X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/59107add9b9d01d98cca49933c90f4e320d47fef..685db28b50225cde7dbb03aa2275f7a165d888a3:/services/keep-web/handler_test.go

diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index ba416d7cd8..6412789ff9 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -50,7 +50,7 @@ func (s *UnitSuite) SetUpTest(c *check.C) {
 }
 
 func (s *UnitSuite) TestCORSPreflight(c *check.C) {
-	h := handler{Config: newConfig(s.Config)}
+	h := handler{Config: newConfig(ctxlog.TestLogger(c), s.Config)}
 	u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo")
 	req := &http.Request{
 		Method:     "OPTIONS",
@@ -109,7 +109,7 @@ func (s *UnitSuite) TestEmptyResponse(c *check.C) {
 			c.Assert(err, check.IsNil)
 		}
 
-		h := handler{Config: newConfig(s.Config)}
+		h := handler{Config: newConfig(ctxlog.TestLogger(c), s.Config)}
 		u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
 		req := &http.Request{
 			Method:     "GET",
@@ -159,7 +159,7 @@ func (s *UnitSuite) TestInvalidUUID(c *check.C) {
 			RequestURI: u.RequestURI(),
 		}
 		resp := httptest.NewRecorder()
-		cfg := newConfig(s.Config)
+		cfg := newConfig(ctxlog.TestLogger(c), s.Config)
 		cfg.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
 		h := handler{Config: cfg}
 		h.ServeHTTP(resp, req)
@@ -1067,7 +1067,7 @@ func (s *IntegrationSuite) TestFileContentType(c *check.C) {
 		contentType string
 	}{
 		{"picture.txt", "BMX bikes are small this year\n", "text/plain; charset=utf-8"},
-		{"picture.bmp", "BMX bikes are small this year\n", "image/x-ms-bmp"},
+		{"picture.bmp", "BMX bikes are small this year\n", "image/(x-ms-)?bmp"},
 		{"picture.jpg", "BMX bikes are small this year\n", "image/jpeg"},
 		{"picture1", "BMX bikes are small this year\n", "image/bmp"},            // content sniff; "BM" is the magic signature for .bmp
 		{"picture2", "Cars are small this year\n", "text/plain; charset=utf-8"}, // content sniff
@@ -1103,7 +1103,7 @@ func (s *IntegrationSuite) TestFileContentType(c *check.C) {
 		resp := httptest.NewRecorder()
 		s.testServer.Handler.ServeHTTP(resp, req)
 		c.Check(resp.Code, check.Equals, http.StatusOK)
-		c.Check(resp.Header().Get("Content-Type"), check.Equals, trial.contentType)
+		c.Check(resp.Header().Get("Content-Type"), check.Matches, trial.contentType)
 		c.Check(resp.Body.String(), check.Equals, trial.content)
 	}
 }
@@ -1188,49 +1188,20 @@ func copyHeader(h http.Header) http.Header {
 	return hc
 }
 
-func (s *IntegrationSuite) TestDownloadLogging(c *check.C) {
-	h := handler{Config: newConfig(s.ArvConfig)}
-	u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
-	req := &http.Request{
-		Method:     "GET",
-		Host:       u.Host,
-		URL:        u,
-		RequestURI: u.RequestURI(),
-		Header: http.Header{
-			"Authorization": {"Bearer " + arvadostest.ActiveToken},
-		},
-	}
-
-	var logbuf bytes.Buffer
-	logger := logrus.New()
-	logger.Out = &logbuf
-	resp := httptest.NewRecorder()
-	req = req.WithContext(ctxlog.Context(context.Background(), logger))
-	h.ServeHTTP(resp, req)
-
-	c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
-	c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
-}
-
-func (s *IntegrationSuite) TestUploadLogging(c *check.C) {
-	defer func() {
-		client := s.testServer.Config.Client
-		client.AuthToken = arvadostest.AdminToken
-		client.RequestAndDecode(nil, "POST", "database/reset", nil, nil)
-	}()
+func (s *IntegrationSuite) checkUploadDownloadRequest(c *check.C, h *handler, req *http.Request,
+	successCode int, direction string, perm bool, userUuid string, collectionUuid string, filepath string) {
 
