[ARVADOS] updated: 1.3.0-2353-gac8dd29af
Git user
git at public.arvados.org
Tue Mar 31 14:32:41 UTC 2020
Summary of changes:
lib/controller/federation/conn.go | 4 ++++
lib/controller/federation/login_test.go | 3 +++
lib/controller/handler.go | 1 +
lib/controller/localdb/conn.go | 4 ++++
lib/controller/localdb/login.go | 4 ++++
lib/controller/localdb/login_google.go | 6 +++++
lib/controller/localdb/login_pam.go | 22 ++++++++++---------
lib/controller/localdb/login_pam_docker_test.sh | 10 ++++++---
lib/controller/localdb/login_pam_test.go | 15 ++++---------
lib/controller/router/router.go | 29 ++++++++++++++++---------
lib/controller/rpc/conn.go | 9 +++++++-
sdk/go/arvados/api.go | 15 ++++++++-----
sdk/go/arvados/login.go | 9 --------
sdk/go/arvadostest/api.go | 4 ++++
14 files changed, 86 insertions(+), 49 deletions(-)
via ac8dd29afc2536501a43231bbb143feff1d5f3b6 (commit)
via bce9dd2ab9900ba770b72dfd94c7c45fc5b6f605 (commit)
via 5c4cb8ad5408c7361fdd6d3132a24392690909ca (commit)
via 521e8ecf4ac93ac27c7bec97601c246e391daf43 (commit)
via 9a2ccbcd3cceca032c2d1303b434ecacfb2209f4 (commit)
from 23d90de7344ae39d1d0082a369b0dc5e9086531d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit ac8dd29afc2536501a43231bbb143feff1d5f3b6
Author: Tom Clegg <tom at tomclegg.ca>
Date: Tue Mar 31 10:32:17 2020 -0400
16212: Ensure added user doesn't prevent subsequent database reset.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/localdb/login_pam_docker_test.sh b/lib/controller/localdb/login_pam_docker_test.sh
index c71de47a4..932811a8d 100755
--- a/lib/controller/localdb/login_pam_docker_test.sh
+++ b/lib/controller/localdb/login_pam_docker_test.sh
@@ -83,6 +83,10 @@ Clusters:
"http://0.0.0.0:9999/": {}
Login:
PAM: true
+ # Without this magic PAMDefaultEmailDomain, inserted users would
+ # prevent subsequent database/reset from working (see
+ # database_controller.rb).
+ PAMDefaultEmailDomain: example.com
SystemLogs:
LogLevel: debug
EOF
commit bce9dd2ab9900ba770b72dfd94c7c45fc5b6f605
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon Mar 30 17:26:40 2020 -0400
16212: Disallow overriding HTTP method on GET requests.
Removes an opportunity to circumvent CORS restrictions.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/router/router.go b/lib/controller/router/router.go
index 59205788d..c347e2f79 100644
--- a/lib/controller/router/router.go
+++ b/lib/controller/router/router.go
@@ -399,15 +399,17 @@ func (rtr *router) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == "OPTIONS" {
return
}
- r.ParseForm()
- if m := r.FormValue("_method"); m != "" {
- r2 := *r
- r = &r2
- r.Method = m
- } else if m = r.Header.Get("X-Http-Method-Override"); m != "" {
- r2 := *r
- r = &r2
- r.Method = m
+ if r.Method == "POST" {
+ r.ParseForm()
+ if m := r.FormValue("_method"); m != "" {
+ r2 := *r
+ r = &r2
+ r.Method = m
+ } else if m = r.Header.Get("X-Http-Method-Override"); m != "" {
+ r2 := *r
+ r = &r2
+ r.Method = m
+ }
}
rtr.mux.ServeHTTP(w, r)
}
commit 5c4cb8ad5408c7361fdd6d3132a24392690909ca
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon Mar 30 17:26:22 2020 -0400
16212: Fix wrong API endpoint for users/batch_update.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/sdk/go/arvados/api.go b/sdk/go/arvados/api.go
index cec6e26b6..ae74d079a 100644
--- a/sdk/go/arvados/api.go
+++ b/sdk/go/arvados/api.go
@@ -55,7 +55,7 @@ var (
EndpointUserUnsetup = APIEndpoint{"POST", "arvados/v1/users/{uuid}/unsetup", ""}
EndpointUserUpdate = APIEndpoint{"PATCH", "arvados/v1/users/{uuid}", "user"}
EndpointUserUpdateUUID = APIEndpoint{"POST", "arvados/v1/users/{uuid}/update_uuid", ""}
- EndpointUserBatchUpdate = APIEndpoint{"PATCH", "arvados/v1/users/batch", ""}
+ EndpointUserBatchUpdate = APIEndpoint{"PATCH", "arvados/v1/users/batch_update", ""}
EndpointUserAuthenticate = APIEndpoint{"POST", "arvados/v1/users/authenticate", ""}
EndpointAPIClientAuthorizationCurrent = APIEndpoint{"GET", "arvados/v1/api_client_authorizations/current", ""}
)
commit 521e8ecf4ac93ac27c7bec97601c246e391daf43
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon Mar 30 17:26:13 2020 -0400
16212: Move user/pass authentication to its own endpoint.
