[ARVADOS] updated: 2.1.0-2170-gcb8070298

Git user git at public.arvados.org
Mon Apr 4 19:01:39 UTC 2022 

Summary of changes:
 lib/controller/integration_test.go                  | 9 +++++++++
 services/api/app/models/api_client_authorization.rb | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

       via  cb807029865aacbc54dc88b524ee55f3c5bfd327 (commit)
      from  03a058154008f9c0bd8cfca0ab5ba891252a48d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit cb807029865aacbc54dc88b524ee55f3c5bfd327
Author: Ward Vandewege <ward at curii.com>
Date:   Mon Apr 4 15:01:18 2022 -0400

    18887: Fix salted_secret check. Add test.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index 442c9a6df..b71c4afb5 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -418,6 +418,15 @@ func (s *IntegrationSuite) TestForwardAnonymousTokenToLoginCluster(c *check.C) {
 	)
 	// The local z3333 anonymous token must be allowed to be forwarded to the login cluster
 	c.Check(err, check.IsNil)
+
+	userac1.AuthToken = "v2/z1111-gj3su-asdfasdfasdfasd/this-token-does-not-validate-so-anonymous-token-will-be-used-instead"
+	err = userac1.RequestAndDecode(&userList, "GET", "/arvados/v1/users", nil,
+		map[string]interface{}{
+			"reader_tokens": []string{anon3Auth.TokenV2()},
+			"where":         where,
+		},
+	)
+	c.Check(err, check.IsNil)
 }
 
 // Get a token from the login cluster (z1111), use it to submit a
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 726061a4a..52922d32b 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -131,7 +131,7 @@ class ApiClientAuthorization < ArvadosModel
     end
 
     # Usually, the secret is salted
-    salted_secret = OpenSSL::HMAC.hexdigest('sha1', secret, remote)
+    salted_secret = OpenSSL::HMAC.hexdigest('sha1', Rails.configuration.Users.AnonymousUserToken, remote)
 
     # The anonymous token could be specified as a full v2 token in the config,
     # but the config loader strips it down to the secret part.

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list