projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' into 14930-arvput-trash-at
[arvados.git]
/
services
/
api
/
app
/
models
/
api_client_authorization.rb
diff --git
a/services/api/app/models/api_client_authorization.rb
b/services/api/app/models/api_client_authorization.rb
index 39253e1036ba9a52b2070f9e0a7d4043fecb2d43..7645d1597ca726579dd91ead5285a9f0253c3873 100644
(file)
--- a/
services/api/app/models/api_client_authorization.rb
+++ b/
services/api/app/models/api_client_authorization.rb
@@
-87,14
+87,14
@@
class ApiClientAuthorization < ArvadosModel
end
def self.remote_host(uuid_prefix:)
end
def self.remote_host(uuid_prefix:)
-
Rails.configuration.remote_hosts[uuid_prefix]
||
- (Rails.configuration.
remote_hosts_via_dns
&&
+
(Rails.configuration.RemoteClusters[uuid_prefix].andand.Host)
||
+ (Rails.configuration.
RemoteClusters["*"].Proxy
&&
uuid_prefix+".arvadosapi.com")
end
def self.validate(token:, remote: nil)
return nil if !token
uuid_prefix+".arvadosapi.com")
end
def self.validate(token:, remote: nil)
return nil if !token
- remote ||= Rails.configuration.
uuid_prefix
+ remote ||= Rails.configuration.
ClusterID
case token[0..2]
when 'v2/'
case token[0..2]
when 'v2/'
@@
-134,7
+134,7
@@
class ApiClientAuthorization < ArvadosModel
end
uuid_prefix = uuid[0..4]
end
uuid_prefix = uuid[0..4]
- if uuid_prefix == Rails.configuration.
uuid_prefix
+ if uuid_prefix == Rails.configuration.
ClusterID
# If the token were valid, we would have validated it above
return nil
elsif uuid_prefix.length != 5
# If the token were valid, we would have validated it above
return nil
elsif uuid_prefix.length != 5
@@
-153,12
+153,18
@@
class ApiClientAuthorization < ArvadosModel
# [re]validate it.
begin
clnt = HTTPClient.new
# [re]validate it.
begin
clnt = HTTPClient.new
- if Rails.configuration.
sso_i
nsecure
+ if Rails.configuration.
TLS.I
nsecure
clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
clnt.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ else
+ # Use system CA certificates
+ ["/etc/ssl/certs/ca-certificates.crt",
+ "/etc/pki/tls/certs/ca-bundle.crt"]
+ .select { |ca_path| File.readable?(ca_path) }
+ .each { |ca_path| clnt.ssl_config.add_trust_ca(ca_path) }
end
remote_user = SafeJSON.load(
clnt.get_content('https://' + host + '/arvados/v1/users/current',
end
remote_user = SafeJSON.load(
clnt.get_content('https://' + host + '/arvados/v1/users/current',
- {'remote' => Rails.configuration.
uuid_prefix
},
+ {'remote' => Rails.configuration.
ClusterID
},
{'Authorization' => 'Bearer ' + token}))
rescue => e
Rails.logger.warn "remote authentication with token #{token.inspect} failed: #{e}"
{'Authorization' => 'Bearer ' + token}))
rescue => e
Rails.logger.warn "remote authentication with token #{token.inspect} failed: #{e}"
@@
-181,8
+187,8
@@
class ApiClientAuthorization < ArvadosModel
end
end
end
end
- if Rails.configuration.
new_users_are_a
ctive ||
- Rails.configuration.
auto_activate_users_from.include?(remote_user['uuid'][0..4])
+ if Rails.configuration.
Users.NewUsersAreA
ctive ||
+ Rails.configuration.
RemoteClusters[remote_user['uuid'][0..4]].andand["ActivateUsers"]
# Update is_active to whatever it is at the remote end
user.is_active = remote_user['is_active']
elsif !remote_user['is_active']
# Update is_active to whatever it is at the remote end
user.is_active = remote_user['is_active']
elsif !remote_user['is_active']