Overloading the /login endpoint turns out to be too awkward: method,
CORS permissions, and response type are all different.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 279b7a51d..3e37a5c61 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -478,6 +478,10 @@ func (conn *Conn) UserBatchUpdate(ctx context.Context, options arvados.UserBatch
return conn.local.UserBatchUpdate(ctx, options)
}
+func (conn *Conn) UserAuthenticate(ctx context.Context, options arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return conn.local.UserAuthenticate(ctx, options)
+}
+
func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) {
return conn.chooseBackend(options.UUID).APIClientAuthorizationCurrent(ctx, options)
}
diff --git a/lib/controller/federation/login_test.go b/lib/controller/federation/login_test.go
index 1d6e12e01..2de260fdc 100644
--- a/lib/controller/federation/login_test.go
+++ b/lib/controller/federation/login_test.go
@@ -46,6 +46,9 @@ func (s *LoginSuite) TestLogout(c *check.C) {
s.cluster.Login.GoogleClientID = "zzzzzzzzzzzzzz"
s.addHTTPRemote(c, "zhome", &arvadostest.APIStub{})
s.cluster.Login.LoginCluster = "zhome"
+ // s.fed is already set by SetUpTest, but we need to
+ // reinitialize with the above config changes.
+ s.fed = New(s.cluster)
returnTo := "https://app.example.com/foo?bar"
for _, trial := range []struct {
diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index e3869261a..d7bc9bd9a 100644
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -85,6 +85,7 @@ func (h *Handler) setup() {
mux.Handle("/arvados/v1/collections/", rtr)
mux.Handle("/arvados/v1/users", rtr)
mux.Handle("/arvados/v1/users/", rtr)
+ mux.Handle("/"+arvados.EndpointUserAuthenticate.Path, rtr)
mux.Handle("/login", rtr)
mux.Handle("/logout", rtr)
}
diff --git a/lib/controller/localdb/conn.go b/lib/controller/localdb/conn.go
index 909b6e1ff..60263455b 100644
--- a/lib/controller/localdb/conn.go
+++ b/lib/controller/localdb/conn.go
@@ -36,3 +36,7 @@ func (conn *Conn) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvad
func (conn *Conn) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
return conn.loginController.Login(ctx, opts)
}
+
+func (conn *Conn) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return conn.loginController.UserAuthenticate(ctx, opts)
+}
diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index af9a03482..2d2053171 100644
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -14,6 +14,7 @@ import (
type loginController interface {
Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error)
Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error)
+ UserAuthenticate(ctx context.Context, options arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error)
}
func chooseLoginController(cluster *arvados.Cluster, railsProxy *railsProxy) loginController {
@@ -42,6 +43,9 @@ func (ctrl errorLoginController) Login(context.Context, arvados.LoginOptions) (a
func (ctrl errorLoginController) Logout(context.Context, arvados.LogoutOptions) (arvados.LogoutResponse, error) {
return arvados.LogoutResponse{}, ctrl.error
}
+func (ctrl errorLoginController) UserAuthenticate(context.Context, arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return arvados.APIClientAuthorization{}, ctrl.error
+}
func noopLogout(cluster *arvados.Cluster, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
target := opts.ReturnTo
diff --git a/lib/controller/localdb/login_google.go b/lib/controller/localdb/login_google.go
index 61bbaf01b..bf1754c15 100644
--- a/lib/controller/localdb/login_google.go
+++ b/lib/controller/localdb/login_google.go
@@ -12,6 +12,7 @@ import (
"encoding/base64"
"errors"
"fmt"
+ "net/http"
"net/url"
"strings"
"sync"
@@ -22,6 +23,7 @@ import (
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
+ "git.arvados.org/arvados.git/sdk/go/httpserver"
"github.com/coreos/go-oidc"
"golang.org/x/oauth2"
"google.golang.org/api/option"
