X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/267d3c40bf1c5503e6487db2ab1f6a4339ac5f83..d6e8bf4f423aa174f38b552161dd7bc2dd1ecb18:/services/keep-web/handler_test.go

diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 9252bd82d7..8715ab24f3 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -32,6 +32,10 @@ import (
 
 var _ = check.Suite(&UnitSuite{})
 
+func init() {
+	arvados.DebugLocksPanicMode = true
+}
+
 type UnitSuite struct {
 	Config *arvados.Config
 }
@@ -193,11 +197,18 @@ func (s *IntegrationSuite) TestVhost404(c *check.C) {
 // the token is invalid.
 type authorizer func(*http.Request, string) int
 
-func (s *IntegrationSuite) TestVhostViaAuthzHeader(c *check.C) {
-	s.doVhostRequests(c, authzViaAuthzHeader)
+func (s *IntegrationSuite) TestVhostViaAuthzHeaderOAuth2(c *check.C) {
+	s.doVhostRequests(c, authzViaAuthzHeaderOAuth2)
+}
+func authzViaAuthzHeaderOAuth2(r *http.Request, tok string) int {
+	r.Header.Add("Authorization", "Bearer "+tok)
+	return http.StatusUnauthorized
+}
+func (s *IntegrationSuite) TestVhostViaAuthzHeaderBearer(c *check.C) {
+	s.doVhostRequests(c, authzViaAuthzHeaderBearer)
 }
-func authzViaAuthzHeader(r *http.Request, tok string) int {
-	r.Header.Add("Authorization", "OAuth2 "+tok)
+func authzViaAuthzHeaderBearer(r *http.Request, tok string) int {
+	r.Header.Add("Authorization", "Bearer "+tok)
 	return http.StatusUnauthorized
 }
 
@@ -319,6 +330,30 @@ func (s *IntegrationSuite) doVhostRequestsWithHostPath(c *check.C, authz authori
 	}
 }
 
+func (s *IntegrationSuite) TestVhostPortMatch(c *check.C) {
+	for _, host := range []string{"download.example.com", "DOWNLOAD.EXAMPLE.COM"} {
+		for _, port := range []string{"80", "443", "8000"} {
+			s.testServer.Config.cluster.Services.WebDAVDownload.ExternalURL.Host = fmt.Sprintf("download.example.com:%v", port)
+			u := mustParseURL(fmt.Sprintf("http://%v/by_id/%v/foo", host, arvadostest.FooCollection))
+			req := &http.Request{
+				Method:     "GET",
+				Host:       u.Host,
+				URL:        u,
+				RequestURI: u.RequestURI(),
+				Header:     http.Header{"Authorization": []string{"Bearer " + arvadostest.ActiveToken}},
+			}
+			req, resp := s.doReq(req)
+			code, _ := resp.Code, resp.Body.String()
+
+			if port == "8000" {
+				c.Check(code, check.Equals, 401)
+			} else {
+				c.Check(code, check.Equals, 200)
+			}
+		}
+	}
+}
+
 func (s *IntegrationSuite) doReq(req *http.Request) (*http.Request, *httptest.ResponseRecorder) {
 	resp := httptest.NewRecorder()
 	s.testServer.Handler.ServeHTTP(resp, req)
@@ -743,7 +778,7 @@ func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
 		{
 			// URLs of this form ignore authHeader, and
 			// FooAndBarFilesInDirUUID isn't public, so
-			// this returns 404.
+			// this returns 401.
 			uri:    "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/",
 			header: authHeader,
 			expect: nil,
@@ -886,7 +921,11 @@ func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
 			c.Check(req.URL.Path, check.Equals, trial.redirect, comment)
 		}
 		if trial.expect == nil {
-			c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			if s.testServer.Config.cluster.Users.AnonymousUserToken == "" {
+				c.Check(resp.Code, check.Equals, http.StatusUnauthorized, comment)
+			} else {
+				c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			}
 		} else {
 			c.Check(resp.Code, check.Equals, http.StatusOK, comment)
 			for _, e := range trial.expect {
@@ -907,7 +946,11 @@ func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
 		resp = httptest.NewRecorder()
 		s.testServer.Handler.ServeHTTP(resp, req)
 		if trial.expect == nil {
-			c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			if s.testServer.Config.cluster.Users.AnonymousUserToken == "" {
+				c.Check(resp.Code, check.Equals, http.StatusUnauthorized, comment)
+			} else {
+				c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			}
 		} else {
 			c.Check(resp.Code, check.Equals, http.StatusOK, comment)
 		}
@@ -923,7 +966,11 @@ func (s *IntegrationSuite) testDirectoryListing(c *check.C) {
 		resp = httptest.NewRecorder()
 		s.testServer.Handler.ServeHTTP(resp, req)
 		if trial.expect == nil {
-			c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			if s.testServer.Config.cluster.Users.AnonymousUserToken == "" {
+				c.Check(resp.Code, check.Equals, http.StatusUnauthorized, comment)
+			} else {
+				c.Check(resp.Code, check.Equals, http.StatusNotFound, comment)
+			}
 		} else {
 			c.Check(resp.Code, check.Equals, http.StatusMultiStatus, comment)
 			for _, e := range trial.expect {
@@ -1075,6 +1122,62 @@ func (s *IntegrationSuite) TestKeepClientBlockCache(c *check.C) {
 	c.Check(keepclient.DefaultBlockCache.MaxBlocks, check.Equals, 42)
 }
 
