Use cookie authentication against the API, drop the token renewal

[skateman]

If the API allows cookie authentication, there is no need for the API token requesting and renewal processes. After a successfull login the API requests should be implicitly authorized until the cookie is available. This allows us to delete a few hundred lines of JS code. However, we have to add a new header for those API requests to distinguish them from regular requests if the session expires. This way we can prevent displaying a HTTP basic auth dialog if the cookie times out.

@miq-bot assign @himdel

Depends on: ManageIQ/manageiq-api#543

[himdel]

You might also want to remove the API.logout call from app/views/layouts/login.html.haml

EDIT: done 👍

[jvlcek]

I worked with @skateman to test these changes. The testing done was with SAML via Keycloak, External Auth and SSO (kerberos) via IPA. I believe this is a good test sampling. LGTM JoeV

[skateman]

@miq-bot add_label pending core, hammer/no
@miq-bot add_reviewer @martinpovolny
@miq-bot add_reviewer @mzazrivec

[skateman]

I'm moving the decision about the origin verification from the API PR to here. @martinpovolny the API verifies the Origin header if it is set, the question is: should we append this header to every API request or just let the browser decide about it based on the request method?

[Fryguy]

api and appliance PRs merged

[skateman]

@himdel I added back the window.localStorage.userFeatures code in a hacky way so we won't forget about it. I will do a refactoring of this and the WS token retrieval in a followup PR.

[skateman]

@miq-bot rm_label pending core

[himdel]

There... is a slight chance this may be exposing an API bug...

I'm getting

URL http://localhost:3000/api/notifications?expand=resources&attributes=details&sort_by=id&sort_order=desc&limit=100

Status 500 Internal Server Error

Content-Type application/json; charset=utf-8

Data {"error":{"kind":"internal_server_error","message":"Circular dependency detected while autoloading constant ContainerProject","klass":"RuntimeError"}}

right after logging in when testing the PR.

(api.log)

EDIT: added a note to ManageIQ/manageiq-api#544

[skateman]

@himdel this bug was already present even before this PR and @Hyperkid123 suffered because of that.

[miq-bot]

Checked commits skateman/manageiq-ui-classic@8def1c0~...f161abd with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
2 files checked, 0 offenses detected
Everything looks fine. 🍰

[himdel]

Looks like the login fails sensibly (on failure), and also works (on success) :), merged.

[himdel]

If we ever backport this, need to add #5203 so that the API always gets the cookie :).

EDIT: and #6065 + #6325