@@ -129,6 +131,10 @@ func (ctrl *googleLoginController) Login(ctx context.Context, opts arvados.Login
}
}
+func (ctrl *googleLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
+}
+
// Use a person's token to get all of their email addresses, with the
// primary address at index 0. The provided defaultAddr is always
// included in the returned slice, and is used as the primary if the
diff --git a/lib/controller/localdb/login_pam.go b/lib/controller/localdb/login_pam.go
index 059e27fa2..be90cb3d1 100644
--- a/lib/controller/localdb/login_pam.go
+++ b/lib/controller/localdb/login_pam.go
@@ -31,6 +31,10 @@ func (ctrl *pamLoginController) Logout(ctx context.Context, opts arvados.LogoutO
}
func (ctrl *pamLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
+ return arvados.LoginResponse{}, errors.New("interactive login is not available")
+}
+
+func (ctrl *pamLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
errorMessage := ""
tx, err := pam.StartFunc(ctrl.Cluster.Login.PAMService, opts.Username, func(style pam.Style, message string) (string, error) {
ctxlog.FromContext(ctx).Debugf("pam conversation: style=%v message=%q", style, message)
@@ -49,18 +53,18 @@ func (ctrl *pamLoginController) Login(ctx context.Context, opts arvados.LoginOpt
}
})
if err != nil {
- return arvados.LoginResponse{}, err
+ return arvados.APIClientAuthorization{}, err
}
err = tx.Authenticate(pam.DisallowNullAuthtok)
if err != nil {
- return arvados.LoginResponse{}, httpserver.ErrorWithStatus(err, http.StatusUnauthorized)
+ return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(err, http.StatusUnauthorized)
}
if errorMessage != "" {
- return arvados.LoginResponse{}, httpserver.ErrorWithStatus(errors.New(errorMessage), http.StatusUnauthorized)
+ return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New(errorMessage), http.StatusUnauthorized)
}
user, err := tx.GetItem(pam.User)
if err != nil {
- return arvados.LoginResponse{}, err
+ return arvados.APIClientAuthorization{}, err
}
email := user
if domain := ctrl.Cluster.Login.PAMDefaultEmailDomain; domain != "" && !strings.Contains(email, "@") {
@@ -72,20 +76,18 @@ func (ctrl *pamLoginController) Login(ctx context.Context, opts arvados.LoginOpt
// Send a fake ReturnTo value instead of the caller's
// opts.ReturnTo. We won't follow the resulting
// redirect target anyway.
- ReturnTo: opts.Remote + ",https://none.invalid",
+ ReturnTo: ",https://none.invalid",
AuthInfo: rpc.UserSessionAuthInfo{
Username: user,
Email: email,
},
})
if err != nil {
- return arvados.LoginResponse{}, err
+ return arvados.APIClientAuthorization{}, err
}
target, err := url.Parse(resp.RedirectLocation)
if err != nil {
- return arvados.LoginResponse{}, err
+ return arvados.APIClientAuthorization{}, err
}
- resp.Token = target.Query().Get("api_token")
- resp.RedirectLocation = ""
- return resp, err
+ return arvados.APIClientAuthorization{APIToken: target.Query().Get("api_token")}, err
}
diff --git a/lib/controller/localdb/login_pam_docker_test.sh b/lib/controller/localdb/login_pam_docker_test.sh
index 1d37f5c1c..c71de47a4 100755
--- a/lib/controller/localdb/login_pam_docker_test.sh
+++ b/lib/controller/localdb/login_pam_docker_test.sh
@@ -170,13 +170,13 @@ check_contains() {
}
echo >&2 "Testing authentication failure"
-resp="$(curl -s --include -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug)"
+resp="$(curl -s --include -d username=foo -d password=nosecret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
check_contains "${resp}" "HTTP/1.1 401"
check_contains "${resp}" '{"errors":["Authentication failure"]}'
echo >&2 "Testing authentication success"
-resp="$(curl -s --include -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug)"
+resp="$(curl -s --include -d username=foo -d password=secret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
check_contains "${resp}" "HTTP/1.1 200"
-check_contains "${resp}" '{"token":"v2/zzzzz-gj3su-'
+check_contains "${resp}" '{"api_token":"v2/zzzzz-gj3su-'
cleanup
