X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a6c0e01403377311a12f6d9ae587d92dbc00e1fd..bb3c3a0792e1f6be7fcb5e663ac82d5a9c9c0c13:/services/api/test/functional/arvados/v1/collections_controller_test.rb?ds=sidebyside

diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb
index 8b2725a4bd..9c7f4886af 100644
--- a/services/api/test/functional/arvados/v1/collections_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb
@@ -2,11 +2,71 @@ require 'test_helper'
 
 class Arvados::V1::CollectionsControllerTest < ActionController::TestCase
 
+  setup do
+    # Unless otherwise specified in the test, we want normal/secure behavior.
+    permit_unsigned_manifests false
+  end
+
+  teardown do
+    # Reset to secure behavior after each test.
+    permit_unsigned_manifests false
+  end
+
+  def permit_unsigned_manifests isok=true
+    # Set security model for the life of a test.
+    Rails.configuration.permit_create_collection_with_unsigned_manifest = isok
+  end
+
   test "should get index" do
     authorize_with :active
     get :index
     assert_response :success
-    assert_not_nil assigns(:objects)
+    assert(assigns(:objects).andand.any?, "no Collections returned in index")
+    refute(json_response["items"].any? { |c| c.has_key?("manifest_text") },
+           "basic Collections index included manifest_text")
+  end
+
+  test "can get non-database fields via index select" do
+    authorize_with :active
+    get(:index, filters: [["uuid", "=", collections(:foo_file).uuid]],
+        select: %w(uuid owner_uuid files))
+    assert_response :success
+    assert_equal(1, json_response["items"].andand.size,
+                 "wrong number of items returned for index")
+    assert_equal([[".", "foo", 3]], json_response["items"].first["files"],
+                 "wrong file list in index result")
+  end
+
+  test "can select only non-database fields for index" do
+    authorize_with :active
+    get(:index, select: %w(data_size files))
+    assert_response :success
+    assert(json_response["items"].andand.any?, "no items found in index")
+    json_response["items"].each do |coll|
+      assert_equal(coll["data_size"],
+                   coll["files"].inject(0) { |size, fspec| size + fspec.last },
+                   "mismatch between data size and file list")
+    end
+  end
+
+  test "index with manifest_text selected returns signed locators" do
+    columns = %w(uuid owner_uuid data_size files manifest_text)
+    authorize_with :active
+    get :index, select: columns
+    assert_response :success
+    assert(assigns(:objects).andand.any?,
+           "no Collections returned for index with columns selected")
+    json_response["items"].each do |coll|
+      assert_equal(columns, columns & coll.keys,
+                   "Collections index did not respect selected columns")
+      loc_regexp = / [[:xdigit:]]{32}\+\d+\S+/
+      pos = 0
+      while match = loc_regexp.match(coll["manifest_text"], pos)
+        assert_match(/\+A[[:xdigit:]]+@[[:xdigit:]]{8}\b/, match.to_s,
+                     "Locator in manifest_text was not signed")
+        pos = match.end(0)
+      end
+    end
   end
 
   [0,1,2].each do |limit|
@@ -42,7 +102,8 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase
     assert_equal 99999, resp['offset']
   end
 
-  test "should create" do
+  test "create with unsigned manifest" do
+    permit_unsigned_manifests
     authorize_with :active
     test_collection = {
       manifest_text: <<-EOS
@@ -56,9 +117,14 @@ EOS
       Digest::MD5.hexdigest(test_collection[:manifest_text]) +
       '+' +
       test_collection[:manifest_text].length.to_s
+
+    # post :create will modify test_collection in place, so we save a copy first.
+    # Hash.deep_dup is not sufficient as it preserves references of strings (??!?)
+    post_collection = Marshal.load(Marshal.dump(test_collection))
     post :create, {
-      collection: test_collection
+      collection: post_collection
     }
+
     assert_response :success
     assert_nil assigns(:objects)
 
