[ARVADOS] created: 1.3.0-3033-g87977ae72
Git user
git at public.arvados.org
Fri Aug 28 21:32:43 UTC 2020
at 87977ae72b8cfded3263b109caa5245fa1abd74f (commit)
commit 87977ae72b8cfded3263b109caa5245fa1abd74f
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Aug 28 17:32:07 2020 -0400
16726: Anonymous user is mapped to anonymous. root user is renamed.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index c31f09782..ab6fd8000 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -226,6 +226,11 @@ class ApiClientAuthorization < ArvadosModel
# Add or update user and token in local database so we can
# validate subsequent requests faster.
+ if remote_user['uuid'][-22..-1] == '-tpzed-anonymouspublic'
+ # Special case: map the remote anonymous user to local anonymous user
+ remote_user['uuid'] = anonymous_user_uuid
+ end
+
user = User.find_by_uuid(remote_user['uuid'])
if !user
@@ -257,6 +262,11 @@ class ApiClientAuthorization < ArvadosModel
user.send(attr+'=', remote_user[attr])
end
+ if remote_user['uuid'][-22..-1] == '-tpzed-000000000000000'
+ user.first_name = "root"
+ user.last_name = "from cluster #{remote_user_prefix}"
+ end
+
act_as_system_user do
if user.is_active && !remote_user['is_active']
user.unsetup
diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb
index 04a45420f..8ad09894a 100644
--- a/services/api/test/integration/remote_user_test.rb
+++ b/services/api/test/integration/remote_user_test.rb
@@ -79,7 +79,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
Arvados::V1::SchemaController.any_instance.stubs(:root_url).returns "https://#{@remote_host[0]}"
@stub_status = 200
@stub_content = {
- uuid: 'zbbbb-tpzed-000000000000000',
+ uuid: 'zbbbb-tpzed-000000000000001',
email: 'foo at example.com',
username: 'barney',
is_admin: true,
@@ -98,7 +98,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response :success
- assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+ assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
assert_equal false, json_response['is_admin']
assert_equal false, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
@@ -286,12 +286,12 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response :success
- assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+ assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
assert_equal false, json_response['is_admin']
assert_equal false, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
assert_equal 'barney', json_response['username']
- post '/arvados/v1/users/zbbbb-tpzed-000000000000000/activate',
+ post '/arvados/v1/users/zbbbb-tpzed-000000000000001/activate',
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response 422
@@ -303,7 +303,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response :success
- assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+ assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
assert_equal false, json_response['is_admin']
assert_equal true, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
@@ -316,7 +316,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
params: {format: 'json'},
headers: auth(remote: 'zbbbb')
assert_response :success
- assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+ assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
assert_equal true, json_response['is_admin']
assert_equal true, json_response['is_active']
assert_equal 'foo at example.com', json_response['email']
@@ -412,4 +412,22 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
end
end
+ test 'authenticate with remote token, remote user is system user' do
+ @stub_content[:uuid] = 'zbbbb-tpzed-000000000000000'
+ get '/arvados/v1/users/current',
+ params: {format: 'json'},
+ headers: auth(remote: 'zbbbb')
+ assert_equal 'from cluster zbbbb', json_response['last_name']
+ end
+
+ test 'authenticate with remote token, remote user is anonymous user' do
+ @stub_content[:uuid] = 'zbbbb-tpzed-anonymouspublic'
+ get '/arvados/v1/users/current',
+ params: {format: 'json'},
+ headers: auth(remote: 'zbbbb')
+ assert_response :success
+ assert_equal 'zzzzz-tpzed-anonymouspublic', json_response['uuid']
+ end
+
+
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list