X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/d3502068c07807aea7b36270bdae74b04095df62..dfeee281597cef5539f8c78bc249a6c9bfc19c18:/lib/controller/fed_containers.go

diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index 7fd5b25ad2..c62cea1168 100644
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -12,8 +12,8 @@ import (
 	"net/http"
 	"strings"
 
-	"git.curoverse.com/arvados.git/sdk/go/auth"
-	"git.curoverse.com/arvados.git/sdk/go/httpserver"
+	"git.arvados.org/arvados.git/sdk/go/auth"
+	"git.arvados.org/arvados.git/sdk/go/httpserver"
 )
 
 func remoteContainerRequestCreate(
@@ -33,19 +33,20 @@ func remoteContainerRequestCreate(
 	creds := auth.NewCredentials()
 	creds.LoadTokensFromHTTPRequest(req)
 
-	currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+	currentUser, ok, err := h.handler.validateAPItoken(req, creds.Tokens[0])
 	if err != nil {
-		httpserver.Error(w, err.Error(), http.StatusForbidden)
+		httpserver.Error(w, err.Error(), http.StatusInternalServerError)
+		return true
+	} else if !ok {
+		httpserver.Error(w, "invalid API token", http.StatusForbidden)
 		return true
 	}
 
-	if *clusterId == "" {
-		*clusterId = h.handler.Cluster.ClusterID
-	}
-
-	if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) &&
-		*clusterId == h.handler.Cluster.ClusterID {
-		// local user submitting container request to local cluster
+	if *clusterId == "" || *clusterId == h.handler.Cluster.ClusterID {
+		// Submitting container request to local cluster. No
+		// need to set a runtime_token (rails api will create
+		// one when the container runs) or do a remote cluster
+		// request.
 		return false
 	}