[ARVADOS] updated: 2a60d5cd2f235465c94fbd1c20bc0b66d559cc6f
git at public.curoverse.com
git at public.curoverse.com
Tue Jun 17 15:36:41 EDT 2014
Summary of changes:
.../app/controllers/application_controller.rb | 21 +++-
.../controllers/pipeline_instances_controller.rb | 111 +++++++++++----------
.../app/views/application/_content.html.erb | 4 +-
services/api/config/application.default.yml | 13 +++
.../keep/src/arvados.org/keepproxy/keepproxy.go | 6 +-
5 files changed, 95 insertions(+), 60 deletions(-)
via 2a60d5cd2f235465c94fbd1c20bc0b66d559cc6f (commit)
via 3c8c2ab8f2385ebb5f7f37080b172ea9b9b63d2b (commit)
via 3b72eb3537eaaf360fdc85d6029c38935bbba5fc (commit)
via ae8829d306b3fc459e2d5f2cae4cef2e69c60eb7 (commit)
via 0f3598cc0f5a6380c50e4616352a8acfd38182b4 (commit)
via c164cb15f8435817784a71c45fbd7e6c6690d3cd (commit)
via 9878a4d9e0b535a13a323dfb8776866b542ece1a (commit)
from fcb385a7ac13e5e5f3a5c0e3b4435bdcfca64295 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 2a60d5cd2f235465c94fbd1c20bc0b66d559cc6f
Author: radhika <radhika at curoverse.com>
Date: Tue Jun 17 15:34:55 2014 -0400
2659: when using anonymous user token, do not use session.
diff --git a/apps/workbench/app/controllers/application_controller.rb b/apps/workbench/app/controllers/application_controller.rb
index 3d706ad..f3d64c8 100644
--- a/apps/workbench/app/controllers/application_controller.rb
+++ b/apps/workbench/app/controllers/application_controller.rb
@@ -355,7 +355,8 @@ class ApplicationController < ActionController::Base
try_redirect_to_login = true
using_anonymous_user_token = false
- if !params[:api_token] && !session[:arvados_api_token]
+ if !params[:api_token] && !session[:arvados_api_token] &&
+ !Thread.current[:anonymous_api_token]
if session && (session['arv-referrer'] == 'logout')
# do not use anonymous user token and let logout happen
else
@@ -373,6 +374,7 @@ class ApplicationController < ActionController::Base
# Before copying the token into session[], do a simple API
# call to verify its authenticity.
if verify_api_token
+ if !anonymous_user_token
session[:arvados_api_token] = params[:api_token]
u = User.current
session[:user] = {
@@ -393,21 +395,32 @@ class ApplicationController < ActionController::Base
else
yield
end
+ else # using anonymous token
+ Thread.current[:user] = User.current
+ Thread.current[:anonymous_api_token] = params[:api_token]
+ redirect_to request.fullpath.sub(%r{([&\?]api_token=)[^&\?]*}, '')
+ end
else
if using_anonymous_user_token
- # bypass the invalid anonlymous user token, instead of showing error message.
+ # bypass the invalid anonymous user token to prevent infinite looping
try_redirect_to_login = true
+ Thread.current[:anonymous_api_token] = nil
else
@errors = ['Invalid API token']
self.render_error status: 401
end
end
- elsif session[:arvados_api_token]
+ elsif session[:arvados_api_token] || Thread.current[:anonymous_api_token]
# In this case, the token must have already verified at some
# point, but it might have been revoked since. We'll try
# using it, and catch the exception if it doesn't work.
try_redirect_to_login = false
- Thread.current[:arvados_api_token] = session[:arvados_api_token]
+ if session[:arvados_api_token]
+ Thread.current[:arvados_api_token] = session[:arvados_api_token]
+ elsif Thread.current[:anonymous_api_token]
+ Thread.current[:arvados_api_token] = Thread.current[:anonymous_api_token]
+ Thread.current[:anonymous_api_token] = nil
+ end
begin
yield
rescue ArvadosApiClient::NotLoggedInException
commit 3c8c2ab8f2385ebb5f7f37080b172ea9b9b63d2b
Merge: 0f3598c 3b72eb3
Author: radhika <radhika at curoverse.com>
Date: Tue Jun 17 14:00:26 2014 -0400
Merge branch 'master' into 2659-anonymous-group
commit 0f3598cc0f5a6380c50e4616352a8acfd38182b4
Merge: fcb385a c164cb1
Author: radhika <radhika at curoverse.com>
Date: Tue Jun 17 11:59:23 2014 -0400
Merge branch 'master' into 2659-anonymous-group
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list