X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6f71acc7f50f6d1b202ac4911a27fe56619615d0..a524fabd054d2b923eceb575de95674caca58e85:/services/api/script/get_anonymous_user_token.rb

diff --git a/services/api/script/get_anonymous_user_token.rb b/services/api/script/get_anonymous_user_token.rb
index 76e20880a5..7b146fc8e3 100755
--- a/services/api/script/get_anonymous_user_token.rb
+++ b/services/api/script/get_anonymous_user_token.rb
@@ -1,4 +1,7 @@
 #!/usr/bin/env ruby
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
 
 # Get or Create an anonymous user token.
 # If get option is used, an existing anonymous user token is returned. If none exist, one is created.
@@ -27,6 +30,7 @@ def create_api_client_auth
   api_client_auth = ApiClientAuthorization.
     new(user: anonymous_user,
         api_client_id: 0,
+        expires_at: Time.now + 100.years,
         scopes: ['GET /'])
   api_client_auth.save!
   api_client_auth.reload
@@ -34,7 +38,10 @@ end
 
 if get_existing
   api_client_auth = ApiClientAuthorization.
-    where('user_id=?', anonymous_user.id.to_i).first
+    where('user_id=?', anonymous_user.id.to_i).
+    where('expires_at>?', Time.now).
+    select { |auth| auth.scopes == ['GET /'] }.
+    first
 end
 
 # either not a get or no api_client_auth was found