[ARVADOS] updated: 2.1.0-1876-ged819c31e
Git user
git at public.arvados.org
Mon Feb 14 17:43:24 UTC 2022
Summary of changes:
lib/config/load.go | 16 ++++++++++------
services/api/app/models/api_client_authorization.rb | 4 ++--
2 files changed, 12 insertions(+), 8 deletions(-)
via ed819c31e008c296d9780747d54ba716708d451c (commit)
from 053f74285455278bed87cd4b3dc0df2adffb3b9c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit ed819c31e008c296d9780747d54ba716708d451c
Author: Ward Vandewege <ward at curii.com>
Date: Mon Feb 14 12:43:15 2022 -0500
18676: more tweaks after review comments: clarify logic in checkToken
(lib/config/load.go), and make sure that we also check the uuid
when we match the anonymous user token, when it is supplied as
a V2 token.
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>
diff --git a/lib/config/load.go b/lib/config/load.go
index 418a400e6..aa7520ca2 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -335,14 +335,18 @@ var acceptableTokenRe = regexp.MustCompile(`^[a-zA-Z0-9]+$`)
var acceptableTokenLength = 32
func (ldr *Loader) checkToken(label, token string, mandatory bool) error {
- // when a token is not mandatory, the acceptable length and content is only checked if its length is non-zero
- if mandatory && token == "" {
- if ldr.Logger != nil {
- ldr.Logger.Warnf("%s: secret token is not set (use %d+ random characters from a-z, A-Z, 0-9)", label, acceptableTokenLength)
+ if len(token) == 0 {
+ if !mandatory {
+ // when a token is not mandatory, the acceptable length and content is only checked if its length is non-zero
+ return nil
+ } else {
+ if ldr.Logger != nil {
+ ldr.Logger.Warnf("%s: secret token is not set (use %d+ random characters from a-z, A-Z, 0-9)", label, acceptableTokenLength)
+ }
}
- } else if (mandatory || len(token) > 0) && !acceptableTokenRe.MatchString(token) {
+ } else if !acceptableTokenRe.MatchString(token) {
return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
- } else if (mandatory || len(token) > 0) && len(token) < acceptableTokenLength {
+ } else if len(token) < acceptableTokenLength {
if ldr.Logger != nil {
ldr.Logger.Warnf("%s: token is too short (should be at least %d characters)", label, acceptableTokenLength)
}
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index a6beaa07a..3faa05fa7 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -115,8 +115,8 @@ class ApiClientAuthorization < ArvadosModel
case token[0..2]
when 'v2/'
_, token_uuid, secret, optional = token.split('/')
- unless token_uuid.andand.length == 27 && secret.andand.length.andand > 0
- # invalid token
+ unless token_uuid.andand.length == 27 && secret.andand.length.andand > 0 && token_uuid == anonymous_user_uuid
+ # not the anonymous user v2 token, or invalid token
return nil
end
else
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list