1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
20 "git.arvados.org/arvados.git/lib/config"
21 "git.arvados.org/arvados.git/sdk/go/arvados"
22 "git.arvados.org/arvados.git/sdk/go/arvadostest"
23 "git.arvados.org/arvados.git/sdk/go/auth"
24 "git.arvados.org/arvados.git/sdk/go/ctxlog"
25 "git.arvados.org/arvados.git/sdk/go/keepclient"
26 check "gopkg.in/check.v1"
29 var _ = check.Suite(&UnitSuite{})
31 type UnitSuite struct {
32 Config *arvados.Config
35 func (s *UnitSuite) SetUpTest(c *check.C) {
36 ldr := config.NewLoader(bytes.NewBufferString("Clusters: {zzzzz: {}}"), ctxlog.TestLogger(c))
38 cfg, err := ldr.Load()
39 c.Assert(err, check.IsNil)
43 func (s *UnitSuite) TestKeepClientBlockCache(c *check.C) {
44 cfg := newConfig(s.Config)
45 cfg.cluster.Collections.WebDAVCache.MaxBlockEntries = 42
46 h := handler{Config: cfg}
47 c.Check(keepclient.DefaultBlockCache.MaxBlocks, check.Not(check.Equals), cfg.cluster.Collections.WebDAVCache.MaxBlockEntries)
48 u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/t=" + arvadostest.ActiveToken + "/foo")
53 RequestURI: u.RequestURI(),
55 resp := httptest.NewRecorder()
56 h.ServeHTTP(resp, req)
57 c.Check(resp.Code, check.Equals, http.StatusOK)
58 c.Check(keepclient.DefaultBlockCache.MaxBlocks, check.Equals, cfg.cluster.Collections.WebDAVCache.MaxBlockEntries)
61 func (s *UnitSuite) TestCORSPreflight(c *check.C) {
62 h := handler{Config: newConfig(s.Config)}
63 u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo")
68 RequestURI: u.RequestURI(),
70 "Origin": {"https://workbench.example"},
71 "Access-Control-Request-Method": {"POST"},
75 // Check preflight for an allowed request
76 resp := httptest.NewRecorder()
77 h.ServeHTTP(resp, req)
78 c.Check(resp.Code, check.Equals, http.StatusOK)
79 c.Check(resp.Body.String(), check.Equals, "")
80 c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
81 c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
82 c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout")
84 // Check preflight for a disallowed request
85 resp = httptest.NewRecorder()
86 req.Header.Set("Access-Control-Request-Method", "MAKE-COFFEE")
87 h.ServeHTTP(resp, req)
88 c.Check(resp.Body.String(), check.Equals, "")
89 c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed)
92 func (s *UnitSuite) TestInvalidUUID(c *check.C) {
93 bogusID := strings.Replace(arvadostest.FooCollectionPDH, "+", "-", 1) + "-"
94 token := arvadostest.ActiveToken
95 for _, trial := range []string{
96 "http://keep-web/c=" + bogusID + "/foo",
97 "http://keep-web/c=" + bogusID + "/t=" + token + "/foo",
98 "http://keep-web/collections/download/" + bogusID + "/" + token + "/foo",
99 "http://keep-web/collections/" + bogusID + "/foo",
100 "http://" + bogusID + ".keep-web/" + bogusID + "/foo",
101 "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo",
104 u := mustParseURL(trial)
105 req := &http.Request{
109 RequestURI: u.RequestURI(),
111 resp := httptest.NewRecorder()
112 cfg := newConfig(s.Config)
113 cfg.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
114 h := handler{Config: cfg}
115 h.ServeHTTP(resp, req)
116 c.Check(resp.Code, check.Equals, http.StatusNotFound)
120 func mustParseURL(s string) *url.URL {
121 r, err := url.Parse(s)
123 panic("parse URL: " + s)
128 func (s *IntegrationSuite) TestVhost404(c *check.C) {
129 for _, testURL := range []string{
130 arvadostest.NonexistentCollection + ".example.com/theperthcountyconspiracy",
131 arvadostest.NonexistentCollection + ".example.com/t=" + arvadostest.ActiveToken + "/theperthcountyconspiracy",
133 resp := httptest.NewRecorder()
134 u := mustParseURL(testURL)
135 req := &http.Request{
138 RequestURI: u.RequestURI(),
140 s.testServer.Handler.ServeHTTP(resp, req)
141 c.Check(resp.Code, check.Equals, http.StatusNotFound)
142 c.Check(resp.Body.String(), check.Equals, "")
146 // An authorizer modifies an HTTP request to make use of the given
147 // token -- by adding it to a header, cookie, query param, or whatever
148 // -- and returns the HTTP status code we should expect from keep-web if
149 // the token is invalid.
