projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Playground shell accounts enabled by default refs #16601
[arvados.git] / lib / controller / fed_containers.go
diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index 8bb68d171fc672684be2704373db9030c933559c..c62cea1168eb29c212ad5eefdd7a9d58dc609f8c 100644 (file)
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -33,19 +33,20 @@ func remoteContainerRequestCreate(
        creds := auth.NewCredentials()
        creds.LoadTokensFromHTTPRequest(req)
 
-       currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+       currentUser, ok, err := h.handler.validateAPItoken(req, creds.Tokens[0])
        if err != nil {
-               httpserver.Error(w, err.Error(), http.StatusForbidden)
+               httpserver.Error(w, err.Error(), http.StatusInternalServerError)
+               return true
+       } else if !ok {
+               httpserver.Error(w, "invalid API token", http.StatusForbidden)
                return true
        }
 
-       if *clusterId == "" {
-               *clusterId = h.handler.Cluster.ClusterID
-       }
-
-       if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) &&
-               *clusterId == h.handler.Cluster.ClusterID {
-               // local user submitting container request to local cluster
+       if *clusterId == "" || *clusterId == h.handler.Cluster.ClusterID {
+               // Submitting container request to local cluster. No
+               // need to set a runtime_token (rails api will create
+               // one when the container runs) or do a remote cluster
+               // request.
                return false
        }