X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/14a6eb786a0d01e86ccae7645e880661caf6f0cb..5f915857cbb3620587f321514a065a73fd6ecc46:/services/api/app/models/api_client_authorization.rb diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 3afbd3b3e7..6057c4d269 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -108,10 +108,26 @@ class ApiClientAuthorization < ArvadosModel clnt end + def self.check_system_root_token token + if token == Rails.configuration.SystemRootToken + return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid), + uuid: Rails.configuration.ClusterID+"-gj3su-000000000000000", + api_token: token, + api_client: ApiClient.new(is_trusted: true, url_prefix: "")) + else + return nil + end + end + def self.validate(token:, remote: nil) - return nil if !token + return nil if token.nil? or token.empty? remote ||= Rails.configuration.ClusterID + auth = self.check_system_root_token(token) + if !auth.nil? + return auth + end + case token[0..2] when 'v2/' _, token_uuid, secret, optional = token.split('/') @@ -148,6 +164,9 @@ class ApiClientAuthorization < ArvadosModel (secret == auth.api_token || secret == OpenSSL::HMAC.hexdigest('sha1', auth.api_token, remote)) # found it + if token_uuid[0..4] != Rails.configuration.ClusterID + Rails.logger.debug "found cached remote token #{token_uuid} with secret #{secret} in local db" + end return auth end @@ -258,6 +277,7 @@ class ApiClientAuthorization < ArvadosModel api_token: secret, api_client_id: 0, expires_at: Time.now + Rails.configuration.Login.RemoteTokenRefresh) + Rails.logger.debug "cached remote token #{token_uuid} with secret #{secret} in local db" end return auth else