X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/017ea8c747b3bd9cb57c5a7d52ca90e423c5c1fc..b29897f6c80db4a2b98f84fe6c2fcab98117efd2:/lib/controller/fed_containers.go?ds=sidebyside

diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index 7b8cdabe55..a923f757f2 100644
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -12,8 +12,8 @@ import (
 	"net/http"
 	"strings"
 
-	"git.curoverse.com/arvados.git/sdk/go/auth"
-	"git.curoverse.com/arvados.git/sdk/go/httpserver"
+	"git.arvados.org/arvados.git/sdk/go/auth"
+	"git.arvados.org/arvados.git/sdk/go/httpserver"
 )
 
 func remoteContainerRequestCreate(
@@ -33,9 +33,12 @@ func remoteContainerRequestCreate(
 	creds := auth.NewCredentials()
 	creds.LoadTokensFromHTTPRequest(req)
 
-	currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+	currentUser, ok, err := h.handler.validateAPItoken(req, creds.Tokens[0])
 	if err != nil {
-		httpserver.Error(w, err.Error(), http.StatusForbidden)
+		httpserver.Error(w, err.Error(), http.StatusInternalServerError)
+		return true
+	} else if !ok {
+		httpserver.Error(w, "invalid API token", http.StatusForbidden)
 		return true
 	}
 
@@ -99,8 +102,14 @@ func remoteContainerRequestCreate(
 			containerRequest["runtime_token"] = newtok.TokenV2()
 		} else {
 			// Remote user. Container request will use the
-			// current token.
-			containerRequest["runtime_token"] = creds.Tokens[0]
+			// current token, minus the trailing portion
+			// (optional container uuid).
+			sp := strings.Split(creds.Tokens[0], "/")
+			if len(sp) >= 3 {
+				containerRequest["runtime_token"] = strings.Join(sp[0:3], "/")
+			} else {
+				containerRequest["runtime_token"] = creds.Tokens[0]
+			}
 		}
 	}