1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
20 "git.arvados.org/arvados.git/lib/config"
21 "git.arvados.org/arvados.git/sdk/go/arvados"
22 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
23 "git.arvados.org/arvados.git/sdk/go/arvadostest"
24 "git.arvados.org/arvados.git/sdk/go/auth"
25 "git.arvados.org/arvados.git/sdk/go/ctxlog"
26 "git.arvados.org/arvados.git/sdk/go/keepclient"
27 check "gopkg.in/check.v1"
30 var _ = check.Suite(&UnitSuite{})
32 type UnitSuite struct {
33 Config *arvados.Config
36 func (s *UnitSuite) SetUpTest(c *check.C) {
37 ldr := config.NewLoader(bytes.NewBufferString("Clusters: {zzzzz: {}}"), ctxlog.TestLogger(c))
39 cfg, err := ldr.Load()
40 c.Assert(err, check.IsNil)
44 func (s *UnitSuite) TestCORSPreflight(c *check.C) {
45 h := handler{Config: newConfig(s.Config)}
46 u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo")
51 RequestURI: u.RequestURI(),
53 "Origin": {"https://workbench.example"},
54 "Access-Control-Request-Method": {"POST"},
58 // Check preflight for an allowed request
59 resp := httptest.NewRecorder()
60 h.ServeHTTP(resp, req)
61 c.Check(resp.Code, check.Equals, http.StatusOK)
62 c.Check(resp.Body.String(), check.Equals, "")
63 c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
64 c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
65 c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout")
67 // Check preflight for a disallowed request
68 resp = httptest.NewRecorder()
69 req.Header.Set("Access-Control-Request-Method", "MAKE-COFFEE")
70 h.ServeHTTP(resp, req)
71 c.Check(resp.Body.String(), check.Equals, "")
72 c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed)
75 func (s *UnitSuite) TestInvalidUUID(c *check.C) {
76 bogusID := strings.Replace(arvadostest.FooCollectionPDH, "+", "-", 1) + "-"
77 token := arvadostest.ActiveToken
78 for _, trial := range []string{
79 "http://keep-web/c=" + bogusID + "/foo",
80 "http://keep-web/c=" + bogusID + "/t=" + token + "/foo",
81 "http://keep-web/collections/download/" + bogusID + "/" + token + "/foo",
82 "http://keep-web/collections/" + bogusID + "/foo",
83 "http://" + bogusID + ".keep-web/" + bogusID + "/foo",
84 "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo",
87 u := mustParseURL(trial)
92 RequestURI: u.RequestURI(),
94 resp := httptest.NewRecorder()
95 cfg := newConfig(s.Config)
96 cfg.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
97 h := handler{Config: cfg}
98 h.ServeHTTP(resp, req)
99 c.Check(resp.Code, check.Equals, http.StatusNotFound)
103 func mustParseURL(s string) *url.URL {
104 r, err := url.Parse(s)
106 panic("parse URL: " + s)
111 func (s *IntegrationSuite) TestVhost404(c *check.C) {
112 for _, testURL := range []string{
113 arvadostest.NonexistentCollection + ".example.com/theperthcountyconspiracy",
114 arvadostest.NonexistentCollection + ".example.com/t=" + arvadostest.ActiveToken + "/theperthcountyconspiracy",
116 resp := httptest.NewRecorder()
117 u := mustParseURL(testURL)
118 req := &http.Request{
121 RequestURI: u.RequestURI(),
123 s.testServer.Handler.ServeHTTP(resp, req)
124 c.Check(resp.Code, check.Equals, http.StatusNotFound)
125 c.Check(resp.Body.String(), check.Equals, notFoundMessage+"\n")
129 // An authorizer modifies an HTTP request to make use of the given
130 // token -- by adding it to a header, cookie, query param, or whatever
131 // -- and returns the HTTP status code we should expect from keep-web if
132 // the token is invalid.