-	h := handler{Config: newConfig(s.ArvConfig)}
-	u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/bar")
-	req := &http.Request{
-		Method:     "PUT",
-		Host:       u.Host,
-		URL:        u,
-		RequestURI: u.RequestURI(),
-		Header: http.Header{
-			"Authorization": {"Bearer " + arvadostest.ActiveToken},
-		},
-		Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
-	}
+	client := s.testServer.Config.Client
+	client.AuthToken = arvadostest.AdminToken
+	var logentries arvados.LogList
+	limit1 := 1
+	err := client.RequestAndDecode(&logentries, "GET", "arvados/v1/logs", nil,
+		arvados.ResourceListParams{
+			Limit: &limit1,
+			Order: "created_at desc"})
+	c.Check(err, check.IsNil)
+	c.Check(logentries.Items, check.HasLen, 1)
+	lastLogId := logentries.Items[0].ID
 
 	var logbuf bytes.Buffer
 	logger := logrus.New()
@@ -1239,20 +1210,51 @@ func (s *IntegrationSuite) TestUploadLogging(c *check.C) {
 	req = req.WithContext(ctxlog.Context(context.Background(), logger))
 	h.ServeHTTP(resp, req)
 
-	c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
-	c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+	if perm {
+		c.Check(resp.Result().StatusCode, check.Equals, successCode)
+		c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File `+direction+`".*`)
+		c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+
+		deadline := time.Now().Add(time.Second)
+		for {
+			c.Assert(time.Now().After(deadline), check.Equals, false, check.Commentf("timed out waiting for log entry"))
+			err = client.RequestAndDecode(&logentries, "GET", "arvados/v1/logs", nil,
+				arvados.ResourceListParams{
+					Filters: []arvados.Filter{
+						{Attr: "event_type", Operator: "=", Operand: "file_" + direction},
+						{Attr: "object_uuid", Operator: "=", Operand: userUuid},
+					},
+					Limit: &limit1,
+					Order: "created_at desc",
+				})
+			c.Assert(err, check.IsNil)
+			if len(logentries.Items) > 0 &&
+				logentries.Items[0].ID > lastLogId &&
+				logentries.Items[0].ObjectUUID == userUuid &&
+				logentries.Items[0].Properties["collection_uuid"] == collectionUuid &&
+				logentries.Items[0].Properties["collection_file_path"] == filepath {
+				break
+			}
+			c.Logf("logentries.Items: %+v", logentries.Items)
+			time.Sleep(50 * time.Millisecond)
+		}
+	} else {
+		c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
+		c.Check(logbuf.String(), check.Equals, "")
+	}
 }
 
-func (s *IntegrationSuite) TestDownloadPermission(c *check.C) {
-	config := newConfig(s.ArvConfig)
+func (s *IntegrationSuite) TestDownloadLoggingPermission(c *check.C) {
+	config := newConfig(ctxlog.TestLogger(c), s.ArvConfig)
 	h := handler{Config: config}
 	u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
 
+	config.cluster.Collections.TrustAllContent = true
+
 	for _, adminperm := range []bool{true, false} {
 		for _, userperm := range []bool{true, false} {
-
-			config.cluster.Collections.KeepWebPermission.Admin.Download = adminperm
-			config.cluster.Collections.KeepWebPermission.User.Download = userperm
+			config.cluster.Collections.WebDAVPermission.Admin.Download = adminperm
+			config.cluster.Collections.WebDAVPermission.User.Download = userperm
 
 			// Test admin permission
 			req := &http.Request{
@@ -1264,22 +1266,8 @@ func (s *IntegrationSuite) TestDownloadPermission(c *check.C) {
 					"Authorization": {"Bearer " + arvadostest.AdminToken},
 				},
 			}
-
-			var logbuf bytes.Buffer
-			logger := logrus.New()
-			logger.Out = &logbuf
-			resp := httptest.NewRecorder()
-			req = req.WithContext(ctxlog.Context(context.Background(), logger))
-			h.ServeHTTP(resp, req)
-
-			if adminperm {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusOK)
-				c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
-				c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
-			} else {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
-				c.Check(logbuf.String(), check.Equals, "")
-			}
+			s.checkUploadDownloadRequest(c, &h, req, http.StatusOK, "download", adminperm,
+				arvadostest.AdminUserUUID, arvadostest.FooCollection, "foo")
 
 			// Test user permission
 			req = &http.Request{
@@ -1291,42 +1279,71 @@ func (s *IntegrationSuite) TestDownloadPermission(c *check.C) {
 					"Authorization": {"Bearer " + arvadostest.ActiveToken},
 				},
 			}
+			s.checkUploadDownloadRequest(c, &h, req, http.StatusOK, "download", userperm,
+				arvadostest.ActiveUserUUID, arvadostest.FooCollection, "foo")
+		}
+	}
 
-			logbuf = bytes.Buffer{}
-			logger = logrus.New()
-			logger.Out = &logbuf
-			resp = httptest.NewRecorder()
-			req = req.WithContext(ctxlog.Context(context.Background(), logger))
-			h.ServeHTTP(resp, req)
+	config.cluster.Collections.WebDAVPermission.User.Download = true
 