@@ -69,7 +135,11 @@ EOS
     assert_not_nil assigns(:object)
     resp = JSON.parse(@response.body)
     assert_equal test_collection[:uuid], resp['uuid']
-    assert_equal test_collection[:manifest_text], resp['manifest_text']
+
+    # The manifest in the response will have had permission hints added.
+    # Remove any permission hints in the response before comparing it to the source.
+    stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '')
+    assert_equal test_collection[:manifest_text], stripped_manifest
     assert_equal 9, resp['data_size']
     assert_equal [['.', 'foo.txt', 0],
                   ['.', 'bar.txt', 6],
@@ -96,6 +166,7 @@ EOS
   end
 
   test "create with owner_uuid set to owned group" do
+    permit_unsigned_manifests
     authorize_with :active
     manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
     post :create, {
@@ -111,6 +182,7 @@ EOS
   end
 
   test "create with owner_uuid set to group i can_manage" do
+    permit_unsigned_manifests
     authorize_with :active
     manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
     post :create, {
@@ -126,6 +198,7 @@ EOS
   end
 
   test "create with owner_uuid set to group with no can_manage permission" do
+    permit_unsigned_manifests
     authorize_with :active
     manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
     post :create, {
@@ -139,6 +212,7 @@ EOS
   end
 
   test "admin create with owner_uuid set to group with no permission" do
+    permit_unsigned_manifests
     authorize_with :admin
     manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n"
     post :create, {
@@ -152,6 +226,7 @@ EOS
   end
 
   test "should create with collection passed as json" do
+    permit_unsigned_manifests
     authorize_with :active
     post :create, {
       collection: <<-EOS
@@ -165,6 +240,7 @@ EOS
   end
 
   test "should fail to create with checksum mismatch" do
+    permit_unsigned_manifests
     authorize_with :active
     post :create, {
       collection: <<-EOS
@@ -178,6 +254,7 @@ EOS
   end
 
   test "collection UUID is normalized when created" do
+    permit_unsigned_manifests
     authorize_with :active
     post :create, {
       collection: {
@@ -234,48 +311,59 @@ EOS
     assert_equal true, !!found.index('1f4b0bc7583c2a7f9102c395f4ffc5e3+45')
   end
 
-  test "create collection with signed manifest" do
-    authorize_with :active
-    locators = %w(
+  [false, true].each do |permit_unsigned|
+    test "create collection with signed manifest, permit_unsigned=#{permit_unsigned}" do
+      permit_unsigned_manifests permit_unsigned
+      authorize_with :active
+      locators = %w(
       d41d8cd98f00b204e9800998ecf8427e+0
       acbd18db4cc2f85cedef654fccc4a4d8+3
       ea10d51bcf88862dbcc36eb292017dfd+45)
 
