[ARVADOS] updated: 1.2.0-113-gd3973d7df
Git user
git at public.curoverse.com
Thu Oct 4 21:28:03 EDT 2018
Summary of changes:
.../app/assets/javascripts/models/session_db.js | 15 ++++++--
.../controllers/collections_controller_test.rb | 40 ++++++++++------------
.../workbench/test/integration/collections_test.rb | 2 +-
apps/workbench/test/integration/jobs_test.rb | 2 +-
apps/workbench/test/integration_helper.rb | 2 +-
apps/workbench/test/test_helper.rb | 13 +++++--
.../api/app/controllers/application_controller.rb | 3 +-
7 files changed, 47 insertions(+), 30 deletions(-)
via d3973d7df59bffccb012eaff0bf1c11a23fb5a06 (commit)
from 269aba16336d6e9dcf80239465cfcfb9a841a4a9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit d3973d7df59bffccb012eaff0bf1c11a23fb5a06
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Oct 4 21:27:33 2018 -0400
14196: Multi-site search works with v2 tokens.
Also update workbench tests use v2 tokens.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/apps/workbench/app/assets/javascripts/models/session_db.js b/apps/workbench/app/assets/javascripts/models/session_db.js
index 5d42fdf07..fd1cdfe14 100644
--- a/apps/workbench/app/assets/javascripts/models/session_db.js
+++ b/apps/workbench/app/assets/javascripts/models/session_db.js
@@ -157,7 +157,11 @@ window.SessionDB = function() {
var session = db.loadLocal();
return db.tokenUUID().then(function(token_uuid) {
var shaObj = new jsSHA("SHA-1", "TEXT");
- shaObj.setHMACKey(session.token, "TEXT");
+ var secret = session.token;
+ if (session.token.startsWith("v2/")) {
+ secret = session.token.split("/")[2];
+ }
+ shaObj.setHMACKey(secret, "TEXT");
shaObj.update(uuid_prefix);
var hmac = shaObj.getHMAC("HEX");
return 'v2/' + token_uuid + '/' + hmac;
@@ -255,7 +259,14 @@ window.SessionDB = function() {
var cache = db.tokenUUIDCache;
if (!cache) {
var session = db.loadLocal();
- return db.request(session, '/arvados/v1/api_client_authorizations', {
+ if (session.token.startsWith("v2/")) {
+ var uuid = session.token.split("/")[1]
+ db.tokenUUIDCache = uuid;
+ return new Promise(function(resolve, reject) {
+ resolve(uuid);
+ });
+ }
+ return db.request(session, 'arvados/v1/api_client_authorizations', {
data: {
filters: JSON.stringify([['api_token', '=', session.token]])
}
diff --git a/apps/workbench/test/controllers/collections_controller_test.rb b/apps/workbench/test/controllers/collections_controller_test.rb
index 4f3e098d5..3ff02a82a 100644
--- a/apps/workbench/test/controllers/collections_controller_test.rb
+++ b/apps/workbench/test/controllers/collections_controller_test.rb
@@ -17,7 +17,7 @@ class CollectionsControllerTest < ActionController::TestCase
def config_anonymous enable
Rails.configuration.anonymous_user_token =
if enable
- api_fixture('api_client_authorizations')['anonymous']['api_token']
+ api_token('anonymous')
else
false
end
@@ -43,7 +43,7 @@ class CollectionsControllerTest < ActionController::TestCase
def assert_session_for_auth(client_auth)
api_token =
- api_fixture('api_client_authorizations')[client_auth.to_s]['api_token']
+ self.api_token(client_auth.to_s)
assert_hash_includes(session, {arvados_api_token: api_token},
"session token does not belong to #{client_auth}")
end
@@ -122,8 +122,7 @@ class CollectionsControllerTest < ActionController::TestCase
test "viewing collection files with a reader token" do
params = collection_params(:foo_file)
- params[:reader_token] = api_fixture("api_client_authorizations",
- "active_all_collections", "api_token")
+ params[:reader_token] = api_token("active_all_collections")
get(:show_file_links, params)
assert_response :redirect
assert_no_session
@@ -132,8 +131,7 @@ class CollectionsControllerTest < ActionController::TestCase
test "fetching collection file with reader token" do
setup_for_keep_web
params = collection_params(:foo_file, "foo")