150 type authorizer func(*http.Request, string) int
152 func (s *IntegrationSuite) TestVhostViaAuthzHeader(c *check.C) {
153 s.doVhostRequests(c, authzViaAuthzHeader)
155 func authzViaAuthzHeader(r *http.Request, tok string) int {
156 r.Header.Add("Authorization", "OAuth2 "+tok)
157 return http.StatusUnauthorized
160 func (s *IntegrationSuite) TestVhostViaCookieValue(c *check.C) {
161 s.doVhostRequests(c, authzViaCookieValue)
163 func authzViaCookieValue(r *http.Request, tok string) int {
164 r.AddCookie(&http.Cookie{
165 Name: "arvados_api_token",
166 Value: auth.EncodeTokenCookie([]byte(tok)),
168 return http.StatusUnauthorized
171 func (s *IntegrationSuite) TestVhostViaPath(c *check.C) {
172 s.doVhostRequests(c, authzViaPath)
174 func authzViaPath(r *http.Request, tok string) int {
175 r.URL.Path = "/t=" + tok + r.URL.Path
176 return http.StatusNotFound
179 func (s *IntegrationSuite) TestVhostViaQueryString(c *check.C) {
180 s.doVhostRequests(c, authzViaQueryString)
182 func authzViaQueryString(r *http.Request, tok string) int {
183 r.URL.RawQuery = "api_token=" + tok
184 return http.StatusUnauthorized
187 func (s *IntegrationSuite) TestVhostViaPOST(c *check.C) {
188 s.doVhostRequests(c, authzViaPOST)
190 func authzViaPOST(r *http.Request, tok string) int {
192 r.Header.Add("Content-Type", "application/x-www-form-urlencoded")
193 r.Body = ioutil.NopCloser(strings.NewReader(
194 url.Values{"api_token": {tok}}.Encode()))
195 return http.StatusUnauthorized
198 func (s *IntegrationSuite) TestVhostViaXHRPOST(c *check.C) {
199 s.doVhostRequests(c, authzViaPOST)
201 func authzViaXHRPOST(r *http.Request, tok string) int {
203 r.Header.Add("Content-Type", "application/x-www-form-urlencoded")
204 r.Header.Add("Origin", "https://origin.example")
205 r.Body = ioutil.NopCloser(strings.NewReader(
208 "disposition": {"attachment"},
210 return http.StatusUnauthorized
213 // Try some combinations of {url, token} using the given authorization
214 // mechanism, and verify the result is correct.
215 func (s *IntegrationSuite) doVhostRequests(c *check.C, authz authorizer) {
216 for _, hostPath := range []string{
217 arvadostest.FooCollection + ".example.com/foo",
218 arvadostest.FooCollection + "--collections.example.com/foo",
219 arvadostest.FooCollection + "--collections.example.com/_/foo",
220 arvadostest.FooCollectionPDH + ".example.com/foo",
221 strings.Replace(arvadostest.FooCollectionPDH, "+", "-", -1) + "--collections.example.com/foo",
222 arvadostest.FooBarDirCollection + ".example.com/dir1/foo",
224 c.Log("doRequests: ", hostPath)
225 s.doVhostRequestsWithHostPath(c, authz, hostPath)
229 func (s *IntegrationSuite) doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) {
230 for _, tok := range []string{
231 arvadostest.ActiveToken,
232 arvadostest.ActiveToken[:15],
233 arvadostest.SpectatorToken,
237 u := mustParseURL("http://" + hostPath)
238 req := &http.Request{
242 RequestURI: u.RequestURI(),
243 Header: http.Header{},
245 failCode := authz(req, tok)
246 req, resp := s.doReq(req)
247 code, body := resp.Code, resp.Body.String()
249 // If the initial request had a (non-empty) token
250 // showing in the query string, we should have been
251 // redirected in order to hide it in a cookie.
