[ARVADOS] created: 1.1.4-178-g3167926

Git user git at public.curoverse.com
Sun Apr 29 01:11:11 EDT 2018 

        at  3167926a35521efb58550ef0e26fb8c9e3a8450b (commit)


commit 3167926a35521efb58550ef0e26fb8c9e3a8450b
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Fri Apr 27 16:45:28 2018 -0400

    13111: Disable siteFS routes for anonymous requests.
    
    This enables dav clients to use HTTP authentication even when
    anonymous tokens are configured.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/services/keep-web/cadaver_test.go b/services/keep-web/cadaver_test.go
index db5d373..3814a45 100644
--- a/services/keep-web/cadaver_test.go
+++ b/services/keep-web/cadaver_test.go
@@ -53,6 +53,8 @@ func (s *IntegrationSuite) TestCadaverUserProject(c *check.C) {
 }
 
 func (s *IntegrationSuite) testCadaver(c *check.C, password string, pathFunc func(arvados.Collection) (string, string, string), skip func(string) bool) {
+	s.testServer.Config.AnonymousTokens = []string{arvadostest.AnonymousToken}
+
 	testdata := []byte("the human tragedy consists in the necessity of living with the consequences of actions performed under the pressure of compulsions we do not understand")
 
 	tempdir, err := ioutil.TempDir("", "keep-web-test-")
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 8b61b54..1ecf446 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -314,6 +314,14 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if useSiteFS {
+		if tokens == nil {
+			tokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
+		}
+		h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
+		return
+	}
+
 	targetPath := pathParts[stripParts:]
 	if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") {
 		// http://ID.example/t=TOKEN/PATH...
@@ -335,11 +343,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		tokens = append(reqTokens, h.Config.AnonymousTokens...)
 	}
 
-	if useSiteFS {
-		h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
-		return
-	}
-
 	if len(targetPath) > 0 && targetPath[0] == "_" {
 		// If a collection has a directory called "t=foo" or
 		// "_", it can be served at

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list