist` call, and `gateway_groups_middleware` 
made Thrift `getGatewayGroups` + `group_manager` calls — both time out because 
the legacy Thrift server read-times-out.
   
   - **`signals.initialize_user_profile`** → 
`request.airavata.iam.does_user_exist`; drop the Thrift `initializeUserProfile` 
(the gRPC backend provisions the profile server-side; admins are still emailed 
for new complete profiles). Wrapped so a failure never blocks login.
   - **`middleware.set_admin_group_attributes` / `gateway_groups_middleware`** 
→ `request.airavata.compute.get_gateway_groups()` (admins/read-only group ids) 
and `request.airavata.sharing.gm_get_all_groups_user_belongs()` instead of the 
Thrift client + `profile_service`.
   - **`KeycloakTokenAuthentication`**: when there is no `Bearer` header, fall 
back to the session-stored `ACCESS_TOKEN`, so the existing browser session 
authenticates against the token-only API without a frontend change (**interim** 
until the frontend sends the token as a Bearer header and the session login is 
removed).
   
   ## Test plan
   Verified end-to-end with a cookie-jar flow:
   - Login POST → **302 to the dashboard in ~0.08s** (was hanging on Thrift 
timeout).
   - A subsequent `/api/projects/` call carrying **only the session cookie** → 
**200** via the session-token bridge.
   
   This unblocks browser end-to-end testing of the migrated UI.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to