133 type authorizer func(*http.Request, string) int
135 func (s *IntegrationSuite) TestVhostViaAuthzHeader(c *check.C) {
136 s.doVhostRequests(c, authzViaAuthzHeader)
138 func authzViaAuthzHeader(r *http.Request, tok string) int {
139 r.Header.Add("Authorization", "OAuth2 "+tok)
140 return http.StatusUnauthorized
143 func (s *IntegrationSuite) TestVhostViaCookieValue(c *check.C) {
144 s.doVhostRequests(c, authzViaCookieValue)
146 func authzViaCookieValue(r *http.Request, tok string) int {
147 r.AddCookie(&http.Cookie{
148 Name: "arvados_api_token",
149 Value: auth.EncodeTokenCookie([]byte(tok)),
151 return http.StatusUnauthorized
154 func (s *IntegrationSuite) TestVhostViaPath(c *check.C) {
155 s.doVhostRequests(c, authzViaPath)
157 func authzViaPath(r *http.Request, tok string) int {
158 r.URL.Path = "/t=" + tok + r.URL.Path
159 return http.StatusNotFound
162 func (s *IntegrationSuite) TestVhostViaQueryString(c *check.C) {
163 s.doVhostRequests(c, authzViaQueryString)
165 func authzViaQueryString(r *http.Request, tok string) int {
166 r.URL.RawQuery = "api_token=" + tok
167 return http.StatusUnauthorized
170 func (s *IntegrationSuite) TestVhostViaPOST(c *check.C) {
171 s.doVhostRequests(c, authzViaPOST)
173 func authzViaPOST(r *http.Request, tok string) int {
175 r.Header.Add("Content-Type", "application/x-www-form-urlencoded")
176 r.Body = ioutil.NopCloser(strings.NewReader(
177 url.Values{"api_token": {tok}}.Encode()))
178 return http.StatusUnauthorized
181 func (s *IntegrationSuite) TestVhostViaXHRPOST(c *check.C) {
182 s.doVhostRequests(c, authzViaPOST)
184 func authzViaXHRPOST(r *http.Request, tok string) int {
186 r.Header.Add("Content-Type", "application/x-www-form-urlencoded")
187 r.Header.Add("Origin", "https://origin.example")
188 r.Body = ioutil.NopCloser(strings.NewReader(
191 "disposition": {"attachment"},
193 return http.StatusUnauthorized
196 // Try some combinations of {url, token} using the given authorization
197 // mechanism, and verify the result is correct.
198 func (s *IntegrationSuite) doVhostRequests(c *check.C, authz authorizer) {
199 for _, hostPath := range []string{
200 arvadostest.FooCollection + ".example.com/foo",
201 arvadostest.FooCollection + "--collections.example.com/foo",
202 arvadostest.FooCollection + "--collections.example.com/_/foo",
203 arvadostest.FooCollectionPDH + ".example.com/foo",
204 strings.Replace(arvadostest.FooCollectionPDH, "+", "-", -1) + "--collections.example.com/foo",
205 arvadostest.FooBarDirCollection + ".example.com/dir1/foo",
207 c.Log("doRequests: ", hostPath)
208 s.doVhostRequestsWithHostPath(c, authz, hostPath)
212 func (s *IntegrationSuite) doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) {
213 for _, tok := range []string{
214 arvadostest.ActiveToken,
215 arvadostest.ActiveToken[:15],
216 arvadostest.SpectatorToken,
220 u := mustParseURL("http://" + hostPath)
221 req := &http.Request{
225 RequestURI: u.RequestURI(),
226 Header: http.Header{},
228 failCode := authz(req, tok)
229 req, resp := s.doReq(req)
230 code, body := resp.Code, resp.Body.String()
232 // If the initial request had a (non-empty) token
233 // showing in the query string, we should have been
234 // redirected in order to hide it in a cookie.
