[ARVADOS] updated: f9578ab5cacc544dc1a5c3fa0fbea5fd627efdf9

git at public.curoverse.com git at public.curoverse.com
Sun Apr 13 16:12:29 EDT 2014 

Summary of changes:
 .../test/functional/users_controller_test.rb       |    3 +--
 .../api/app/controllers/application_controller.rb  |    3 +++
 .../functional/arvados/v1/users_controller_test.rb |    6 ++++++
 3 files changed, 10 insertions(+), 2 deletions(-)

       via  f9578ab5cacc544dc1a5c3fa0fbea5fd627efdf9 (commit)
      from  9f3211fd8de463cb68febb4e3333721e026605b8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit f9578ab5cacc544dc1a5c3fa0fbea5fd627efdf9
Author: Tom Clegg <tom at curoverse.com>
Date:   Sun Apr 13 15:38:00 2014 -0400

    Fix exception when valid token points to missing user

diff --git a/apps/workbench/test/functional/users_controller_test.rb b/apps/workbench/test/functional/users_controller_test.rb
index ae395ae..aadee36 100644
--- a/apps/workbench/test/functional/users_controller_test.rb
+++ b/apps/workbench/test/functional/users_controller_test.rb
@@ -1,8 +1,7 @@
 require 'test_helper'
 
 class UsersControllerTest < ActionController::TestCase
-  test "valid token for deleted user ignored instead of crashing" do
-    skip
+  test "ignore previously valid token (for deleted user), don't crash" do
     get :welcome, {}, session_for(:valid_token_deleted_user)
     assert_response :success
     assert_nil assigns(:my_jobs)
diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 06e1838..dffdd5d 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -340,6 +340,9 @@ class ApplicationController < ActionController::Base
           session[:api_client_authorization_id] = api_client_auth.id
           user = api_client_auth.user
           api_client = api_client_auth.api_client
+        else
+          # Token seems valid, but points to a non-existent (deleted?) user.
+          api_client_auth = nil
         end
       elsif session[:user_id]
         user = User.find(session[:user_id]) rescue nil
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index e62eff8..0a2418e 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -44,6 +44,12 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
     assert_equal true, me['is_active']
   end
 
+  test "respond 401 if given token exists but user record is missing" do
+    authorize_with :valid_token_deleted_user
+    get :current, {format: :json}
+    assert_response 401
+  end
+
   test "create new user with user as input" do
     authorize_with :admin
     post :create, user: {

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list