[ARVADOS] created: 1.2.0-457-g2909f39ea

Git user git at public.curoverse.com
Thu Nov 29 11:28:21 EST 2018 

        at  2909f39ea214bc5b06ceeeb8d367db37a97e2197 (commit)


commit 2909f39ea214bc5b06ceeeb8d367db37a97e2197
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date:   Thu Nov 29 11:06:54 2018 -0300

    14551: Uses v2 token to log in as a user.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>

diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb
index 8cfc2c10f..c954944e0 100644
--- a/apps/workbench/app/controllers/users_controller.rb
+++ b/apps/workbench/app/controllers/users_controller.rb
@@ -144,7 +144,7 @@ class UsersController < ApplicationController
                                       owner_uuid: @object.uuid
                                     }
                                   })
-    redirect_to root_url(api_token: resp[:api_token])
+    redirect_to root_url(api_token: "v2/#{resp[:uuid]}/#{resp[:api_token]}")
   end
 
   def home

commit 7896fc39410a07bdf48aa1f430e787538a79fb3a
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date:   Thu Nov 29 13:27:16 2018 -0300

    14551: Test exposing the bug.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>

diff --git a/apps/workbench/test/controllers/users_controller_test.rb b/apps/workbench/test/controllers/users_controller_test.rb
index 50b35021c..393b864dc 100644
--- a/apps/workbench/test/controllers/users_controller_test.rb
+++ b/apps/workbench/test/controllers/users_controller_test.rb
@@ -35,6 +35,14 @@ class UsersControllerTest < ActionController::TestCase
     assert_match /\/users\/welcome/, @response.redirect_url
   end
 
+  test "'log in as user' feature uses a v2 token" do
+    post :sudo, {
+      id: api_fixture('users')['active']['uuid']
+    }, session_for('admin_trustedclient')
+    assert_response :redirect
+    assert_match /api_token=v2%2F/, @response.redirect_url
+  end
+
   test "request shell access" do
     user = api_fixture('users')['spectator']
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list