235 c.Check(req.URL.String(), check.Not(check.Matches), `.*api_token=.+`)
237 if tok == arvadostest.ActiveToken {
238 c.Check(code, check.Equals, http.StatusOK)
239 c.Check(body, check.Equals, "foo")
242 c.Check(code >= 400, check.Equals, true)
243 c.Check(code < 500, check.Equals, true)
244 if tok == arvadostest.SpectatorToken {
245 // Valid token never offers to retry
246 // with different credentials.
247 c.Check(code, check.Equals, http.StatusNotFound)
249 // Invalid token can ask to retry
250 // depending on the authz method.
251 c.Check(code, check.Equals, failCode)
254 c.Check(body, check.Equals, notFoundMessage+"\n")
256 c.Check(body, check.Equals, unauthorizedMessage+"\n")
262 func (s *IntegrationSuite) doReq(req *http.Request) (*http.Request, *httptest.ResponseRecorder) {
263 resp := httptest.NewRecorder()
264 s.testServer.Handler.ServeHTTP(resp, req)
265 if resp.Code != http.StatusSeeOther {
268 cookies := (&http.Response{Header: resp.Header()}).Cookies()
269 u, _ := req.URL.Parse(resp.Header().Get("Location"))
274 RequestURI: u.RequestURI(),
275 Header: http.Header{},
277 for _, c := range cookies {
283 func (s *IntegrationSuite) TestVhostRedirectQueryTokenToCookie(c *check.C) {
284 s.testVhostRedirectTokenToCookie(c, "GET",
285 arvadostest.FooCollection+".example.com/foo",
286 "?api_token="+arvadostest.ActiveToken,
294 func (s *IntegrationSuite) TestSingleOriginSecretLink(c *check.C) {
295 s.testVhostRedirectTokenToCookie(c, "GET",
296 "example.com/c="+arvadostest.FooCollection+"/t="+arvadostest.ActiveToken+"/foo",
305 // Bad token in URL is 404 Not Found because it doesn't make sense to
306 // retry the same URL with different authorization.
307 func (s *IntegrationSuite) TestSingleOriginSecretLinkBadToken(c *check.C) {
308 s.testVhostRedirectTokenToCookie(c, "GET",
309 "example.com/c="+arvadostest.FooCollection+"/t=bogus/foo",
314 notFoundMessage+"\n",
318 // Bad token in a cookie (even if it got there via our own
319 // query-string-to-cookie redirect) is, in principle, retryable at the
320 // same URL so it's 401 Unauthorized.
321 func (s *IntegrationSuite) TestVhostRedirectQueryTokenToBogusCookie(c *check.C) {
322 s.testVhostRedirectTokenToCookie(c, "GET",
323 arvadostest.FooCollection+".example.com/foo",
324 "?api_token=thisisabogustoken",
327 http.StatusUnauthorized,
328 unauthorizedMessage+"\n",
332 func (s *IntegrationSuite) TestVhostRedirectQueryTokenSingleOriginError(c *check.C) {
333 s.testVhostRedirectTokenToCookie(c, "GET",
334 "example.com/c="+arvadostest.FooCollection+"/foo",
335 "?api_token="+arvadostest.ActiveToken,
338 http.StatusBadRequest,
339 "cannot serve inline content at this URL (possible configuration error; see https://doc.arvados.org/install/install-keep-web.html#dns)\n",
343 // If client requests an attachment by putting ?disposition=attachment
344 // in the query string, and gets redirected, the redirect target
345 // should respond with an attachment.
