X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a4ed403c77477b7cc869c5fdd801ac839e941b9c..89be4b30feccc3680ca77339711b29367754dc05:/services/keep-web/handler_test.go diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go index 94a1cf7c07..39fb87fbaa 100644 --- a/services/keep-web/handler_test.go +++ b/services/keep-web/handler_test.go @@ -1,14 +1,23 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: AGPL-3.0 + package main import ( + "bytes" + "fmt" "html" "io/ioutil" "net/http" "net/http/httptest" "net/url" + "os" + "path/filepath" "regexp" "strings" + "git.curoverse.com/arvados.git/sdk/go/arvados" "git.curoverse.com/arvados.git/sdk/go/arvadostest" "git.curoverse.com/arvados.git/sdk/go/auth" check "gopkg.in/check.v1" @@ -18,6 +27,65 @@ var _ = check.Suite(&UnitSuite{}) type UnitSuite struct{} +func (s *UnitSuite) TestCORSPreflight(c *check.C) { + h := handler{Config: DefaultConfig()} + u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo") + req := &http.Request{ + Method: "OPTIONS", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: http.Header{ + "Origin": {"https://workbench.example"}, + "Access-Control-Request-Method": {"POST"}, + }, + } + + // Check preflight for an allowed request + resp := httptest.NewRecorder() + h.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Body.String(), check.Equals, "") + c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*") + c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL") + c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout") + + // Check preflight for a disallowed request + resp = httptest.NewRecorder() + req.Header.Set("Access-Control-Request-Method", "MAKE-COFFEE") + h.ServeHTTP(resp, req) + c.Check(resp.Body.String(), check.Equals, "") + c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed) +} + +func (s *UnitSuite) TestInvalidUUID(c *check.C) { + bogusID := strings.Replace(arvadostest.FooPdh, "+", "-", 1) + "-" + token := arvadostest.ActiveToken + for _, trial := range []string{ + "http://keep-web/c=" + bogusID + "/foo", + "http://keep-web/c=" + bogusID + "/t=" + token + "/foo", + "http://keep-web/collections/download/" + bogusID + "/" + token + "/foo", + "http://keep-web/collections/" + bogusID + "/foo", + "http://" + bogusID + ".keep-web/" + bogusID + "/foo", + "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo", + } { + c.Log(trial) + u := mustParseURL(trial) + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + } + resp := httptest.NewRecorder() + cfg := DefaultConfig() + cfg.AnonymousTokens = []string{arvadostest.AnonymousToken} + h := handler{Config: cfg} + h.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } +} + func mustParseURL(s string) *url.URL { r, err := url.Parse(s) if err != nil { @@ -38,7 +106,7 @@ func (s *IntegrationSuite) TestVhost404(c *check.C) { URL: u, RequestURI: u.RequestURI(), } - (&handler{}).ServeHTTP(resp, req) + s.testServer.Handler.ServeHTTP(resp, req) c.Check(resp.Code, check.Equals, http.StatusNotFound) c.Check(resp.Body.String(), check.Equals, "") } @@ -51,7 +119,7 @@ func (s *IntegrationSuite) TestVhost404(c *check.C) { type authorizer func(*http.Request, string) int func (s *IntegrationSuite) TestVhostViaAuthzHeader(c *check.C) { - doVhostRequests(c, authzViaAuthzHeader) + s.doVhostRequests(c, authzViaAuthzHeader) } func authzViaAuthzHeader(r *http.Request, tok string) int { r.Header.Add("Authorization", "OAuth2 "+tok) @@ -59,7 +127,7 @@ func authzViaAuthzHeader(r *http.Request, tok string) int { } func (s *IntegrationSuite) TestVhostViaCookieValue(c *check.C) { - doVhostRequests(c, authzViaCookieValue) + s.doVhostRequests(c, authzViaCookieValue) } func authzViaCookieValue(r *http.Request, tok string) int { r.AddCookie(&http.Cookie{ @@ -70,7 +138,7 @@ func authzViaCookieValue(r *http.Request, tok string) int { } func (s *IntegrationSuite) TestVhostViaPath(c *check.C) { - doVhostRequests(c, authzViaPath) + s.doVhostRequests(c, authzViaPath) } func authzViaPath(r *http.Request, tok string) int { r.URL.Path = "/t=" + tok + r.URL.Path @@ -78,7 +146,7 @@ func authzViaPath(r *http.Request, tok string) int { } func (s *IntegrationSuite) TestVhostViaQueryString(c *check.C) { - doVhostRequests(c, authzViaQueryString) + s.doVhostRequests(c, authzViaQueryString) } func authzViaQueryString(r *http.Request, tok string) int { r.URL.RawQuery = "api_token=" + tok @@ -86,7 +154,7 @@ func authzViaQueryString(r *http.Request, tok