[ARVADOS] updated: 1.3.0-1567-gd6c4fc824
Git user
git at public.curoverse.com
Wed Sep 4 20:10:54 UTC 2019
Summary of changes:
.../app/controllers/actions_controller.rb | 4 +-
.../app/controllers/application_controller.rb | 38 ++--
.../app/controllers/collections_controller.rb | 14 +-
.../controllers/container_requests_controller.rb | 8 +-
.../workbench/app/controllers/groups_controller.rb | 4 +-
apps/workbench/app/controllers/jobs_controller.rb | 4 +-
.../controllers/pipeline_instances_controller.rb | 6 +-
.../app/controllers/projects_controller.rb | 2 +-
.../app/controllers/repositories_controller.rb | 4 +-
.../app/controllers/trash_items_controller.rb | 10 +-
apps/workbench/app/controllers/users_controller.rb | 27 +--
.../app/controllers/virtual_machines_controller.rb | 2 +-
.../controllers/work_unit_templates_controller.rb | 4 +-
.../app/controllers/work_units_controller.rb | 6 +-
.../app/helpers/pipeline_instances_helper.rb | 2 +-
apps/workbench/app/models/container_work_unit.rb | 4 +-
apps/workbench/app/models/pipeline_instance.rb | 4 +-
.../app/models/pipeline_instance_work_unit.rb | 2 +-
doc/admin/config-migration.html.textile.liquid | 9 +
doc/admin/upgrading.html.textile.liquid | 8 +
.../install-arv-git-httpd.html.textile.liquid | 42 ++---
doc/install/install-keepproxy.html.textile.liquid | 59 +++++--
lib/config/config.default.yml | 14 ++
lib/config/deprecated.go | 113 ++++++++++++
lib/config/deprecated_test.go | 143 ++++++++++++---
lib/config/export.go | 1 +
lib/config/generated_config.go | 14 ++
lib/config/load.go | 12 ++
sdk/go/arvados/config.go | 3 +
sdk/python/arvados/util.py | 3 +
sdk/python/tests/run_test_server.py | 19 +-
services/api/app/models/user.rb | 20 +--
services/api/test/integration/remote_user_test.rb | 8 +-
services/api/test/unit/user_test.rb | 39 +++++
services/arv-git-httpd/arvados-git-httpd.service | 1 -
services/arv-git-httpd/auth_handler.go | 14 +-
services/arv-git-httpd/auth_handler_test.go | 29 +--
services/arv-git-httpd/git_handler.go | 23 ++-
services/arv-git-httpd/git_handler_test.go | 27 ++-
services/arv-git-httpd/gitolite_test.go | 24 +--
services/arv-git-httpd/integration_test.go | 43 +++--
services/arv-git-httpd/main.go | 91 ++++------
services/arv-git-httpd/server.go | 14 +-
services/arv-git-httpd/usage.go | 81 ---------
services/keepproxy/keepproxy.go | 194 +++++++++------------
services/keepproxy/keepproxy.service | 1 -
services/keepproxy/keepproxy_test.go | 110 ++++--------
services/keepproxy/usage.go | 90 ----------
tools/arvbox/lib/arvbox/docker/cluster-config.sh | 12 +-
tools/arvbox/lib/arvbox/docker/common.sh | 1 +
.../docker/service/arv-git-httpd/run-service | 6 +-
.../arvbox/docker/service/keepproxy/run-service | 2 +-
tools/arvbox/lib/arvbox/docker/service/nginx/run | 23 +++
53 files changed, 786 insertions(+), 652 deletions(-)
delete mode 100644 services/arv-git-httpd/usage.go
delete mode 100644 services/keepproxy/usage.go
via d6c4fc82452b6c8e7fe492a0e2a163a19477f95a (commit)
via 476f6188d78a8d7c60043b0dd5d22bfba045484c (commit)
via 79ba997c9bc1f97514dcc6f1d6016ba7524a0ae1 (commit)
via 6de58d02306425c5899506c571b90b5c6c93b629 (commit)
via 3c248f44a39ab0b792a8a91f875c4e09875bf54f (commit)
via 16a7c3c0b0bff303a6185282ab170fd495f7413d (commit)
via 5bbec701f90b8179d66e5c308c1c01e3c4dcade7 (commit)
