Allow to login into UI with token from api/v1/auth/login

[tdowgiel]

Motivation and context

Allow to automatically log into CVAT-UI by 3rd part apps on the same cluster

How has this been tested?

1. In bash:

curl localhost:8080/api/v1/auth/login -X POST -H "Content-Type: application/json" -d '{"username": "some_name", "password": "some_password"}' -v # Get csrftoken & session id from the response

2. Make URL: http://localhost:8080/auth/login-with-token/:sessionid/:csrftoken
3. Paste it into a browser

Checklist

• I submit my changes into the develop branch
• I have added description of my changes into CHANGELOG file
• I have updated the documentation accordingly
• I have added tests to cover my changes
• I have linked related issues (read github docs)
• I have increased versions of npm packages if it is necessary (cvat-canvas,
  cvat-core, cvat-data and cvat-ui)

License

• I submit my code changes under the same MIT License that covers the project.
  Feel free to contact the maintainers if that's a concern.
• I have updated the license header for each file (see an example below)

# Copyright (C) 2020 Intel Corporation
#
# SPDX-License-Identifier: MIT

[coveralls]

Coverage remained the same at 65.32% when pulling 24ceb3d on tdowgiel:login-ui-with-token into 678f5b9 on openvinotoolkit:develop.

[bsekachev]

Hi, @tdowgiel
Is this PR ready? Can we review it?

[tdowgiel]

Thanks for asking, I’m in middle of testing it. Probably it won’t change a lot. I will give you sign when it will be fully tested.

[bsekachev]

@tdowgiel

Okay, nevertheless, let me comment some code-style issues and ideas about this PR.

[bsekachev]

Also could you please increase minor version of cvat-ui (npm version minor in cvat/cvat-ui). You've checked this item in the PR description, but I don't see it is done

[bsekachev]

I suppose redirect after reload is useless. Moreover it should be wrapped into return ();
Maybe something like window.location = window.location.origin; would be more suitable

[tdowgiel]

For some reason. I need to reload window to apply this changes. However, i have fixed issue with endless reloading when wrong token, by moving this to useEffect

[bsekachev]

Hi, @tdowgiel, I hope you are doing well.

I tried this PR and it doesn't seem to be a working solution.
Maybe I did something wrong, but in this case could you please provide steps to test it? (I just copied sessionid and token from active session, made URL, pasted it, and browser infinitely reloads the page).

Also POST request to http://localhost:8080/api/v1/auth/login with credentials returns json with key field, which is actually used to authorization via cvat-core and stored in the local storage, but I do not see it is used somehow in this patch.

[tdowgiel]

Hi, @tdowgiel, I hope you are doing well.

I tried this PR and it doesn't seem to be a working solution.
Maybe I did something wrong, but in this case could you please provide steps to test it? (I just copied sessionid and token from active session, made URL, pasted it, and browser infinitely reloads the page).

Also POST request to http://localhost:8080/api/v1/auth/login with credentials returns json with key field, which is actually used to authorization via cvat-core and stored in the local storage, but I do not see it is used somehow in this patch.

I have tested it in many ways. Response used in cvat-core is not only returning key but also setting cookie because of headers. Please look on example response and set-cookie header:

Date: Fri, 09 Oct 2020 13:35:16 GMT
Server: WSGIServer/0.2 CPython/3.8.3
Content-Type: application/json
Vary: Accept, Cookie, Origin
Allow: POST, OPTIONS
X-Frame-Options: DENY
Content-Length: 50
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=bAd9852nQZipwTvFnuELs29mdwowc3BGjuCsjpMfLrWT3txGVtaDp4jIboMBU1cq; expires=Fri, 08 Oct 2021 13:35:16 GMT; Max-Age=31449600; Path=/; SameSite=Lax sessionid=i8xqtviqysnfbi9n63rmhici3rb1nfo7; expires=Fri, 23 Oct 2020 13:35:16 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax

This is scenario:
I have access to the server with cvat. I want to integrate CVAT with my other webapp. And i want to share users between my app and cvat. Also core goal is to have user already logged in when he decide to use cvat.

1. Create django user on CLI
2. My backend send python request to cvat server to login django user
3. CVAT django server returns key, but also mentioned before 'Set Cookie' params.
4. User autologs in to CVAT thanks to /login-with-token/ parameters

[bsekachev]

Please, add return type for the function JSX.Element

[bsekachev]

Please, use absolute import: components/login-with-token/login-with-token, or put the line after all absolute (linter says that relative import should occur after absolute)

[bsekachev]

That's amazing, thanks for your patience and for the contribution!