end
def self.remote_host(uuid_prefix:)
- (Rails.configuration.RemoteClusters[uuid_prefix].andand.Host) ||
- (Rails.configuration.RemoteClusters["*"].Proxy &&
+ (Rails.configuration.RemoteClusters[uuid_prefix].andand["Host"]) ||
+ (Rails.configuration.RemoteClusters["*"]["Proxy"] &&
uuid_prefix+".arvadosapi.com")
end
- def self.make_http_client
+ def self.make_http_client(uuid_prefix:)
clnt = HTTPClient.new
- if Rails.configuration.TLS.Insecure
+
+ if uuid_prefix && (Rails.configuration.RemoteClusters[uuid_prefix].andand.Insecure ||
+ Rails.configuration.RemoteClusters['*'].andand.Insecure)
clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
else
# Use system CA certificates
return nil
end
- # Invarient: token_uuid_prefix != Rails.configuration.ClusterID
+ # Invariant: token_uuid_prefix != Rails.configuration.ClusterID
#
# In other words the remaing code in this method below is the
# case that determines whether to accept a token that was issued
# by a remote cluster when the token absent or expired in our
# database. To begin, we need to ask the cluster that issued
# the token to [re]validate it.
- clnt = ApiClientAuthorization.make_http_client
+ clnt = ApiClientAuthorization.make_http_client(uuid_prefix: token_uuid_prefix)
host = remote_host(uuid_prefix: token_uuid_prefix)
if !host
return nil
end
- # Invarient: remote_user_prefix == token_uuid_prefix
+ # Invariant: remote_user_prefix == token_uuid_prefix
# therefore: remote_user_prefix != Rails.configuration.ClusterID
# Add or update user and token in local database so we can