346 func (s *IntegrationSuite) TestVhostRedirectQueryTokenRequestAttachment(c *check.C) {
347 resp := s.testVhostRedirectTokenToCookie(c, "GET",
348 arvadostest.FooCollection+".example.com/foo",
349 "?disposition=attachment&api_token="+arvadostest.ActiveToken,
355 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
358 func (s *IntegrationSuite) TestVhostRedirectQueryTokenSiteFS(c *check.C) {
359 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
360 resp := s.testVhostRedirectTokenToCookie(c, "GET",
361 "download.example.com/by_id/"+arvadostest.FooCollection+"/foo",
362 "?api_token="+arvadostest.ActiveToken,
368 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
371 func (s *IntegrationSuite) TestPastCollectionVersionFileAccess(c *check.C) {
372 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
373 resp := s.testVhostRedirectTokenToCookie(c, "GET",
374 "download.example.com/c="+arvadostest.WazVersion1Collection+"/waz",
375 "?api_token="+arvadostest.ActiveToken,
381 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
382 resp = s.testVhostRedirectTokenToCookie(c, "GET",
383 "download.example.com/by_id/"+arvadostest.WazVersion1Collection+"/waz",
384 "?api_token="+arvadostest.ActiveToken,
390 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
393 func (s *IntegrationSuite) TestVhostRedirectQueryTokenTrustAllContent(c *check.C) {
394 s.testServer.Config.cluster.Collections.TrustAllContent = true
395 s.testVhostRedirectTokenToCookie(c, "GET",
396 "example.com/c="+arvadostest.FooCollection+"/foo",
397 "?api_token="+arvadostest.ActiveToken,
405 func (s *IntegrationSuite) TestVhostRedirectQueryTokenAttachmentOnlyHost(c *check.C) {
406 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "example.com:1234"
408 s.testVhostRedirectTokenToCookie(c, "GET",
409 "example.com/c="+arvadostest.FooCollection+"/foo",
410 "?api_token="+arvadostest.ActiveToken,
413 http.StatusBadRequest,
414 "cannot serve inline content at this URL (possible configuration error; see https://doc.arvados.org/install/install-keep-web.html#dns)\n",
417 resp := s.testVhostRedirectTokenToCookie(c, "GET",
418 "example.com:1234/c="+arvadostest.FooCollection+"/foo",
419 "?api_token="+arvadostest.ActiveToken,
425 c.Check(resp.Header().Get("Content-Disposition"), check.Equals, "attachment")
428 func (s *IntegrationSuite) TestVhostRedirectPOSTFormTokenToCookie(c *check.C) {
429 s.testVhostRedirectTokenToCookie(c, "POST",
430 arvadostest.FooCollection+".example.com/foo",
432 "application/x-www-form-urlencoded",
433 url.Values{"api_token": {arvadostest.ActiveToken}}.Encode(),
439 func (s *IntegrationSuite) TestVhostRedirectPOSTFormTokenToCookie404(c *check.C) {
440 s.testVhostRedirectTokenToCookie(c, "POST",
441 arvadostest.FooCollection+".example.com/foo",
443 "application/x-www-form-urlencoded",
444 url.Values{"api_token": {arvadostest.SpectatorToken}}.Encode(),
446 notFoundMessage+"\n",
450 func (s *IntegrationSuite) TestAnonymousTokenOK(c *check.C) {
451 s.testServer.Config.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
452 s.testVhostRedirectTokenToCookie(c, "GET",
453 "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt",
462 func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) {
463 s.testServer.Config.cluster.Users.AnonymousUserToken = "anonymousTokenConfiguredButInvalid"
464 s.testVhostRedirectTokenToCookie(c, "GET",
465 "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt",
470 notFoundMessage+"\n",
474 func (s *IntegrationSuite) TestSpecialCharsInPath(c *check.C) {
475 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
477 client := s.testServer.Config.Client
478 client.AuthToken = arvadostest.ActiveToken
479 fs, err := (&arvados.Collection{}).FileSystem(&client, nil)
480 c.Assert(err, check.IsNil)
481 f, err := fs.OpenFile("https:\\\"odd' path chars", os.O_CREATE, 0777)
482 c.Assert(err, check.IsNil)
484 mtxt, err := fs.MarshalManifest(".")