252 c.Check(req.URL.String(), check.Not(check.Matches), `.*api_token=.+`)
254 if tok == arvadostest.ActiveToken {
255 c.Check(code, check.Equals, http.StatusOK)
256 c.Check(body, check.Equals, "foo")
259 c.Check(code >= 400, check.Equals, true)
260 c.Check(code < 500, check.Equals, true)
261 if tok == arvadostest.SpectatorToken {
262 // Valid token never offers to retry
263 // with different credentials.
264 c.Check(code, check.Equals, http.StatusNotFound)
266 // Invalid token can ask to retry
267 // depending on the authz method.
268 c.Check(code, check.Equals, failCode)
270 c.Check(body, check.Equals, "")
275 func (s *IntegrationSuite) doReq(req *http.Request) (*http.Request, *httptest.ResponseRecorder) {
276 resp := httptest.NewRecorder()
277 s.testServer.Handler.ServeHTTP(resp, req)
278 if resp.Code != http.StatusSeeOther {
281 cookies := (&http.Response{Header: resp.Header()}).Cookies()
282 u, _ := req.URL.Parse(resp.Header().Get("Location"))
287 RequestURI: u.RequestURI(),
288 Header: http.Header{},
290 for _, c := range cookies {
296 func (s *IntegrationSuite) TestVhostRedirectQueryTokenToCookie(c *check.C) {
297 s.testVhostRedirectTokenToCookie(c, "GET",
298 arvadostest.FooCollection+".example.com/foo",
299 "?api_token="+arvadostest.ActiveToken,
307 func (s *IntegrationSuite) TestSingleOriginSecretLink(c *check.C) {
308 s.testVhostRedirectTokenToCookie(c, "GET",
309 "example.com/c="+arvadostest.FooCollection+"/t="+arvadostest.ActiveToken+"/foo",
318 // Bad token in URL is 404 Not Found because it doesn't make sense to
319 // retry the same URL with different authorization.
320 func (s *IntegrationSuite) TestSingleOriginSecretLinkBadToken(c *check.C) {
321 s.testVhostRedirectTokenToCookie(c, "GET",
322 "example.com/c="+arvadostest.FooCollection+"/t=bogus/foo",
331 // Bad token in a cookie (even if it got there via our own
332 // query-string-to-cookie redirect) is, in principle, retryable at the
333 // same URL so it's 401 Unauthorized.
334 func (s *IntegrationSuite) TestVhostRedirectQueryTokenToBogusCookie(c *check.C) {
335 s.testVhostRedirectTokenToCookie(c, "GET",
336 arvadostest.FooCollection+".example.com/foo",
337 "?api_token=thisisabogustoken",
340 http.StatusUnauthorized,
345 func (s *IntegrationSuite) TestVhostRedirectQueryTokenSingleOriginError(c *check.C) {
346 s.testVhostRedirectTokenToCookie(c, "GET",
347 "example.com/c="+arvadostest.FooCollection+"/foo",
348 "?api_token="+arvadostest.ActiveToken,
351 http.StatusBadRequest,
352 "cannot serve inline content at this URL (possible configuration error; see https://doc.arvados.org/install/install-keep-web.html#dns)\n",
356 // If client requests an attachment by putting ?disposition=attachment
357 // in the query string, and gets redirected, the redirect target
358 // should respond with an attachment.
