[ARVADOS] updated: 2.1.0-1932-g608e8f79c

Git user git at public.arvados.org
Fri Feb 18 13:34:44 UTC 2022


Summary of changes:
 lib/config/load.go                                  | 2 +-
 services/api/app/models/api_client_authorization.rb | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

       via  608e8f79c3fb5cb7077fce4a0b497c5c93d6d6d0 (commit)
      from  63645c871246a61a2148b259f10d2fedf30e8df8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 608e8f79c3fb5cb7077fce4a0b497c5c93d6d6d0
Author: Ward Vandewege <ward at curii.com>
Date:   Fri Feb 18 08:34:02 2022 -0500

    18676: make v2 token check more strict, and add the ["GET /"] scope to
           the new anonymous token code path.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/lib/config/load.go b/lib/config/load.go
index 7136c60e4..8d498af17 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -358,7 +358,7 @@ func (ldr *Loader) checkToken(label, token string, mandatory bool, acceptV2 bool
 		if len(tmp) != 3 {
 			return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
 		}
-		if strings.Index(token, "v2/") == -1 {
+		if !strings.HasPrefix(token, "v2/") {
 			return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
 		}
 		ldr.Logger.Warnf("%s: token is a full V2 token, should just be a secret (remove everything up to and including the last forward slash)", label)
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index f8454029d..c74c1ce5b 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -130,7 +130,8 @@ class ApiClientAuthorization < ArvadosModel
       return ApiClientAuthorization.new(user: User.find_by_uuid(anonymous_user_uuid),
                                         uuid: Rails.configuration.ClusterID+"-gj3su-anonymouspublic",
                                         api_token: token,
-                                        api_client: anonymous_user_token_api_client)
+                                        api_client: anonymous_user_token_api_client,
+                                        scopes: ['GET /'])
     else
       return nil
     end

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list