485 c.Assert(err, check.IsNil)
486 var coll arvados.Collection
487 err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{
488 "collection": map[string]string{
489 "manifest_text": mtxt,
492 c.Assert(err, check.IsNil)
494 u, _ := url.Parse("http://download.example.com/c=" + coll.UUID + "/")
495 req := &http.Request{
499 RequestURI: u.RequestURI(),
501 "Authorization": {"Bearer " + client.AuthToken},
504 resp := httptest.NewRecorder()
505 s.testServer.Handler.ServeHTTP(resp, req)
506 c.Check(resp.Code, check.Equals, http.StatusOK)
507 c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./https:%5c%22odd%27%20path%20chars"\S+https:\\"odd' path chars.*`)
510 func (s *IntegrationSuite) TestForwardSlashSubstitution(c *check.C) {
511 arv := arvados.NewClientFromEnv()
512 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
513 s.testServer.Config.cluster.Collections.ForwardSlashNameSubstitution = "{SOLIDUS}"
514 name := "foo/bar/baz"
515 nameShown := strings.Replace(name, "/", "{SOLIDUS}", -1)
516 nameShownEscaped := strings.Replace(name, "/", "%7bSOLIDUS%7d", -1)
518 client := s.testServer.Config.Client
519 client.AuthToken = arvadostest.ActiveToken
520 fs, err := (&arvados.Collection{}).FileSystem(&client, nil)
521 c.Assert(err, check.IsNil)
522 f, err := fs.OpenFile("filename", os.O_CREATE, 0777)
523 c.Assert(err, check.IsNil)
525 mtxt, err := fs.MarshalManifest(".")
526 c.Assert(err, check.IsNil)
527 var coll arvados.Collection
528 err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{
529 "collection": map[string]string{
530 "manifest_text": mtxt,
532 "owner_uuid": arvadostest.AProjectUUID,
535 c.Assert(err, check.IsNil)
536 defer arv.RequestAndDecode(&coll, "DELETE", "arvados/v1/collections/"+coll.UUID, nil, nil)
538 base := "http://download.example.com/by_id/" + coll.OwnerUUID + "/"
539 for tryURL, expectRegexp := range map[string]string{
540 base: `(?ms).*href="./` + nameShownEscaped + `/"\S+` + nameShown + `.*`,
541 base + nameShownEscaped + "/": `(?ms).*href="./filename"\S+filename.*`,
543 u, _ := url.Parse(tryURL)
544 req := &http.Request{
548 RequestURI: u.RequestURI(),
550 "Authorization": {"Bearer " + client.AuthToken},
553 resp := httptest.NewRecorder()
554 s.testServer.Handler.ServeHTTP(resp, req)
555 c.Check(resp.Code, check.Equals, http.StatusOK)
556 c.Check(resp.Body.String(), check.Matches, expectRegexp)
560 // XHRs can't follow redirect-with-cookie so they rely on method=POST
561 // and disposition=attachment (telling us it's acceptable to respond
562 // with content instead of a redirect) and an Origin header that gets
563 // added automatically by the browser (telling us it's desirable to do
565 func (s *IntegrationSuite) TestXHRNoRedirect(c *check.C) {
566 u, _ := url.Parse("http://example.com/c=" + arvadostest.FooCollection + "/foo")
567 req := &http.Request{
571 RequestURI: u.RequestURI(),
573 "Origin": {"https://origin.example"},
574 "Content-Type": {"application/x-www-form-urlencoded"},
576 Body: ioutil.NopCloser(strings.NewReader(url.Values{
577 "api_token": {arvadostest.ActiveToken},
578 "disposition": {"attachment"},
581 resp := httptest.NewRecorder()
582 s.testServer.Handler.ServeHTTP(resp, req)
583 c.Check(resp.Code, check.Equals, http.StatusOK)
584 c.Check(resp.Body.String(), check.Equals, "foo")
585 c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
587 // GET + Origin header is representative of both AJAX GET
588 // requests and inline images via <IMG crossorigin="anonymous"
590 u.RawQuery = "api_token=" + url.QueryEscape(arvadostest.ActiveTokenV2)
595 RequestURI: u.RequestURI(),
597 "Origin": {"https://origin.example"},
600 resp = httptest.NewRecorder()
601 s.testServer.Handler.ServeHTTP(resp, req)
602 c.Check(resp.Code, check.Equals, http.StatusOK)
603 c.Check(resp.Body.String(), check.Equals, "foo")
604 c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
607 func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, hostPath, queryString, contentType, reqBody string, expectStatus int, expectRespBody string) *httptest.ResponseRecorder {
608 u, _ := url.Parse(`http://` + hostPath + queryString)
609 req := &http.Request{
613 RequestURI: u.RequestURI(),