359 func (s *IntegrationSuite) TestVhostRedirectQueryTokenRequestAttachment(c *check.C) {
360 resp := s.testVhostRedirectTokenToCookie(c, "GET",
361 arvadostest.FooCollection+".example.com/foo",
362 "?disposition=attachment&api_token="+arvadostest.ActiveToken,
368 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
371 func (s *IntegrationSuite) TestVhostRedirectQueryTokenSiteFS(c *check.C) {
372 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
373 resp := s.testVhostRedirectTokenToCookie(c, "GET",
374 "download.example.com/by_id/"+arvadostest.FooCollection+"/foo",
375 "?api_token="+arvadostest.ActiveToken,
381 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
384 func (s *IntegrationSuite) TestPastCollectionVersionFileAccess(c *check.C) {
385 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
386 resp := s.testVhostRedirectTokenToCookie(c, "GET",
387 "download.example.com/c="+arvadostest.WazVersion1Collection+"/waz",
388 "?api_token="+arvadostest.ActiveToken,
394 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
395 resp = s.testVhostRedirectTokenToCookie(c, "GET",
396 "download.example.com/by_id/"+arvadostest.WazVersion1Collection+"/waz",
397 "?api_token="+arvadostest.ActiveToken,
403 c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?")
406 func (s *IntegrationSuite) TestVhostRedirectQueryTokenTrustAllContent(c *check.C) {
407 s.testServer.Config.cluster.Collections.TrustAllContent = true
408 s.testVhostRedirectTokenToCookie(c, "GET",
409 "example.com/c="+arvadostest.FooCollection+"/foo",
410 "?api_token="+arvadostest.ActiveToken,
418 func (s *IntegrationSuite) TestVhostRedirectQueryTokenAttachmentOnlyHost(c *check.C) {
419 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "example.com:1234"
421 s.testVhostRedirectTokenToCookie(c, "GET",
422 "example.com/c="+arvadostest.FooCollection+"/foo",
423 "?api_token="+arvadostest.ActiveToken,
426 http.StatusBadRequest,
427 "cannot serve inline content at this URL (possible configuration error; see https://doc.arvados.org/install/install-keep-web.html#dns)\n",
430 resp := s.testVhostRedirectTokenToCookie(c, "GET",
431 "example.com:1234/c="+arvadostest.FooCollection+"/foo",
432 "?api_token="+arvadostest.ActiveToken,
438 c.Check(resp.Header().Get("Content-Disposition"), check.Equals, "attachment")
441 func (s *IntegrationSuite) TestVhostRedirectPOSTFormTokenToCookie(c *check.C) {
442 s.testVhostRedirectTokenToCookie(c, "POST",
443 arvadostest.FooCollection+".example.com/foo",
445 "application/x-www-form-urlencoded",
446 url.Values{"api_token": {arvadostest.ActiveToken}}.Encode(),
452 func (s *IntegrationSuite) TestVhostRedirectPOSTFormTokenToCookie404(c *check.C) {
453 s.testVhostRedirectTokenToCookie(c, "POST",
454 arvadostest.FooCollection+".example.com/foo",
456 "application/x-www-form-urlencoded",
457 url.Values{"api_token": {arvadostest.SpectatorToken}}.Encode(),
463 func (s *IntegrationSuite) TestAnonymousTokenOK(c *check.C) {
464 s.testServer.Config.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
465 s.testVhostRedirectTokenToCookie(c, "GET",
466 "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt",
475 func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) {
476 s.testServer.Config.cluster.Users.AnonymousUserToken = "anonymousTokenConfiguredButInvalid"
477 s.testVhostRedirectTokenToCookie(c, "GET",
478 "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt",
487 func (s *IntegrationSuite) TestSpecialCharsInPath(c *check.C) {
488 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
490 client := s.testServer.Config.Client
491 client.AuthToken = arvadostest.ActiveToken
492 fs, err := (&arvados.Collection{}).FileSystem(&client, nil)
493 c.Assert(err, check.IsNil)
494 f, err := fs.OpenFile("https:\\\"odd' path chars", os.O_CREATE, 0777)
495 c.Assert(err, check.IsNil)
497 mtxt, err := fs.MarshalManifest(".")