via 3c0e4dc35b5f2fc34e050fef304cdec0cebe51ae (commit)
via 44a871434f648052a410f158fc8e09ec17c11339 (commit)
via 6a90dcb6b421380d4654d47db9b8037643039236 (commit)
via 72eeca4fb7abb97ae41e30c032e3d48074b915f7 (commit)
via a5db96feced74279d61fe8254ed38a321342da1d (commit)
via 73a68fb27a3531feed18b339ad4c66ff3d08c501 (commit)
via 59c608c6052d2bf47a49d6a649be5f407986f6a3 (commit)
via 33e1bbfb47da58c94bb705324362c4c709ac43bb (commit)
via 0de3f63a136cab2227204eb16da9ea0eb9b68349 (commit)
via 5b604a0884f7cac8330fb0e5cfae90f80799f6c3 (commit)
via 7410ffda247fc84a9e650dc441dd415f483cfa5e (commit)
via ef23c3d124b24a461f6947868a28e67e7a0a1010 (commit)
via cdc569ed1c4777d3293327ee10b8f1c8bec06c6a (commit)
via de47033cb700ba5655dc6cfde77b888e8a94e87f (commit)
via 82ef8e6c9b95804159e199d7dd9128da82366a50 (commit)
via 5ae0a422e60788a4039d17d2d8dfb60f250329c7 (commit)
via 729c7c95d0d9c8d0357143717d5f2bb8cdd743de (commit)
via d4ed3e6460469f2766e1f1676c538d6c86e000b6 (commit)
via 1166aeb6033725709ded753a0c00f69320a9a873 (commit)
via 8f9f169bf7d53ecaaa076bf4fbf60fa0f0016af4 (commit)
via e7374a8dbe6467add8506d52a8d25b9f0eee16dd (commit)
via f248e19664fec1268e2a736d698acfbd6147016e (commit)
via 47d4b25da3ee62b641aa3026adf38adc22b3b65c (commit)
via 100ae537a8329048452c656229750b97c78a3296 (commit)
via aabdf0fec790f9dd341af07013cc1c47ae04b876 (commit)
via 1cce0422dfc66a02e59f0c3a783562c90d0931d9 (commit)
from 5713754c574254f9e3650ac80bf8fdca235898f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit d6c4fc82452b6c8e7fe492a0e2a163a19477f95a
Merge: 476f6188d 79ba997c9
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Wed Sep 4 16:10:34 2019 -0400
Merge branch 'master' into 15558-alternate-email-addresses
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
commit 476f6188d78a8d7c60043b0dd5d22bfba045484c
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Wed Sep 4 15:52:40 2019 -0400
15558: email address must refer to unique user account
Email address must unambigiously refer to one user account, after
following redirects.
Make email address field read-only by non-admins.
Also fix tests and add a few new ones.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index db9eddc06..9526f6593 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -374,16 +374,14 @@ class User < ArvadosModel
# identity url is unset or didn't find matching record.
emails = [info['email']] + (info['alternate_emails'] || [])
emails.select! {|em| !em.nil? && !em.empty?}
- emails.each do |em|
- # Go through each email address, try to find a user record
- # corresponding to one of the addresses supplied.
-
- user = User.unscoped.where('email = ? and uuid like ?',
- em,
- User.uuid_like_pattern).first
- if user
+
+ User.unscoped.where('email in (?) and uuid like ?',
+ emails,
+ User.uuid_like_pattern).each do |user|
+ if !primary_user
primary_user = user.redirects_to
- break
+ elsif primary_user.uuid != user.redirects_to.uuid
+ raise "Ambigious email address, directs to both #{primary_user.uuid} and #{user.redirects_to.uuid}"
end
end
end
@@ -402,7 +400,7 @@ class User < ArvadosModel
primary_user.first_name = info['first_name'] if info['first_name']
primary_user.last_name = info['last_name'] if info['last_name']
- if (!primary_user.email or primary_user.identity_url.empty?) and (!primary_user.identity_url or primary_user.identity_url.empty?)