diff --git a/lib/controller/localdb/login_pam_test.go b/lib/controller/localdb/login_pam_test.go
index 4af40f8d3..4ecead8b1 100644
--- a/lib/controller/localdb/login_pam_test.go
+++ b/lib/controller/localdb/login_pam_test.go
@@ -42,20 +42,16 @@ func (s *PamSuite) SetUpSuite(c *check.C) {
}
func (s *PamSuite) TestLoginFailure(c *check.C) {
- resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{
+ resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{
Username: "bogususername",
Password: "boguspassword",
- ReturnTo: "https://example.com/foo",
})
c.Check(err, check.ErrorMatches, "Authentication failure")
hs, ok := err.(interface{ HTTPStatus() int })
if c.Check(ok, check.Equals, true) {
c.Check(hs.HTTPStatus(), check.Equals, http.StatusUnauthorized)
}
- c.Check(resp.RedirectLocation, check.Equals, "")
- c.Check(resp.Token, check.Equals, "")
- c.Check(resp.Message, check.Equals, "")
- c.Check(resp.HTML.String(), check.Equals, "")
+ c.Check(resp.APIToken, check.Equals, "")
}
// This test only runs if the ARVADOS_TEST_PAM_CREDENTIALS_FILE env
@@ -73,15 +69,12 @@ func (s *PamSuite) TestLoginSuccess(c *check.C) {
c.Assert(len(lines), check.Equals, 2, check.Commentf("credentials file %s should contain \"username\\npassword\"", testCredsFile))
u, p := lines[0], lines[1]
- resp, err := s.ctrl.Login(context.Background(), arvados.LoginOptions{
+ resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{
Username: u,
Password: p,
- ReturnTo: "https://example.com/foo",
})
c.Check(err, check.IsNil)
- c.Check(resp.RedirectLocation, check.Equals, "")
- c.Check(resp.Token, check.Matches, `v2/zzzzz-gj3su-.*/.*`)
- c.Check(resp.HTML.String(), check.Equals, "")
+ c.Check(resp.APIToken, check.Matches, `v2/zzzzz-gj3su-.*/.*`)
authinfo := getCallbackAuthInfo(c, s.railsSpy)
c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAMDefaultEmailDomain)
diff --git a/lib/controller/router/router.go b/lib/controller/router/router.go
index bb6d90558..59205788d 100644
--- a/lib/controller/router/router.go
+++ b/lib/controller/router/router.go
@@ -303,6 +303,13 @@ func (rtr *router) addRoutes() {
return rtr.fed.UserDelete(ctx, *opts.(*arvados.DeleteOptions))
},
},
+ {
+ arvados.EndpointUserAuthenticate,
+ func() interface{} { return &arvados.UserAuthenticateOptions{} },
+ func(ctx context.Context, opts interface{}) (interface{}, error) {
+ return rtr.fed.UserAuthenticate(ctx, *opts.(*arvados.UserAuthenticateOptions))
+ },
+ },
} {
rtr.addRoute(route.endpoint, route.defaultOpts, route.exec)
}
diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index 4b143b770..c3c66d00a 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -417,8 +417,15 @@ func (conn *Conn) UserSessionCreate(ctx context.Context, options UserSessionCrea
}
func (conn *Conn) UserBatchUpdate(ctx context.Context, options arvados.UserBatchUpdateOptions) (arvados.UserList, error) {
- ep := arvados.APIEndpoint{Method: "PATCH", Path: "arvados/v1/users/batch_update"}
+ ep := arvados.EndpointUserBatchUpdate
var resp arvados.UserList
err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
return resp, err
}
+
+func (conn *Conn) UserAuthenticate(ctx context.Context, options arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ ep := arvados.EndpointUserAuthenticate
+ var resp arvados.APIClientAuthorization
+ err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+ return resp, err
+}
diff --git a/sdk/go/arvados/api.go b/sdk/go/arvados/api.go
index ff0dcf75a..cec6e26b6 100644
--- a/sdk/go/arvados/api.go
+++ b/sdk/go/arvados/api.go
@@ -56,6 +56,7 @@ var (
EndpointUserUpdate = APIEndpoint{"PATCH", "arvados/v1/users/{uuid}", "user"}
EndpointUserUpdateUUID = APIEndpoint{"POST", "arvados/v1/users/{uuid}/update_uuid", ""}
EndpointUserBatchUpdate = APIEndpoint{"PATCH", "arvados/v1/users/batch", ""}
+ EndpointUserAuthenticate = APIEndpoint{"POST", "arvados/v1/users/authenticate", ""}
EndpointAPIClientAuthorizationCurrent = APIEndpoint{"GET", "arvados/v1/api_client_authorizations/current", ""}