+// Writing to a collection shouldn't affect its entry in the
+// PDH-to-manifest cache.
+func (s *IntegrationSuite) TestCacheWriteCollectionSamePDH(c *check.C) {
+	arv, err := arvadosclient.MakeArvadosClient()
+	c.Assert(err, check.Equals, nil)
+	arv.ApiToken = arvadostest.ActiveToken
+
+	u := mustParseURL("http://x.example/testfile")
+	req := &http.Request{
+		Method:     "GET",
+		Host:       u.Host,
+		URL:        u,
+		RequestURI: u.RequestURI(),
+		Header:     http.Header{"Authorization": {"Bearer " + arv.ApiToken}},
+	}
+
+	checkWithID := func(id string, status int) {
+		req.URL.Host = strings.Replace(id, "+", "-", -1) + ".example"
+		req.Host = req.URL.Host
+		resp := httptest.NewRecorder()
+		s.testServer.Handler.ServeHTTP(resp, req)
+		c.Check(resp.Code, check.Equals, status)
+	}
+
+	var colls [2]arvados.Collection
+	for i := range colls {
+		err := arv.Create("collections",
+			map[string]interface{}{
+				"ensure_unique_name": true,
+				"collection": map[string]interface{}{
+					"name": "test collection",
+				},
+			}, &colls[i])
+		c.Assert(err, check.Equals, nil)
+	}
+
+	// Populate cache with empty collection
+	checkWithID(colls[0].PortableDataHash, http.StatusNotFound)
+
+	// write a file to colls[0]
+	reqPut := *req
+	reqPut.Method = "PUT"
+	reqPut.URL.Host = colls[0].UUID + ".example"
+	reqPut.Host = req.URL.Host
+	reqPut.Body = ioutil.NopCloser(bytes.NewBufferString("testdata"))
+	resp := httptest.NewRecorder()
+	s.testServer.Handler.ServeHTTP(resp, &reqPut)
+	c.Check(resp.Code, check.Equals, http.StatusCreated)
+
+	// new file should not appear in colls[1]
+	checkWithID(colls[1].PortableDataHash, http.StatusNotFound)
+	checkWithID(colls[1].UUID, http.StatusNotFound)
+
+	checkWithID(colls[0].UUID, http.StatusOK)
+}
+
 func copyHeader(h http.Header) http.Header {
 	hc := http.Header{}
 	for k, v := range h {