string) int { } func (s *IntegrationSuite) TestVhostViaPOST(c *check.C) { - doVhostRequests(c, authzViaPOST) + s.doVhostRequests(c, authzViaPOST) } func authzViaPOST(r *http.Request, tok string) int { r.Method = "POST" @@ -96,9 +164,24 @@ func authzViaPOST(r *http.Request, tok string) int { return http.StatusUnauthorized } +func (s *IntegrationSuite) TestVhostViaXHRPOST(c *check.C) { + s.doVhostRequests(c, authzViaPOST) +} +func authzViaXHRPOST(r *http.Request, tok string) int { + r.Method = "POST" + r.Header.Add("Content-Type", "application/x-www-form-urlencoded") + r.Header.Add("Origin", "https://origin.example") + r.Body = ioutil.NopCloser(strings.NewReader( + url.Values{ + "api_token": {tok}, + "disposition": {"attachment"}, + }.Encode())) + return http.StatusUnauthorized +} + // Try some combinations of {url, token} using the given authorization // mechanism, and verify the result is correct. -func doVhostRequests(c *check.C, authz authorizer) { +func (s *IntegrationSuite) doVhostRequests(c *check.C, authz authorizer) { for _, hostPath := range []string{ arvadostest.FooCollection + ".example.com/foo", arvadostest.FooCollection + "--collections.example.com/foo", @@ -108,11 +191,11 @@ func doVhostRequests(c *check.C, authz authorizer) { arvadostest.FooBarDirCollection + ".example.com/dir1/foo", } { c.Log("doRequests: ", hostPath) - doVhostRequestsWithHostPath(c, authz, hostPath) + s.doVhostRequestsWithHostPath(c, authz, hostPath) } } -func doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) { +func (s *IntegrationSuite) doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) { for _, tok := range []string{ arvadostest.ActiveToken, arvadostest.ActiveToken[:15], @@ -129,11 +212,18 @@ func doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) Header: http.Header{}, } failCode := authz(req, tok) - resp := doReq(req) + req, resp := s.doReq(req) code, body := resp.Code, resp.Body.String() + + // If the initial request had a (non-empty) token + // showing in the query string, we should have been + // redirected in order to hide it in a cookie. + c.Check(req.URL.String(), check.Not(check.Matches), `.*api_token=.+`) + if tok == arvadostest.ActiveToken { c.Check(code, check.Equals, http.StatusOK) c.Check(body, check.Equals, "foo") + } else { c.Check(code >= 400, check.Equals, true) c.Check(code < 500, check.Equals, true) @@ -151,11 +241,11 @@ func doVhostRequestsWithHostPath(c *check.C, authz authorizer, hostPath string) } } -func doReq(req *http.Request) *httptest.ResponseRecorder { +func (s *IntegrationSuite) doReq(req *http.Request) (*http.Request, *httptest.ResponseRecorder) { resp := httptest.NewRecorder() - (&handler{}).ServeHTTP(resp, req) + s.testServer.Handler.ServeHTTP(resp, req) if resp.Code != http.StatusSeeOther { - return resp + return req, resp } cookies := (&http.Response{Header: resp.Header()}).Cookies() u, _ := req.URL.Parse(resp.Header().Get("Location")) @@ -169,7 +259,7 @@ func doReq(req *http.Request) *httptest.ResponseRecorder { for _, c := range cookies { req.AddCookie(c) } - return doReq(req) + return s.doReq(req) } func (s *IntegrationSuite) TestVhostRedirectQueryTokenToCookie(c *check.C) { @@ -244,14 +334,46 @@ func (s *IntegrationSuite) TestVhostRedirectQueryTokenRequestAttachment(c *check http.StatusOK, "foo", ) - c.Check(strings.Split(resp.Header().Get("Content-Disposition"), ";")[0], check.Equals, "attachment") + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") +} + +func (s *IntegrationSuite) TestVhostRedirectQueryTokenSiteFS(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + resp := s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/by_id/"+arvadostest.FooCollection+"/foo", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "foo", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") +} + +func (s *IntegrationSuite) TestPastCollectionVersionFileAccess(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + resp := s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/c="+arvadostest.WazVersion1Collection+"/waz", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "waz", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") + resp = s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/by_id/"+arvadostest.WazVersion1Collection+"/waz", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "waz", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") } func (s *IntegrationSuite) TestVhostRedirectQueryTokenTrustAllContent(c *check.C) { - defer func(orig bool) { - trustAllContent = orig - }(trustAllContent) - trustAllContent = true + s.testServer.Config.TrustAllContent = true s.testVhostRedirectTokenToCookie(c, "GET", "example.com/c="+arvadostest.FooCollection+"/foo", "?api_token="+arvadostest.ActiveToken, @@ -263,10 +385,7 @@ func (s *IntegrationSuite) TestVhostRedirectQueryTokenTrustAllContent(c *check.C } func (s *IntegrationSuite) TestVhostRedirectQueryTokenAttachmentOnlyHost(c *check.C) { - defer func(orig string) { - attachmentOnlyHost = orig - }(attachmentOnlyHost) - attachmentOnlyHost = "example.com:1234" + s.testServer.Config.AttachmentOnlyHost = "example.com:1234" s.testVhostRedirectTokenToCookie(c, "GET", "example.com/c="+arvadostest.FooCollection+"/foo", @@ -311,7 +430,7 @@ func (s *IntegrationSuite) TestVhostRedirectPOSTFormTokenToCookie404(c *check.C) } func (s *IntegrationSuite) TestAnonymousTokenOK(c *check.C) { - anonymousTokens = []string{arvadostest.AnonymousToken} + s.testServer.Config.AnonymousTokens = []string{arvadostest.AnonymousToken} s.testVhostRedirectTokenToCookie(c, "GET", "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt", "", @@ -323,7 +442,7 @@ func (s *IntegrationSuite) TestAnonymousTokenOK(c *check.C) { } func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) { - anonymousTokens = []string{"anonymousTokenConfiguredButInvalid"} + s.testServer.Config.AnonymousTokens = []string{"anonymousTokenConfiguredButInvalid"} s.testVhostRedirectTokenToCookie(c, "GET", "example.com/c="+arvadostest.HelloWorldCollection+"/Hello%20world.txt", "", @@ -334,46 +453,64 @@ func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) { ) } -func (s *IntegrationSuite) TestRange(c *check.C) { - u, _ := url.Parse("http://example.com/c=" + arvadostest.HelloWorldCollection + "/Hello%20world.txt") +func (s *IntegrationSuite) TestSpecialCharsInPath(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + + client := s.testServer.Config.Client + client.AuthToken = arvadostest.ActiveToken + fs, err := (&arvados.Collection{}).FileSystem(&client, nil) + c.Assert(err, check.IsNil) + f, err := fs.OpenFile("https:\\\"odd' path chars", os.O_CREATE, 0777) + c.Assert(err, check.IsNil) + f.Close() + mtxt, err := fs.MarshalManifest(".") + c.Assert(err, check.IsNil) + coll := arvados.Collection{ManifestText: mtxt} + err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", client.UpdateBody(coll), nil) + c.Assert(err, check.IsNil) + + u, _ := url.Parse("http://download.example.com/c=" + coll.UUID + "/") req := &http.Request{ Method: "GET", Host: u.Host, URL: u, RequestURI: u.RequestURI(), - Header: http.Header{"Range": {"bytes=0-4"}}, + Header: http.Header{ + "Authorization": {"Bearer " + client.AuthToken}, + }, } resp := httptest.NewRecorder() - (&handler{}).ServeHTTP(resp, req) - c.Check(resp.Code, check.Equals, http.StatusPartialContent) - c.Check(resp.Body.String(), check.Equals, "Hello") - c.Check(resp.Header().Get("Content-Length"), check.Equals, "5") - c.Check(resp.Header().Get("Content-Range"), check.Equals, "bytes 0-4/12") - - req.Header.Set("Range", "bytes=0-") - resp = httptest.NewRecorder() - (&handler{}).ServeHTTP(resp, req) - // 200 and 206 are both correct: + s.testServer.Handler.ServeHTTP(resp, req) c.Check(resp.Code, check.Equals, http.StatusOK) - c.Check(resp.Body.String(), check.Equals, "Hello world\n") - c.Check(resp.Header().Get("Content-Length"), check.Equals, "12") - - // Unsupported ranges are ignored - for _, hdr := range []string{ - "bytes=5-5", // non-zero start byte - "bytes=-5", // last 5 bytes - "cubits=0-5", // unsupported unit - "bytes=0-340282366920938463463374607431768211456", // 2^128 - } { - req.Header.Set("Range", hdr) - resp = httptest.NewRecorder() - (&handler{}).ServeHTTP(resp, req) - c.Check(resp.Code, check.Equals, http.StatusOK) - c.Check(resp.Body.String(), check.Equals, "Hello world\n") - c.Check(resp.Header().Get("Content-Length"), check.Equals, "12") - c.Check(resp.Header().Get("Content-Range"), check.Equals, "") - c.Check(resp.Header().Get("Accept-Ranges"), check.Equals, "bytes") + c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./https:%5c%22odd%27%20path%20chars"\S+https:\\"odd' path chars.