- params[:reader_token] = api_fixture("api_client_authorizations",
- "active_all_collections", "api_token")
+ params[:reader_token] = api_token("active_all_collections")
get(:show_file, params)
assert_response :redirect
assert_match /foo/, response.redirect_url
@@ -178,7 +176,7 @@ class CollectionsControllerTest < ActionController::TestCase
test "getting a file from Keep with a good reader token" do
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
- read_token = api_fixture('api_client_authorizations')['active']['api_token']
+ read_token = api_token('active')
params[:reader_token] = read_token
get(:show_file, params)
assert_response :redirect
@@ -192,7 +190,7 @@ class CollectionsControllerTest < ActionController::TestCase
config_anonymous anon
params = collection_params(:foo_file, 'foo')
params[:reader_token] =
- api_fixture('api_client_authorizations')['active_noscope']['api_token']
+ api_token('active_noscope')
get(:show_file, params)
if anon
# Some files can be shown without a valid token, but not this one.
@@ -209,7 +207,7 @@ class CollectionsControllerTest < ActionController::TestCase
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
sess = session_for(:expired)
- read_token = api_fixture('api_client_authorizations')['active']['api_token']
+ read_token = api_token('active')
params[:reader_token] = read_token
get(:show_file, params, sess)
assert_response :redirect
@@ -475,20 +473,20 @@ class CollectionsControllerTest < ActionController::TestCase
%w(uuid portable_data_hash).each do |id_type|
test "Redirect to keep_web_url via #{id_type}" do
setup_for_keep_web
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.example/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.example/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with reader token" do
setup_for_keep_web
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z", reader_token: tok}, session_for(:expired)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.example/t=#{tok}/_/w%20a%20z", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.example/t=#{URI.escape tok}/_/w%20a%20z", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with no token" do
@@ -516,22 +514,22 @@ class CollectionsControllerTest < ActionController::TestCase
test "Redirect to keep_web_download_url via #{id_type}" do
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} when trust_all_content enabled" do
Rails.configuration.trust_all_content = true
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://collections.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://collections.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
end
@@ -548,7 +546,7 @@ class CollectionsControllerTest < ActionController::TestCase
config_anonymous anon
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['public_text_file']['uuid']
get :show_file, {
uuid: id,
@@ -558,7 +556,7 @@ class CollectionsControllerTest < ActionController::TestCase
assert_response :redirect
expect_url = "https://download.example/c=#{id.sub '+', '-'}/_/Hello%20world.txt"
if not anon
- expect_url += "?api_token=#{tok}"
+ expect_url += "?api_token=#{URI.escape tok, '/'}"
end
assert_equal expect_url, @response.redirect_url
end
@@ -577,11 +575,11 @@ class CollectionsControllerTest < ActionController::TestCase
test "Redirect preview to keep_web_download_url when preview is disabled and trust_all_content is #{trust_all_content}" do
Rails.configuration.trust_all_content = trust_all_content
setup_for_keep_web false, 'https://download.example/c=%{uuid_or_pdh}'
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file']['uuid']
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
end
diff --git a/apps/workbench/test/integration/collections_test.rb b/apps/workbench/test/integration/collections_test.rb
index 9aa868c2b..6dd3c5269 100644
--- a/apps/workbench/test/integration/collections_test.rb