+ if (!primary_user.email or primary_user.email.empty?) and (!primary_user.identity_url or primary_user.identity_url.empty?)
raise "Must have supply at least one of 'email' or 'identity_url' to User.register"
end
@@ -431,7 +429,7 @@ class User < ArvadosModel
end
def permission_to_update
- if username_changed? || redirect_to_user_uuid_changed?
+ if username_changed? || redirect_to_user_uuid_changed? || email_changed?
current_user.andand.is_admin
else
# users must be able to update themselves (even if they are
diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb
index f68a271ed..81ea9623e 100644
--- a/services/api/test/integration/remote_user_test.rb
+++ b/services/api/test/integration/remote_user_test.rb
@@ -283,7 +283,8 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
"uuid" => "zbbbb-tpzed-000000000001234",
"email" => 'foo at example.com',
"username" => 'barney',
- "is_active" => true
+ "is_active" => true,
+ "is_admin" => false
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_token(:admin)}"}
@@ -293,8 +294,9 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response :success
+ puts json_response
assert_equal 'zbbbb-tpzed-000000000001234', json_response['uuid']
- assert_nil json_response['is_admin']
+ assert_equal false, json_response['is_admin']
assert_equal true, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
assert_equal 'barney', json_response['username']
@@ -315,7 +317,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
headers: auth(remote: 'zbbbb')
assert_response :success
assert_equal 'zbbbb-tpzed-000000000001234', json_response['uuid']
- assert_nil json_response['is_admin']
+ assert_equal false, json_response['is_admin']
assert_equal false, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
assert_equal 'barney', json_response['username']
diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb
index 21252eeaf..9fafeb0b2 100644
--- a/services/api/test/unit/user_test.rb
+++ b/services/api/test/unit/user_test.rb
@@ -810,11 +810,15 @@ class UserTest < ActiveSupport::TestCase
end
test "lookup user by alternate email" do
+ # register method will find that active-user at arvados.local already
+ # exists and return existing 'active' user.
u = User.register({"email" => "user at parent-company.com",
"alternate_emails" => ["active-user at arvados.local"],
"identity_url" => "different-identity-url"})
active = User.find_by_uuid(users(:active).uuid)
assert_equal active.uuid, u.uuid
+
+ # identity_url and email of 'active' should be updated
assert_equal "different-identity-url", active.identity_url
assert_equal "user at parent-company.com", active.email
end
@@ -836,11 +840,46 @@ class UserTest < ActiveSupport::TestCase
assert_equal "Baratheon", nbs.last_name
end
+ test "fail when email address is ambigious" do
+ User.register({"email" => "active-user at arvados.local"})
+ u = User.register({"email" => "never-before-seen-user at arvados.local"})
+ u.email = "active-user at arvados.local"
+ act_as_system_user do
+ u.save!
+ end
+ assert_raises do
+ User.register({"email" => "active-user at arvados.local"})
+ end
+ end
+
test "fail lookup without identifiers" do
assert_raises do
User.register({"first_name" => "Robert", "last_name" => "Baratheon"})
end
+ assert_raises do
+ User.register({"first_name" => "Robert", "last_name" => "Baratheon", "identity_url" => "", "email" => ""})
+ end
end
+ test "user can update name" do
+ set_user_from_auth :active
+ user = users(:active)
+ user.first_name = "MyNewName"
+ assert user.save
+ end
+
+ test "user cannot update email" do
+ set_user_from_auth :active
+ user = users(:active)
+ user.email = "new-name at example.com"
+ assert_not_allowed { user.save }
+ end
+
+ test "admin can update email" do
+ set_user_from_auth :admin
+ user = users(:active)
+ user.email = "new-name at example.com"
+ assert user.save
+ end
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list