*`) +} + +// XHRs can't follow redirect-with-cookie so they rely on method=POST +// and disposition=attachment (telling us it's acceptable to respond +// with content instead of a redirect) and an Origin header that gets +// added automatically by the browser (telling us it's desirable to do +// so). +func (s *IntegrationSuite) TestXHRNoRedirect(c *check.C) { + u, _ := url.Parse("http://example.com/c=" + arvadostest.FooCollection + "/foo") + req := &http.Request{ + Method: "POST", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: http.Header{ + "Origin": {"https://origin.example"}, + "Content-Type": {"application/x-www-form-urlencoded"}, + }, + Body: ioutil.NopCloser(strings.NewReader(url.Values{ + "api_token": {arvadostest.ActiveToken}, + "disposition": {"attachment"}, + }.Encode())), } + resp := httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Body.String(), check.Equals, "foo") + c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*") } func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, hostPath, queryString, contentType, reqBody string, expectStatus int, expectRespBody string) *httptest.ResponseRecorder { @@ -393,11 +530,11 @@ func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, ho c.Check(resp.Body.String(), check.Equals, expectRespBody) }() - (&handler{}).ServeHTTP(resp, req) + s.testServer.Handler.ServeHTTP(resp, req) if resp.Code != http.StatusSeeOther { return resp } - c.Check(resp.Body.String(), check.Matches, `.*href="//`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`) + c.Check(resp.Body.String(), check.Matches, `.*href="http://`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`) cookies := (&http.Response{Header: resp.Header()}).Cookies() u, _ = u.Parse(resp.Header().Get("Location")) @@ -413,7 +550,288 @@ func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, ho } resp = httptest.NewRecorder() - (&handler{}).ServeHTTP(resp, req) + s.testServer.Handler.ServeHTTP(resp, req) c.Check(resp.Header().Get("Location"), check.Equals, "") return resp } + +func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + authHeader := http.Header{ + "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, + } + for _, trial := range []struct { + uri string + header http.Header + expect []string + redirect string + cutDirs int + }{ + { + uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/", + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 0, + }, + { + uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/dir1/", + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 1, + }, + { + uri: "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/", + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "download.example.com/users/active/foo_file_in_dir/", + header: authHeader, + expect: []string{"dir1/"}, + cutDirs: 3, + }, + { + uri: "download.example.com/users/active/foo_file_in_dir/dir1/", + header: authHeader, + expect: []string{"bar"}, + cutDirs: 4, + }, + { + uri: "download.example.com/", + header: authHeader, + expect: []string{"users/"}, + cutDirs: 0, + }, + { + uri: "download.example.com/users", + header: authHeader, + redirect: "/users/", + expect: []string{"active/"}, + cutDirs: 1, + }, + { + uri: "download.example.com/users/", + header: authHeader, + expect: []string{"active/"}, + cutDirs: 1, + }, + { + uri: "download.example.com/users/active", + header: authHeader, + redirect: "/users/active/", + expect: []string{"foo_file_in_dir/"}, + cutDirs: 2, + }, + { + uri: "download.example.com/users/active/", + header: authHeader, + expect: []string{"foo_file_in_dir/"}, + cutDirs: 2, + }, + { + uri: "collections.example.com/collections/download/" + arvadostest.FooAndBarFilesInDirUUID + "/" + arvadostest.ActiveToken + "/", + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 4, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken + "/", + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/t=" + arvadostest.ActiveToken, + header: nil, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 2, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID, + header: authHeader, + expect: []string{"dir1/foo", "dir1/bar"}, + cutDirs: 1, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1", + header: authHeader, + redirect: "/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/", + expect: []string{"foo", "bar"}, + cutDirs: 2, + }, + { + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/_/dir1/", + header: authHeader, + expect: []string{"foo", "bar"}, + cutDirs: 3, + }, + { + uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken, + header: authHeader, + redirect: "/dir1/", + expect: []string{"foo", "bar"}, + cutDirs: 1, + }, + { + uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/theperthcountyconspiracydoesnotexist/", + header: authHeader, + expect: nil, + }, + { + uri: "download.example.com/c=" + arvadostest.WazVersion1Collection, + header: authHeader, + expect: []string{"waz"}, + cutDirs: 1, + }, + { + uri: "download.example.com/by_id/" + arvadostest.WazVersion1Collection, + header: authHeader, + expect: []string{"waz"}, + cutDirs: 2, + }, + } { + c.Logf("HTML: %q => %q", trial.uri, trial.expect) + resp := httptest.NewRecorder() + u := mustParseURL("//" + trial.uri) + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: copyHeader(trial.header), + } + s.testServer.Handler.ServeHTTP(resp, req) + var cookies []*http.Cookie + for resp.Code == http.StatusSeeOther { + u, _ := req.URL.Parse(resp.Header().Get("Location")) + req = &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: copyHeader(trial.header), + } + cookies = append(cookies, (&http.Response{Header: resp.Header()}).Cookies()...) + for _, c := range cookies { + req.AddCookie(c) + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + } + if trial.redirect != "" { + c.Check(req.URL.Path, check.Equals, trial.redirect) + } + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusOK) + for _, e := range trial.expect { + c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./`+e+`".*`) + } + c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`) + } + + c.Logf("WebDAV: %q => %q", trial.uri, trial.expect) + req = &http.Request{ + Method: "OPTIONS", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: copyHeader(trial.header), + Body: ioutil.NopCloser(&bytes.Buffer{}), + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusOK) + } + + req = &http.Request{ + Method: "PROPFIND", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: copyHeader(trial.header), + Body: ioutil.NopCloser(&bytes.Buffer{}), + } + resp = httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + if trial.expect == nil { + c.Check(resp.Code, check.Equals, http.StatusNotFound) + } else { + c.Check(resp.Code, check.Equals, http.StatusMultiStatus) + for _, e := range trial.expect { + c.Check(resp.Body.String(), check.Matches, `(?ms).*`+filepath.Join(u.Path, e)+`.*`) + } + } + } +} + +func (s *IntegrationSuite) TestDeleteLastFile(c *check.C) { + arv := arvados.NewClientFromEnv() + var newCollection arvados.Collection + err := arv.RequestAndDecode(&newCollection, "POST", "arvados/v1/collections", arv.UpdateBody(&arvados.Collection{ + OwnerUUID: arvadostest.ActiveUserUUID, + ManifestText: ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo.txt 0:3:bar.txt\n", + Name: "keep-web test collection", + }), map[string]bool{"ensure_unique_name": true}) + c.Assert(err, check.IsNil) + defer arv.RequestAndDecode(&newCollection, "DELETE", "arvados/v1/collections/"+newCollection.UUID, nil, nil) + + var updated arvados.Collection + for _, fnm := range []string{"foo.txt", "bar.txt"} { + s.testServer.Config.AttachmentOnlyHost = "example.com" + u, _ := url.Parse("http://example.com/c=" + newCollection.UUID + "/" + fnm) + req := &http.Request{ + Method: "DELETE", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: http.Header{ + "Authorization": {"Bearer " + arvadostest.ActiveToken}, + }, + } + resp := httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusNoContent) + + updated = arvados.Collection{} + err = arv.RequestAndDecode(&updated, "GET", "arvados/v1/collections/"+newCollection.UUID, nil, nil) + c.Check(err, check.IsNil) + c.Check(updated.ManifestText, check.Not(check.Matches), `(?ms).*\Q`+fnm+`\E.*`) + c.Logf("updated manifest_text %q", updated.ManifestText) + } + c.Check(updated.ManifestText, check.Equals, "") +} + +func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) { + s.testServer.Config.ManagementToken = arvadostest.ManagementToken + authHeader := http.Header{ + "Authorization": {"Bearer " + arvadostest.ManagementToken}, + } + + resp := httptest.NewRecorder() + u := mustParseURL("http://download.example.com/_health/ping") + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: authHeader, + } + s.testServer.Handler.ServeHTTP(resp, req) + + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Body.String(), check.Matches, `{"health":"OK"}\n`) +} + +func copyHeader(h http.Header) http.Header { + hc := http.Header{} + for k, v := range h { + hc[k] = append([]string(nil), v...) + } + return hc +}