498 c.Assert(err, check.IsNil)
499 var coll arvados.Collection
500 err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{
501 "collection": map[string]string{
502 "manifest_text": mtxt,
505 c.Assert(err, check.IsNil)
507 u, _ := url.Parse("http://download.example.com/c=" + coll.UUID + "/")
508 req := &http.Request{
512 RequestURI: u.RequestURI(),
514 "Authorization": {"Bearer " + client.AuthToken},
517 resp := httptest.NewRecorder()
518 s.testServer.Handler.ServeHTTP(resp, req)
519 c.Check(resp.Code, check.Equals, http.StatusOK)
520 c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./https:%5c%22odd%27%20path%20chars"\S+https:\\"odd' path chars.*`)
523 func (s *IntegrationSuite) TestForwardSlashSubstitution(c *check.C) {
524 arv := arvados.NewClientFromEnv()
525 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
526 s.testServer.Config.cluster.Collections.ForwardSlashNameSubstitution = "{SOLIDUS}"
527 name := "foo/bar/baz"
528 nameShown := strings.Replace(name, "/", "{SOLIDUS}", -1)
529 nameShownEscaped := strings.Replace(name, "/", "%7bSOLIDUS%7d", -1)
531 client := s.testServer.Config.Client
532 client.AuthToken = arvadostest.ActiveToken
533 fs, err := (&arvados.Collection{}).FileSystem(&client, nil)
534 c.Assert(err, check.IsNil)
535 f, err := fs.OpenFile("filename", os.O_CREATE, 0777)
536 c.Assert(err, check.IsNil)
538 mtxt, err := fs.MarshalManifest(".")
539 c.Assert(err, check.IsNil)
540 var coll arvados.Collection
541 err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{
542 "collection": map[string]string{
543 "manifest_text": mtxt,
545 "owner_uuid": arvadostest.AProjectUUID,
548 c.Assert(err, check.IsNil)
549 defer arv.RequestAndDecode(&coll, "DELETE", "arvados/v1/collections/"+coll.UUID, nil, nil)
551 base := "http://download.example.com/by_id/" + coll.OwnerUUID + "/"
552 for tryURL, expectRegexp := range map[string]string{
553 base: `(?ms).*href="./` + nameShownEscaped + `/"\S+` + nameShown + `.*`,
554 base + nameShownEscaped + "/": `(?ms).*href="./filename"\S+filename.*`,
556 u, _ := url.Parse(tryURL)
557 req := &http.Request{
561 RequestURI: u.RequestURI(),
563 "Authorization": {"Bearer " + client.AuthToken},
566 resp := httptest.NewRecorder()
567 s.testServer.Handler.ServeHTTP(resp, req)
568 c.Check(resp.Code, check.Equals, http.StatusOK)
569 c.Check(resp.Body.String(), check.Matches, expectRegexp)
573 // XHRs can't follow redirect-with-cookie so they rely on method=POST
574 // and disposition=attachment (telling us it's acceptable to respond
575 // with content instead of a redirect) and an Origin header that gets
576 // added automatically by the browser (telling us it's desirable to do
578 func (s *IntegrationSuite) TestXHRNoRedirect(c *check.C) {
579 u, _ := url.Parse("http://example.com/c=" + arvadostest.FooCollection + "/foo")
580 req := &http.Request{
584 RequestURI: u.RequestURI(),
586 "Origin": {"https://origin.example"},
587 "Content-Type": {"application/x-www-form-urlencoded"},
589 Body: ioutil.NopCloser(strings.NewReader(url.Values{
590 "api_token": {arvadostest.ActiveToken},
591 "disposition": {"attachment"},
594 resp := httptest.NewRecorder()
595 s.testServer.Handler.ServeHTTP(resp, req)
596 c.Check(resp.Code, check.Equals, http.StatusOK)
597 c.Check(resp.Body.String(), check.Equals, "foo")
598 c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
601 func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, hostPath, queryString, contentType, reqBody string, expectStatus int, expectRespBody string) *httptest.ResponseRecorder {
602 u, _ := url.Parse(`http://` + hostPath + queryString)
603 req := &http.Request{
607 RequestURI: u.RequestURI(),
608 Header: http.Header{"Content-Type": {contentType}},
609 Body: ioutil.NopCloser(strings.NewReader(reqBody)),
612 resp := httptest.NewRecorder()
614 c.Check(resp.Code, check.Equals, expectStatus)
615 c.Check(resp.Body.String(), check.Equals, expectRespBody)