)
@@ -136,10 +137,13 @@ type DeleteOptions struct {
}
type LoginOptions struct {
- ReturnTo string `json:"return_to"` // On success, redirect to this target with api_token=xxx query param
- Remote string `json:"remote,omitempty"` // Salt token for remote Cluster ID
- Code string `json:"code,omitempty"` // OAuth2 callback code
- State string `json:"state,omitempty"` // OAuth2 callback state
+ ReturnTo string `json:"return_to"` // On success, redirect to this target with api_token=xxx query param
+ Remote string `json:"remote,omitempty"` // Salt token for remote Cluster ID
+ Code string `json:"code,omitempty"` // OAuth2 callback code
+ State string `json:"state,omitempty"` // OAuth2 callback state
+}
+
+type UserAuthenticateOptions struct {
Username string `json:"username,omitempty"` // PAM username
Password string `json:"password,omitempty"` // PAM password
}
@@ -186,5 +190,6 @@ type API interface {
UserList(ctx context.Context, options ListOptions) (UserList, error)
UserDelete(ctx context.Context, options DeleteOptions) (User, error)
UserBatchUpdate(context.Context, UserBatchUpdateOptions) (UserList, error)
+ UserAuthenticate(ctx context.Context, options UserAuthenticateOptions) (APIClientAuthorization, error)
APIClientAuthorizationCurrent(ctx context.Context, options GetOptions) (APIClientAuthorization, error)
}
diff --git a/sdk/go/arvados/login.go b/sdk/go/arvados/login.go
index 26c04b2c1..9178cc6a2 100644
--- a/sdk/go/arvados/login.go
+++ b/sdk/go/arvados/login.go
@@ -6,14 +6,11 @@ package arvados
import (
"bytes"
- "encoding/json"
"net/http"
)
type LoginResponse struct {
RedirectLocation string `json:"redirect_location,omitempty"`
- Token string `json:"token,omitempty"`
- Message string `json:"message,omitempty"`
HTML bytes.Buffer `json:"-"`
}
@@ -22,12 +19,6 @@ func (resp LoginResponse) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if resp.RedirectLocation != "" {
w.Header().Set("Location", resp.RedirectLocation)
w.WriteHeader(http.StatusFound)
- } else if resp.Token != "" || resp.Message != "" {
- w.Header().Set("Content-Type", "application/json")
- if resp.Token == "" {
- w.WriteHeader(http.StatusUnauthorized)
- }
- json.NewEncoder(w).Encode(resp)
} else {
w.Header().Set("Content-Type", "text/html")
w.Write(resp.HTML.Bytes())
diff --git a/sdk/go/arvadostest/api.go b/sdk/go/arvadostest/api.go
index 9019d33cf..fa5f53936 100644
--- a/sdk/go/arvadostest/api.go
+++ b/sdk/go/arvadostest/api.go
@@ -177,6 +177,10 @@ func (as *APIStub) UserBatchUpdate(ctx context.Context, options arvados.UserBatc
as.appendCall(as.UserBatchUpdate, ctx, options)
return arvados.UserList{}, as.Error
}
+func (as *APIStub) UserAuthenticate(ctx context.Context, options arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ as.appendCall(as.UserAuthenticate, ctx, options)
+ return arvados.APIClientAuthorization{}, as.Error
+}
func (as *APIStub) APIClientAuthorizationCurrent(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) {
as.appendCall(as.APIClientAuthorizationCurrent, ctx, options)
return arvados.APIClientAuthorization{}, as.Error
commit 9a2ccbcd3cceca032c2d1303b434ecacfb2209f4
Author: Tom Clegg <tom at tomclegg.ca>
Date: Mon Mar 30 12:44:53 2020 -0400
16212: Allow X-Http-Method-Override header in CORS requests.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/lib/controller/router/router.go b/lib/controller/router/router.go
index 69d707703..bb6d90558 100644
--- a/lib/controller/router/router.go
+++ b/lib/controller/router/router.go
@@ -386,7 +386,7 @@ func (rtr *router) ServeHTTP(w http.ResponseWriter, r *http.Request) {
default:
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, PUT, POST, PATCH, DELETE")
- w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+ w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Http-Method-Override")
w.Header().Set("Access-Control-Max-Age", "86486400")
}
if r.Method == "OPTIONS" {
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list