[ARVADOS] updated: 1.1.1-185-g1b993cd
Git user
git at public.curoverse.com
Thu Dec 7 16:11:17 EST 2017
Summary of changes:
.../api/app/models/api_client_authorization.rb | 22 +++++++++++++---------
services/api/config/application.default.yml | 7 ++++---
services/api/test/integration/remote_user_test.rb | 18 ++++++++++++++++++
3 files changed, 35 insertions(+), 12 deletions(-)
via 1b993cdda270016bcf82fcad7f2168659345aa0e (commit)
via fef69cced85fd6512d352791d9123f8d8449acdc (commit)
from e5de95c8d7040a2810238e069dd18403765ce056 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 1b993cdda270016bcf82fcad7f2168659345aa0e
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Thu Dec 7 15:47:09 2017 -0500
11453: Assign username when creating mirror of remote user.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 5f81219..9a82d05 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -154,22 +154,23 @@ class ApiClientAuthorization < ArvadosModel
user = User.find_or_create_by(uuid: remote_user['uuid']) do |user|
user.is_admin = false
- end
-
- updates = {}
- [:first_name, :last_name, :email, :prefs].each do |attr|
- updates[attr] = remote_user[attr.to_s]
+ %w[first_name last_name email prefs].each do |attr|
+ user.send(attr+'=', remote_user[attr])
+ end
+ if remote_user['username'].andand.length.andand > 0
+ user.set_initial_username(requested: remote_user['username'])
+ end
end
if Rails.configuration.new_users_are_active
# Update is_active to whatever it is at the remote end
- updates[:is_active] = remote_user['is_active']
- elsif !updates[:is_active]
+ user.is_active = remote_user['is_active']
+ elsif !remote_user['is_active']
# Remote user is inactive; our mirror should be, too.
- updates[:is_active] = false
+ user.is_active = false
end
- user.update_attributes!(updates)
+ user.save!
auth = ApiClientAuthorization.find_or_create_by(uuid: uuid) do |auth|
auth.user = user
diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb
index 8af0e62..82d9ad1 100644
--- a/services/api/test/integration/remote_user_test.rb
+++ b/services/api/test/integration/remote_user_test.rb
@@ -69,6 +69,8 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
@stub_status = 200
@stub_content = {
uuid: 'zbbbb-tpzed-000000000000000',
+ email: 'foo at example.com',
+ username: 'barney',
is_admin: true,
is_active: true,
}
@@ -83,6 +85,8 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
assert_response :success
assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
assert_equal false, json_response['is_admin']
+ assert_equal 'foo at example.com', json_response['email']
+ assert_equal 'barney', json_response['username']
# revoke original token
@stub_status = 401
@@ -106,6 +110,20 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
assert_response :success
end
+ test 'authenticate with remote token, remote username conflicts with local' do
+ @stub_content[:username] = 'active'
+ get '/arvados/v1/users/current', {format: 'json'}, auth(remote: 'zbbbb')
+ assert_response :success
+ assert_equal 'active2', json_response['username']
+ end
+
+ test 'authenticate with remote token, remote username is nil' do
+ @stub_content.delete :username
+ get '/arvados/v1/users/current', {format: 'json'}, auth(remote: 'zbbbb')
+ assert_response :success
+ assert_equal 'foo', json_response['username']
+ end
+
test 'authenticate with remote token from misbhehaving remote cluster' do
get '/arvados/v1/users/current', {format: 'json'}, auth(remote: 'zbork')
assert_response 401
commit fef69cced85fd6512d352791d9123f8d8449acdc
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Thu Dec 7 15:33:22 2017 -0500
11453: "sso_insecure" config applies to remote Arvados auth, too.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 55bd317..5f81219 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -133,6 +133,9 @@ class ApiClientAuthorization < ArvadosModel
# [re]validate it.
begin
clnt = HTTPClient.new
+ if Rails.configuration.sso_insecure
+ clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ end
remote_user = SafeJSON.load(
clnt.get_content('https://' + host + '/arvados/v1/users/current',
{'remote' => Rails.configuration.uuid_prefix},
diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index 1bb45b9..a1c35f1 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -410,9 +410,10 @@ common:
arvados_theme: default
- # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the Single Sign
- # On (sso) server. Should only be enabled during development when the SSO
- # server is using a self-signed cert.
+ # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the
+ # Single Sign On (sso) server and remote Arvados sites. Should only
+ # be enabled during development when the SSO server is using a
+ # self-signed cert.
sso_insecure: false
## Set Time.zone default to the specified zone and make Active
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list