618 s.testServer.Handler.ServeHTTP(resp, req)
619 if resp.Code != http.StatusSeeOther {
622 c.Check(resp.Body.String(), check.Matches, `.*href="http://`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`)
623 cookies := (&http.Response{Header: resp.Header()}).Cookies()
625 u, _ = u.Parse(resp.Header().Get("Location"))
630 RequestURI: u.RequestURI(),
631 Header: http.Header{},
633 for _, c := range cookies {
637 resp = httptest.NewRecorder()
638 s.testServer.Handler.ServeHTTP(resp, req)
639 c.Check(resp.Header().Get("Location"), check.Equals, "")
643 func (s *IntegrationSuite) TestDirectoryListingWithAnonymousToken(c *check.C) {
644 s.testServer.Config.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
645 s.testDirectoryListing(c)
648 func (s *IntegrationSuite) TestDirectoryListingWithNoAnonymousToken(c *check.C) {
649 s.testServer.Config.cluster.Users.AnonymousUserToken = ""
650 s.testDirectoryListing(c)
653 func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
654 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "download.example.com"
655 authHeader := http.Header{
656 "Authorization": {"OAuth2 " + arvadostest.ActiveToken},
658 for _, trial := range []struct {
666 uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/",
668 expect: []string{"dir1/foo", "dir1/bar"},
672 uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/dir1/",
674 expect: []string{"foo", "bar"},
678 // URLs of this form ignore authHeader, and
679 // FooAndBarFilesInDirUUID isn't public, so
681 uri: "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/",
686 uri: "download.example.com/users/active/foo_file_in_dir/",
688 expect: []string{"dir1/"},
692 uri: "download.example.com/users/active/foo_file_in_dir/dir1/",
694 expect: []string{"bar"},
698 uri: "download.example.com/",
700 expect: []string{"users/"},
704 uri: "download.example.com/users",
707 expect: []string{"active/"},
711 uri: "download.example.com/users/",
713 expect: []string{"active/"},
717 uri: "download.example.com/users/active",
719 redirect: "/users/active/",
720 expect: []string{"foo_file_in_dir/"},
724 uri: "download.example.com/users/active/",
726 expect: []string{"foo_file_in_dir/"},
730 uri: "collections.example.com/collections/download/" + arvadostest.FooAndBarFilesInDirUUID + "/" + arvadostest.ActiveToken + "/",
732 expect: []string{"dir1/foo", "dir1/bar"},
736 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken + "/",
738 expect: []string{"dir1/foo", "dir1/bar"},
742 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken,
744 expect: []string{"dir1/foo", "dir1/bar"},
748 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID,
750 expect: []string{"dir1/foo", "dir1/bar"},
754 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1",
756 redirect: "/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/",
757 expect: []string{"foo", "bar"},
761 uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/_/dir1/",
763 expect: []string{"foo", "bar"},
767 uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken,
770 expect: []string{"foo", "bar"},
774 uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/theperthcountyconspiracydoesnotexist/",
779 uri: "download.example.com/c=" + arvadostest.WazVersion1Collection,
781 expect: []string{"waz"},
785 uri: "download.example.com/by_id/" + arvadostest.WazVersion1Collection,
787 expect: []string{"waz"},
791 comment := check.Commentf("HTML: %q => %q", trial.uri, trial.expect)
792 resp := httptest.NewRecorder()
793 u := mustParseURL("//" + trial.uri)
794 req := &http.Request{
798 RequestURI: u.RequestURI(),
799 Header: copyHeader(trial.header),
801 s.testServer.Handler.ServeHTTP(resp, req)
802 var cookies []*http.Cookie
803 for resp.Code == http.StatusSeeOther {
804 u, _ := req.URL.Parse(resp.Header().Get("Location"))
809 RequestURI: u.RequestURI(),
810 Header: copyHeader(trial.header),
812 cookies = append(cookies, (&http.Response{Header: resp.Header()}).Cookies()...)
