[ARVADOS] updated: 2.1.0-1873-gabd8c34dc

Git user git at public.arvados.org
Thu Feb 10 17:42:39 UTC 2022 

Summary of changes:
 doc/install/install-keep-web.html.textile.liquid    |  3 +--
 services/api/app/models/api_client_authorization.rb | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

       via  abd8c34dc8a21ff75fda2e60d6f2be9ef5722cb3 (commit)
      from  038585ecce8564f8ebd5f5b28b3909593b1b45ec (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit abd8c34dc8a21ff75fda2e60d6f2be9ef5722cb3
Author: Ward Vandewege <ward at curii.com>
Date:   Thu Feb 10 12:42:28 2022 -0500

    18676: make sure to handle V2 tokens properly.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/doc/install/install-keep-web.html.textile.liquid b/doc/install/install-keep-web.html.textile.liquid
index ea2ffb5e4..98c316548 100644
--- a/doc/install/install-keep-web.html.textile.liquid
+++ b/doc/install/install-keep-web.html.textile.liquid
@@ -109,8 +109,7 @@ h2(#update-config). Configure anonymous user token
 {% assign railsout = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" %}
 If you intend to use Keep-web to serve public data to anonymous clients, configure it with an anonymous token.
 
-# First, generate a long random string and put it in the @config.yml@ file, in the @AnonymousUserToken@ field.
-# Then, use the following command on the <strong>API server</strong> to register the anonymous user token in the database. {% include 'install_rails_command' %}
+# Generate a random string (>= 50 characters long) and put it in the @config.yml@ file, in the @AnonymousUserToken@ field.
 
 <notextile>
 <pre><code>    Users:
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 26853c349..f4bf4f069 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -112,7 +112,19 @@ class ApiClientAuthorization < ArvadosModel
   end
 
   def self.check_anonymous_user_token token
-    if token.length >= 50 and token == Rails.configuration.Users.AnonymousUserToken
+    case token[0..2]
+    when 'v2/'
+      _, token_uuid, secret, optional = token.split('/')
+      unless token_uuid.andand.length == 27 && secret.andand.length.andand > 0
+        # invalid token
+        return nil
+      end
+    else
+      # v1 token
+      secret = token
+    end
+
+    if secret.length >= 50 and secret == Rails.configuration.Users.AnonymousUserToken
       return ApiClientAuthorization.new(user: User.find_by_uuid(anonymous_user_uuid),
                                         uuid: Rails.configuration.ClusterID+"-gj3su-anonymouspublic",
                                         api_token: token,

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list