-			if userperm {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusOK)
-				c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
-				c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
-			} else {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
-				c.Check(logbuf.String(), check.Equals, "")
-			}
+	for _, tryurl := range []string{"http://" + arvadostest.MultilevelCollection1 + ".keep-web.example/dir1/subdir/file1",
+		"http://keep-web/users/active/multilevel_collection_1/dir1/subdir/file1"} {
+
+		u = mustParseURL(tryurl)
+		req := &http.Request{
+			Method:     "GET",
+			Host:       u.Host,
+			URL:        u,
+			RequestURI: u.RequestURI(),
+			Header: http.Header{
+				"Authorization": {"Bearer " + arvadostest.ActiveToken},
+			},
 		}
+		s.checkUploadDownloadRequest(c, &h, req, http.StatusOK, "download", true,
+			arvadostest.ActiveUserUUID, arvadostest.MultilevelCollection1, "dir1/subdir/file1")
 	}
-}
 
-func (s *IntegrationSuite) TestUploadPermission(c *check.C) {
-	defer func() {
-		client := s.testServer.Config.Client
-		client.AuthToken = arvadostest.AdminToken
-		client.RequestAndDecode(nil, "POST", "database/reset", nil, nil)
-	}()
+	u = mustParseURL("http://" + strings.Replace(arvadostest.FooCollectionPDH, "+", "-", 1) + ".keep-web.example/foo")
+	req := &http.Request{
+		Method:     "GET",
+		Host:       u.Host,
+		URL:        u,
+		RequestURI: u.RequestURI(),
+		Header: http.Header{
+			"Authorization": {"Bearer " + arvadostest.ActiveToken},
+		},
+	}
+	s.checkUploadDownloadRequest(c, &h, req, http.StatusOK, "download", true,
+		arvadostest.ActiveUserUUID, arvadostest.FooCollection, "foo")
+}
 
-	config := newConfig(s.ArvConfig)
+func (s *IntegrationSuite) TestUploadLoggingPermission(c *check.C) {
+	config := newConfig(ctxlog.TestLogger(c), s.ArvConfig)
 	h := handler{Config: config}
-	u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
 
 	for _, adminperm := range []bool{true, false} {
 		for _, userperm := range []bool{true, false} {
 
-			config.cluster.Collections.KeepWebPermission.Admin.Upload = adminperm
-			config.cluster.Collections.KeepWebPermission.User.Upload = userperm
+			arv := s.testServer.Config.Client
+			arv.AuthToken = arvadostest.ActiveToken
+
+			var coll arvados.Collection
+			err := arv.RequestAndDecode(&coll,
+				"POST",
+				"/arvados/v1/collections",
+				nil,
+				map[string]interface{}{
+					"ensure_unique_name": true,
+					"collection": map[string]interface{}{
+						"name": "test collection",
+					},
+				})
+			c.Assert(err, check.Equals, nil)
+
+			u := mustParseURL("http://" + coll.UUID + ".keep-web.example/bar")
+
+			config.cluster.Collections.WebDAVPermission.Admin.Upload = adminperm
+			config.cluster.Collections.WebDAVPermission.User.Upload = userperm
 
 			// Test admin permission
 			req := &http.Request{
@@ -1339,22 +1356,8 @@ func (s *IntegrationSuite) TestUploadPermission(c *check.C) {
 				},
 				Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
 			}
-
-			var logbuf bytes.Buffer
-			logger := logrus.New()
-			logger.Out = &logbuf
-			resp := httptest.NewRecorder()
-			req = req.WithContext(ctxlog.Context(context.Background(), logger))
-			h.ServeHTTP(resp, req)
-
-			if adminperm {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusCreated)
-				c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
-				c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
-			} else {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
-				c.Check(logbuf.String(), check.Equals, "")
-			}
+			s.checkUploadDownloadRequest(c, &h, req, http.StatusCreated, "upload", adminperm,
+				arvadostest.AdminUserUUID, coll.UUID, "bar")
 
 			// Test user permission
 			req = &http.Request{
@@ -1367,22 +1370,8 @@ func (s *IntegrationSuite) TestUploadPermission(c *check.C) {
 				},
 				Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
 			}
-
-			logbuf = bytes.Buffer{}
-			logger = logrus.New()
-			logger.Out = &logbuf
-			resp = httptest.NewRecorder()
-			req = req.WithContext(ctxlog.Context(context.Background(), logger))
-			h.ServeHTTP(resp, req)
-
-			if userperm {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusCreated)
-				c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
-				c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
-			} else {
-				c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
-				c.Check(logbuf.String(), check.Equals, "")
-			}
+			s.checkUploadDownloadRequest(c, &h, req, http.StatusCreated, "upload", userperm,
+				arvadostest.ActiveUserUUID, coll.UUID, "bar")
 		}
 	}
 }