813 for _, c := range cookies {
816 resp = httptest.NewRecorder()
817 s.testServer.Handler.ServeHTTP(resp, req)
819 if trial.redirect != "" {
820 c.Check(req.URL.Path, check.Equals, trial.redirect, comment)
822 if trial.expect == nil {
823 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
825 c.Check(resp.Code, check.Equals, http.StatusOK, comment)
826 for _, e := range trial.expect {
827 c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./`+e+`".*`, comment)
829 c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`, comment)
832 comment = check.Commentf("WebDAV: %q => %q", trial.uri, trial.expect)
837 RequestURI: u.RequestURI(),
838 Header: copyHeader(trial.header),
839 Body: ioutil.NopCloser(&bytes.Buffer{}),
841 resp = httptest.NewRecorder()
842 s.testServer.Handler.ServeHTTP(resp, req)
843 if trial.expect == nil {
844 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
846 c.Check(resp.Code, check.Equals, http.StatusOK, comment)
853 RequestURI: u.RequestURI(),
854 Header: copyHeader(trial.header),
855 Body: ioutil.NopCloser(&bytes.Buffer{}),
857 resp = httptest.NewRecorder()
858 s.testServer.Handler.ServeHTTP(resp, req)
859 if trial.expect == nil {
860 c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
862 c.Check(resp.Code, check.Equals, http.StatusMultiStatus, comment)
863 for _, e := range trial.expect {
864 if strings.HasSuffix(e, "/") {
865 e = filepath.Join(u.Path, e) + "/"
867 e = filepath.Join(u.Path, e)
869 c.Check(resp.Body.String(), check.Matches, `(?ms).*<D:href>`+e+`</D:href>.*`, comment)
875 func (s *IntegrationSuite) TestDeleteLastFile(c *check.C) {
876 arv := arvados.NewClientFromEnv()
877 var newCollection arvados.Collection
878 err := arv.RequestAndDecode(&newCollection, "POST", "arvados/v1/collections", nil, map[string]interface{}{
879 "collection": map[string]string{
880 "owner_uuid": arvadostest.ActiveUserUUID,
881 "manifest_text": ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo.txt 0:3:bar.txt\n",
882 "name": "keep-web test collection",
884 "ensure_unique_name": true,
886 c.Assert(err, check.IsNil)
887 defer arv.RequestAndDecode(&newCollection, "DELETE", "arvados/v1/collections/"+newCollection.UUID, nil, nil)
889 var updated arvados.Collection
890 for _, fnm := range []string{"foo.txt", "bar.txt"} {
891 s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = "example.com"
892 u, _ := url.Parse("http://example.com/c=" + newCollection.UUID + "/" + fnm)
893 req := &http.Request{
897 RequestURI: u.RequestURI(),
899 "Authorization": {"Bearer " + arvadostest.ActiveToken},
902 resp := httptest.NewRecorder()
903 s.testServer.Handler.ServeHTTP(resp, req)
904 c.Check(resp.Code, check.Equals, http.StatusNoContent)
906 updated = arvados.Collection{}
907 err = arv.RequestAndDecode(&updated, "GET", "arvados/v1/collections/"+newCollection.UUID, nil, nil)
908 c.Check(err, check.IsNil)
909 c.Check(updated.ManifestText, check.Not(check.Matches), `(?ms).*\Q`+fnm+`\E.*`)
910 c.Logf("updated manifest_text %q", updated.ManifestText)
912 c.Check(updated.ManifestText, check.Equals, "")
915 func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) {
916 s.testServer.Config.cluster.ManagementToken = arvadostest.ManagementToken
917 authHeader := http.Header{
918 "Authorization": {"Bearer " + arvadostest.ManagementToken},
921 resp := httptest.NewRecorder()
922 u := mustParseURL("http://download.example.com/_health/ping")
923 req := &http.Request{
927 RequestURI: u.RequestURI(),
930 s.testServer.Handler.ServeHTTP(resp, req)
932 c.Check(resp.Code, check.Equals, http.StatusOK)
933 c.Check(resp.Body.String(), check.Matches, `{"health":"OK"}\n`)
936 func copyHeader(h http.Header) http.Header {
938 for k, v := range h {
939 hc[k] = append([]string(nil), v...)