[ARVADOS] created: 2.1.0-1872-g038585ecc
Git user
git at public.arvados.org
Thu Feb 3 18:59:11 UTC 2022
at 038585ecce8564f8ebd5f5b28b3909593b1b45ec (commit)
commit 038585ecce8564f8ebd5f5b28b3909593b1b45ec
Author: Ward Vandewege <ward at curii.com>
Date: Thu Feb 3 13:58:39 2022 -0500
18676: simplify AnonymousUserToken configuration.
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>
diff --git a/lib/boot/seed.go b/lib/boot/seed.go
index bd1e94265..b43d90720 100644
--- a/lib/boot/seed.go
+++ b/lib/boot/seed.go
@@ -27,9 +27,5 @@ func (seedDatabase) Run(ctx context.Context, fail func(error), super *Supervisor
if err != nil {
return err
}
- err = super.RunProgram(ctx, "services/api", runOptions{env: railsEnv}, "bundle", "exec", "./script/get_anonymous_user_token.rb")
- if err != nil {
- return err
- }
return nil
}
diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 17bba5410..a7ce98285 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -294,9 +294,7 @@ Clusters:
NewInactiveUserNotificationRecipients: {}
# Set AnonymousUserToken to enable anonymous user access. Populate this
- # field with a long random string. Then run "bundle exec
- # ./script/get_anonymous_user_token.rb" in the directory where your API
- # server is running to record the token in the database.
+ # field with a random string at least 50 characters long.
AnonymousUserToken: ""
# If a new user has an alternate email address (local at domain)
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 7c7ed759c..26853c349 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -111,6 +111,17 @@ class ApiClientAuthorization < ArvadosModel
clnt
end
+ def self.check_anonymous_user_token token
+ if token.length >= 50 and token == Rails.configuration.Users.AnonymousUserToken
+ return ApiClientAuthorization.new(user: User.find_by_uuid(anonymous_user_uuid),
+ uuid: Rails.configuration.ClusterID+"-gj3su-anonymouspublic",
+ api_token: token,
+ api_client: anonymous_user_token_api_client)
+ else
+ return nil
+ end
+ end
+
def self.check_system_root_token token
if token == Rails.configuration.SystemRootToken
return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
@@ -126,6 +137,11 @@ class ApiClientAuthorization < ArvadosModel
return nil if token.nil? or token.empty?
remote ||= Rails.configuration.ClusterID
+ auth = self.check_anonymous_user_token(token)
+ if !auth.nil?
+ return auth
+ end
+
auth = self.check_system_root_token(token)
if !auth.nil?
return auth
diff --git a/services/api/app/models/database_seeds.rb b/services/api/app/models/database_seeds.rb
index 67bd3d10d..e0ae850ae 100644
--- a/services/api/app/models/database_seeds.rb
+++ b/services/api/app/models/database_seeds.rb
@@ -14,6 +14,7 @@ class DatabaseSeeds
anonymous_group
anonymous_group_read_permission
anonymous_user
+ anonymous_user_token_api_client
system_root_token_api_client
public_project_group
public_project_read_permission
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 37e86976c..ee666b77a 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -225,6 +225,16 @@ module CurrentApiClient
end
end
+ def anonymous_user_token_api_client
+ $anonymous_user_token_api_client = check_cache $anonymous_user_token_api_client do
+ act_as_system_user do
+ ActiveRecord::Base.transaction do
+ ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken")
+ end
+ end
+ end
+ end
+
def system_root_token_api_client
$system_root_token_api_client = check_cache $system_root_token_api_client do
act_as_system_user do
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list