614 Header: http.Header{"Content-Type": {contentType}},
615 Body: ioutil.NopCloser(strings.NewReader(reqBody)),
618 resp := httptest.NewRecorder()
620 c.Check(resp.Code, check.Equals, expectStatus)
621 c.Check(resp.Body.String(), check.Equals, expectRespBody)
624 s.testServer.Handler.ServeHTTP(resp, req)
625 if resp.Code != http.StatusSeeOther {
628 c.Check(resp.Body.String(), check.Matches, `.*href="http://`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`)
629 cookies := (&http.Response{Header: resp.Header()}).Cookies()
631 u, _ = u.Parse(resp.Header().Get("Location"))
636 RequestURI: u.RequestURI(),
637 Header: http.Header{},
639 for _, c := range cookies {
643 resp = httptest.NewRecorder()
644 s.testServer.Handler.ServeHTTP(resp, req)
645 c.Check(resp.Header().Get("Location"), check.Equals, "")
649 func (s *IntegrationSuite) TestDirectoryListingWithAnonymousToken(c *check.C) {
650 s.testServer.Config.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
651 s.testDirectoryListing(c)
654 func (s *IntegrationSuite) TestDirectoryListingWithNoAnonymousToken(c *check.C) {
655 s.testServer.Config.cluster.Users.AnonymousUserToken = ""
656 s.testDirectoryListing(c)
659 func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
660 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
661 authHeader := http.Header{
662 "Authorization": {"OAuth2 " + arvadostest.ActiveToken},
664 for _, trial := range []struct {
672 uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/",
674 expect: []string{"dir1/foo", "dir1/bar"},
678 uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/dir1/",
680 expect: []string{"foo", "bar"},
684 // URLs of this form ignore authHeader, and
685 // FooAndBarFilesInDirUUID isn't public, so
687 uri: "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/",
692 uri: "download.example.com/users/active/foo_file_in_dir/",
694 expect: []string{"dir1/"},
698 uri: "download.example.com/users/active/foo_file_in_dir/dir1/",
700 expect: []string{"bar"},
704 uri: "download.example.com/",
706 expect: []string{"users/"},
710 uri: "download.example.com/users",
713 expect: []string{"active/"},
717 uri: "download.example.com/users/",
719 expect: []string{"active/"},
723 uri: "download.example.com/users/active",
725 redirect: "/users/active/",
726 expect: []string{"foo_file_in_dir/"},
730 uri: "download.example.com/users/active/",
732 expect: []string{"foo_file_in_dir/"},
736 uri: "collections.example.com/collections/download/" + arvadostest.FooAndBarFilesInDirUUID + "/" + arvadostest.ActiveToken + "/",
738 expect: []string{"dir1/foo", "dir1/bar"},
742 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken + "/",
744 expect: []string{"dir1/foo", "dir1/bar"},
748 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken,
750 expect: []string{"dir1/foo", "dir1/bar"},
754 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID,
756 expect: []string{"dir1/foo", "dir1/bar"},
760 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1",
762 redirect: "/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/",
763 expect: []string{"foo", "bar"},
767 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/_/dir1/",
769 expect: []string{"foo", "bar"},
773 uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken,
776 expect: []string{"foo", "bar"},
780 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/theperthcountyconspiracydoesnotexist/",
785 uri: "download.example.com/c=" + arvadostest.WazVersion1Collection,
787 expect: []string{"waz"},
791 uri: "download.example.com/by_id/" + arvadostest.WazVersion1Collection,
793 expect: []string{"waz"},
797 comment := check.Commentf("HTML: %q => %q", trial.uri, trial.expect)
798 resp := httptest.NewRecorder()
799 u := mustParseURL("//" + trial.uri)
800 req := &http.Request{
804 RequestURI: u.RequestURI(),
805 Header: copyHeader(trial.header),
807 s.testServer.Handler.ServeHTTP(resp, req)
808 var cookies []*http.Cookie
809 for resp.Code == http.StatusSeeOther {
810 u, _ := req.URL.Parse(resp.Header().Get("Location"))
815 RequestURI: u.RequestURI(),
816 Header: copyHeader(trial.header),
818 cookies = append(cookies, (&http.Response{Header: resp.Header()}).Cookies()...)