+++ b/apps/workbench/test/integration/collections_test.rb
@@ -57,7 +57,7 @@ class CollectionsTest < ActionDispatch::IntegrationTest
test "can download an entire collection with a reader token" do
use_keep_web_config
- token = api_fixture('api_client_authorizations')['active']['api_token']
+ token = api_token('active')
data = "foo\nfile\n"
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
diff --git a/apps/workbench/test/integration/jobs_test.rb b/apps/workbench/test/integration/jobs_test.rb
index bfed03b14..bf48d88cf 100644
--- a/apps/workbench/test/integration/jobs_test.rb
+++ b/apps/workbench/test/integration/jobs_test.rb
@@ -63,7 +63,7 @@ class JobsTest < ActionDispatch::IntegrationTest
test 'view log via keep-web redirect' do
use_keep_web_config
- token = api_fixture('api_client_authorizations')['active']['api_token']
+ token = api_token('active')
logdata = fakepipe_with_log_data.read
logblock = `echo -n #{logdata.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
diff --git a/apps/workbench/test/integration_helper.rb b/apps/workbench/test/integration_helper.rb
index 33e50087e..5fbdd5c6f 100644
--- a/apps/workbench/test/integration_helper.rb
+++ b/apps/workbench/test/integration_helper.rb
@@ -244,7 +244,7 @@ class ActionDispatch::IntegrationTest
end
def upload_data_and_get_collection(data, user, filename, owner_uuid=nil)
- token = api_fixture('api_client_authorizations')[user]['api_token']
+ token = api_token(user)
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
col = nil
diff --git a/apps/workbench/test/test_helper.rb b/apps/workbench/test/test_helper.rb
index 2fd926ff1..8435eb4b7 100644
--- a/apps/workbench/test/test_helper.rb
+++ b/apps/workbench/test/test_helper.rb
@@ -39,7 +39,7 @@ class ActiveSupport::TestCase
user_was = Thread.current[:user]
token_was = Thread.current[:arvados_api_token]
auth = api_fixture('api_client_authorizations')[token_name.to_s]
- Thread.current[:arvados_api_token] = auth['api_token']
+ Thread.current[:arvados_api_token] = "v2/#{auth['uuid']}/#{auth['api_token']}"
if block_given?
begin
yield
@@ -92,10 +92,16 @@ module ApiFixtureLoader
keys.inject(@@api_fixtures[name]) { |hash, key| hash[key] }.deep_dup
end
end
+
def api_fixture(name, *keys)
self.class.api_fixture(name, *keys)
end
+ def api_token(name)
+ auth = api_fixture('api_client_authorizations')[name]
+ "v2/#{auth['uuid']}/#{auth['api_token']}"
+ end
+
def find_fixture(object_class, name)
object_class.find(api_fixture(object_class.to_s.pluralize.underscore,
name, "uuid"))
@@ -146,8 +152,9 @@ end
class ActiveSupport::TestCase
include ApiFixtureLoader
def session_for api_client_auth_name
+ auth = api_fixture('api_client_authorizations')[api_client_auth_name.to_s]
{
- arvados_api_token: api_fixture('api_client_authorizations')[api_client_auth_name.to_s]['api_token']
+ arvados_api_token: "v2/#{auth['uuid']}/#{auth['api_token']}"
}
end
def json_response
@@ -302,7 +309,7 @@ class ActiveSupport::TestCase
return unless Rails.env == 'test'
auth = api_fixture('api_client_authorizations')['admin_trustedclient']
- Thread.current[:arvados_api_token] = auth['api_token']
+ Thread.current[:arvados_api_token] = "v2/#{auth['uuid']}/#{auth['api_token']}"
ArvadosApiClient.new.api(nil, '../../database/reset', {})
Thread.current[:arvados_api_token] = nil
end
diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index a0555d13d..d9990b39b 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -420,7 +420,8 @@ class ApplicationController < ActionController::Base
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
- response.headers['Access-Control-Max-Age'] = '86486400'
+ #response.headers['Access-Control-Max-Age'] = '86486400'
+ response.headers['Access-Control-Max-Age'] = '1'
end
def respond_with_json_by_default
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list