-    unsigned_manifest = locators.map { |loc|
-      ". " + loc + " 0:0:foo.txt\n"
-    }.join()
-    manifest_uuid = Digest::MD5.hexdigest(unsigned_manifest) +
-      '+' +
-      unsigned_manifest.length.to_s
-
-    # build a manifest with both signed and unsigned locators.
-    # TODO(twp): in phase 4, all locators will need to be signed, so
-    # this test should break and will need to be rewritten. Issue #2755.
-    signing_opts = {
-      key: Rails.configuration.blob_signing_key,
-      api_token: api_token(:active),
-    }
-    signed_manifest =
-      ". " + locators[0] + " 0:0:foo.txt\n" +
-      ". " + Blob.sign_locator(locators[1], signing_opts) + " 0:0:foo.txt\n" +
-      ". " + Blob.sign_locator(locators[2], signing_opts) + " 0:0:foo.txt\n"
-
-    post :create, {
-      collection: {
-        manifest_text: signed_manifest,
-        uuid: manifest_uuid,
+      unsigned_manifest = locators.map { |loc|
+        ". " + loc + " 0:0:foo.txt\n"
+      }.join()
+      manifest_uuid = Digest::MD5.hexdigest(unsigned_manifest) +
+        '+' +
+        unsigned_manifest.length.to_s
+
+      # Build a manifest with both signed and unsigned locators.
+      signing_opts = {
+        key: Rails.configuration.blob_signing_key,
+        api_token: api_token(:active),
       }
-    }
-    assert_response :success
-    assert_not_nil assigns(:object)
-    resp = JSON.parse(@response.body)
-    assert_equal manifest_uuid, resp['uuid']
-    assert_equal 48, resp['data_size']
-    # All of the locators in the output must be signed.
-    resp['manifest_text'].lines.each do |entry|
-      m = /([[:xdigit:]]{32}\+\S+)/.match(entry)
-      if m
-        assert Blob.verify_signature m[0], signing_opts
+      signed_locators = locators.collect do |x|
+        Blob.sign_locator x, signing_opts
+      end
+      if permit_unsigned
+        # Leave a non-empty blob unsigned.
+        signed_locators[1] = locators[1]
+      else
+        # Leave the empty blob unsigned. This should still be allowed.
+        signed_locators[0] = locators[0]
+      end
+      signed_manifest =
+        ". " + signed_locators[0] + " 0:0:foo.txt\n" +
+        ". " + signed_locators[1] + " 0:0:foo.txt\n" +
+        ". " + signed_locators[2] + " 0:0:foo.txt\n"
+
+      post :create, {
+        collection: {
+          manifest_text: signed_manifest,
+          uuid: manifest_uuid,
+        }
+      }
+      assert_response :success
+      assert_not_nil assigns(:object)
+      resp = JSON.parse(@response.body)
+      assert_equal manifest_uuid, resp['uuid']
+      assert_equal 48, resp['data_size']
+      # All of the locators in the output must be signed.
+      resp['manifest_text'].lines.each do |entry|
+        m = /([[:xdigit:]]{32}\+\S+)/.match(entry)
+        if m
+          assert Blob.verify_signature m[0], signing_opts
+        end
       end
     end
   end
@@ -382,6 +470,7 @@ EOS
   end
 
   test "multiple locators per line" do
+    permit_unsigned_manifests
     authorize_with :active
     locators = %w(
       d41d8cd98f00b204e9800998ecf8427e+0
@@ -393,21 +482,28 @@ EOS
       '+' +
       manifest_text.length.to_s
 
+    test_collection = {
+      manifest_text: manifest_text,
+      uuid: manifest_uuid,
+    }
+    post_collection = Marshal.load(Marshal.dump(test_collection))
     post :create, {
-      collection: {
-        manifest_text: manifest_text,
-        uuid: manifest_uuid,
-      }
+      collection: post_collection
     }
     assert_response :success
     assert_not_nil assigns(:object)
     resp = JSON.parse(@response.body)
     assert_equal manifest_uuid, resp['uuid']
     assert_equal 48, resp['data_size']
-    assert_equal resp['manifest_text'], manifest_text
+
+    # The manifest in the response will have had permission hints added.
+    # Remove any permission hints in the response before comparing it to the source.
+    stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '')
+    assert_equal manifest_text, stripped_manifest
   end
 
   test "multiple signed locators per line" do
+    permit_unsigned_manifests
     authorize_with :active
     locators = %w(
       d41d8cd98f00b204e9800998ecf8427e+0
@@ -450,4 +546,20 @@ EOS
     end
     assert_equal locators.count, returned_locator_count
   end
+
+  test 'Reject manifest with unsigned blob' do
+    authorize_with :active
+    unsigned_manifest = ". 0cc175b9c0f1b6a831c399e269772661+1 0:1:a.txt\n"
+    manifest_uuid = Digest::MD5.hexdigest(unsigned_manifest)
+    post :create, {
+      collection: {
+        manifest_text: unsigned_manifest,
+        uuid: manifest_uuid,
+      }
+    }
+    assert_response 403,
+    "Creating a collection with unsigned blobs should respond 403"
+    assert_empty Collection.where('uuid like ?', manifest_uuid+'%'),
+    "Collection should not exist in database after failed create"
+  end
 end