819 for _, c := range cookies {
822 resp = httptest.NewRecorder()
823 s.testServer.Handler.ServeHTTP(resp, req)
825 if trial.redirect != "" {
826 c.Check(req.URL.Path, check.Equals, trial.redirect, comment)
828 if trial.expect == nil {
829 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
831 c.Check(resp.Code, check.Equals, http.StatusOK, comment)
832 for _, e := range trial.expect {
833 c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./`+e+`".*`, comment)
835 c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`, comment)
838 comment = check.Commentf("WebDAV: %q => %q", trial.uri, trial.expect)
843 RequestURI: u.RequestURI(),
844 Header: copyHeader(trial.header),
845 Body: ioutil.NopCloser(&bytes.Buffer{}),
847 resp = httptest.NewRecorder()
848 s.testServer.Handler.ServeHTTP(resp, req)
849 if trial.expect == nil {
850 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
852 c.Check(resp.Code, check.Equals, http.StatusOK, comment)
859 RequestURI: u.RequestURI(),
860 Header: copyHeader(trial.header),
861 Body: ioutil.NopCloser(&bytes.Buffer{}),
863 resp = httptest.NewRecorder()
864 s.testServer.Handler.ServeHTTP(resp, req)
865 if trial.expect == nil {
866 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
868 c.Check(resp.Code, check.Equals, http.StatusMultiStatus, comment)
869 for _, e := range trial.expect {
870 if strings.HasSuffix(e, "/") {
871 e = filepath.Join(u.Path, e) + "/"
873 e = filepath.Join(u.Path, e)
875 c.Check(resp.Body.String(), check.Matches, `(?ms).*<D:href>`+e+`</D:href>.*`, comment)
881 func (s *IntegrationSuite) TestDeleteLastFile(c *check.C) {
882 arv := arvados.NewClientFromEnv()
883 var newCollection arvados.Collection
884 err := arv.RequestAndDecode(&newCollection, "POST", "arvados/v1/collections", nil, map[string]interface{}{
885 "collection": map[string]string{
886 "owner_uuid": arvadostest.ActiveUserUUID,
887 "manifest_text": ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo.txt 0:3:bar.txt\n",
888 "name": "keep-web test collection",
890 "ensure_unique_name": true,
892 c.Assert(err, check.IsNil)
893 defer arv.RequestAndDecode(&newCollection, "DELETE", "arvados/v1/collections/"+newCollection.UUID, nil, nil)
895 var updated arvados.Collection
896 for _, fnm := range []string{"foo.txt", "bar.txt"} {
897 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "example.com"
898 u, _ := url.Parse("http://example.com/c=" + newCollection.UUID + "/" + fnm)
899 req := &http.Request{
903 RequestURI: u.RequestURI(),
905 "Authorization": {"Bearer " + arvadostest.ActiveToken},
908 resp := httptest.NewRecorder()
909 s.testServer.Handler.ServeHTTP(resp, req)
910 c.Check(resp.Code, check.Equals, http.StatusNoContent)
912 updated = arvados.Collection{}
913 err = arv.RequestAndDecode(&updated, "GET", "arvados/v1/collections/"+newCollection.UUID, nil, nil)
914 c.Check(err, check.IsNil)
915 c.Check(updated.ManifestText, check.Not(check.Matches), `(?ms).*\Q`+fnm+`\E.*`)
916 c.Logf("updated manifest_text %q", updated.ManifestText)
918 c.Check(updated.ManifestText, check.Equals, "")
921 func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) {
922 s.testServer.Config.cluster.ManagementToken = arvadostest.ManagementToken
923 authHeader := http.Header{
924 "Authorization": {"Bearer " + arvadostest.ManagementToken},
927 resp := httptest.NewRecorder()
928 u := mustParseURL("http://download.example.com/_health/ping")
929 req := &http.Request{
933 RequestURI: u.RequestURI(),
936 s.testServer.Handler.ServeHTTP(resp, req)
938 c.Check(resp.Code, check.Equals, http.StatusOK)
939 c.Check(resp.Body.String(), check.Matches, `{"health":"OK"}\n`)
942 func (s *IntegrationSuite) TestFileContentType(c *check.C) {
943 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
945 client := s.testServer.Config.Client
946 client.AuthToken = arvadostest.ActiveToken
947 arv, err := arvadosclient.New(&client)
948 c.Assert(err, check.Equals, nil)
949 kc, err := keepclient.MakeKeepClient(arv)
950 c.Assert(err, check.Equals, nil)
952 fs, err := (&arvados.Collection{}).FileSystem(&client, kc)
953 c.Assert(err, check.IsNil)
960 {"picture.txt", "BMX bikes are small this year\n", "text/plain; charset=utf-8"},
961 {"picture.bmp", "BMX bikes are small this year\n", "image/x-ms-bmp"},
962 {"picture.jpg", "BMX bikes are small this year\n", "image/jpeg"},
963 {"picture1", "BMX bikes are small this year\n", "image/bmp"}, // content sniff; "BM" is the magic signature for .bmp
964 {"picture2", "Cars are small this year\n", "text/plain; charset=utf-8"}, // content sniff
966 for _, trial := range trials {
967 f, err := fs.OpenFile(trial.filename, os.O_CREATE|os.O_WRONLY, 0777)
968 c.Assert(err, check.IsNil)
969 _, err = f.Write([]byte(trial.content))
970 c.Assert(err, check.IsNil)
971 c.Assert(f.Close(), check.IsNil)
973 mtxt, err := fs.MarshalManifest(".")
974 c.Assert(err, check.IsNil)
975 var coll arvados.Collection
976 err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{
977 "collection": map[string]string{
978 "manifest_text": mtxt,
981 c.Assert(err, check.IsNil)
983 for _, trial := range trials {
984 u, _ := url.Parse("http://download.example.com/by_id/" + coll.UUID + "/" + trial.filename)
985 req := &http.Request{
989 RequestURI: u.RequestURI(),
991 "Authorization": {"Bearer " + client.AuthToken},
994 resp := httptest.NewRecorder()
995 s.testServer.Handler.ServeHTTP(resp, req)
996 c.Check(resp.Code, check.Equals, http.StatusOK)
997 c.Check(resp.Header().Get("Content-Type"), check.Equals, trial.contentType)
998 c.Check(resp.Body.String(), check.Equals, trial.content)
1002 func (s *IntegrationSuite) TestKeepClientBlockCache(c *check.C) {
1003 s.testServer.Config.cluster.Collections.WebDAVCache.MaxBlockEntries = 42
1004 c.Check(keepclient.DefaultBlockCache.MaxBlocks, check.Not(check.Equals), 42)
1005 u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/t=" + arvadostest.ActiveToken + "/foo")
1006 req := &http.Request{
1010 RequestURI: u.RequestURI(),
1012 resp := httptest.NewRecorder()
1013 s.testServer.Handler.ServeHTTP(resp, req)
1014 c.Check(resp.Code, check.Equals, http.StatusOK)
1015 c.Check(keepclient.DefaultBlockCache.MaxBlocks, check.Equals, 42)
1018 func copyHeader(h http.Header) http.Header {
1020 for k, v := range h {
1021 hc[k] = append([]string(nil), v...)
projects / arvados.git / blob