X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ec0c244be178aed7af0cf990a256dda557034b68..231a86fd3f7e30e9f66d71d92ad7c26578637e37:/services/keep-web/handler_test.go diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go index 6bd34d7113..93259f74cd 100644 --- a/services/keep-web/handler_test.go +++ b/services/keep-web/handler_test.go @@ -12,10 +12,12 @@ import ( "net/http" "net/http/httptest" "net/url" + "os" "path/filepath" "regexp" "strings" + "git.curoverse.com/arvados.git/sdk/go/arvados" "git.curoverse.com/arvados.git/sdk/go/arvadostest" "git.curoverse.com/arvados.git/sdk/go/auth" check "gopkg.in/check.v1" @@ -27,7 +29,7 @@ type UnitSuite struct{} func (s *UnitSuite) TestCORSPreflight(c *check.C) { h := handler{Config: DefaultConfig()} - u, _ := url.Parse("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo") + u := mustParseURL("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo") req := &http.Request{ Method: "OPTIONS", Host: u.Host, @@ -45,19 +47,19 @@ func (s *UnitSuite) TestCORSPreflight(c *check.C) { c.Check(resp.Code, check.Equals, http.StatusOK) c.Check(resp.Body.String(), check.Equals, "") c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*") - c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "GET, POST, OPTIONS, PROPFIND") - c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range") + c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK") + c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Authorization, Content-Type, Range, Depth, Destination, If, Lock-Token, Overwrite, Timeout") // Check preflight for a disallowed request resp = httptest.NewRecorder() - req.Header.Set("Access-Control-Request-Method", "DELETE") + req.Header.Set("Access-Control-Request-Method", "MAKE-COFFEE") h.ServeHTTP(resp, req) c.Check(resp.Body.String(), check.Equals, "") c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed) } func (s *UnitSuite) TestInvalidUUID(c *check.C) { - bogusID := strings.Replace(arvadostest.FooPdh, "+", "-", 1) + "-" + bogusID := strings.Replace(arvadostest.FooCollectionPDH, "+", "-", 1) + "-" token := arvadostest.ActiveToken for _, trial := range []string{ "http://keep-web/c=" + bogusID + "/foo", @@ -68,8 +70,7 @@ func (s *UnitSuite) TestInvalidUUID(c *check.C) { "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo", } { c.Log(trial) - u, err := url.Parse(trial) - c.Assert(err, check.IsNil) + u := mustParseURL(trial) req := &http.Request{ Method: "GET", Host: u.Host, @@ -185,8 +186,8 @@ func (s *IntegrationSuite) doVhostRequests(c *check.C, authz authorizer) { arvadostest.FooCollection + ".example.com/foo", arvadostest.FooCollection + "--collections.example.com/foo", arvadostest.FooCollection + "--collections.example.com/_/foo", - arvadostest.FooPdh + ".example.com/foo", - strings.Replace(arvadostest.FooPdh, "+", "-", -1) + "--collections.example.com/foo", + arvadostest.FooCollectionPDH + ".example.com/foo", + strings.Replace(arvadostest.FooCollectionPDH, "+", "-", -1) + "--collections.example.com/foo", arvadostest.FooBarDirCollection + ".example.com/dir1/foo", } { c.Log("doRequests: ", hostPath) @@ -333,7 +334,42 @@ func (s *IntegrationSuite) TestVhostRedirectQueryTokenRequestAttachment(c *check http.StatusOK, "foo", ) - c.Check(strings.Split(resp.Header().Get("Content-Disposition"), ";")[0], check.Equals, "attachment") + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") +} + +func (s *IntegrationSuite) TestVhostRedirectQueryTokenSiteFS(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + resp := s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/by_id/"+arvadostest.FooCollection+"/foo", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "foo", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") +} + +func (s *IntegrationSuite) TestPastCollectionVersionFileAccess(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + resp := s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/c="+arvadostest.WazVersion1Collection+"/waz", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "waz", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") + resp = s.testVhostRedirectTokenToCookie(c, "GET", + "download.example.com/by_id/"+arvadostest.WazVersion1Collection+"/waz", + "?api_token="+arvadostest.ActiveToken, + "", + "", + http.StatusOK, + "waz", + ) + c.Check(resp.Header().Get("Content-Disposition"), check.Matches, "attachment(;.*)?") } func (s *IntegrationSuite) TestVhostRedirectQueryTokenTrustAllContent(c *check.C) { @@ -417,6 +453,42 @@ func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) { ) } +func (s *IntegrationSuite) TestSpecialCharsInPath(c *check.C) { + s.testServer.Config.AttachmentOnlyHost = "download.example.com" + + client := s.testServer.Config.Client + client.AuthToken = arvadostest.ActiveToken + fs, err := (&arvados.Collection{}).FileSystem(&client, nil) + c.Assert(err, check.IsNil) + f, err := fs.OpenFile("https:\\\"odd' path chars", os.O_CREATE, 0777) + c.Assert(err, check.IsNil) + f.Close() + mtxt, err := fs.MarshalManifest(".") + c.Assert(err, check.IsNil) + var coll arvados.Collection + err = client.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{ + "collection": map[string]string{ + "manifest_text": mtxt, + }, + }) + c.Assert(err, check.IsNil) + + u, _ := url.Parse("http://download.example.com/c=" + coll.UUID + "/") + req := &http.Request{ + Method: "GET", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: http.Header{ + "Authorization": {"Bearer " + client.AuthToken}, + }, + } + resp := httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./https:%5c%22odd%27%20path%20chars"\S+https:\\"odd' path chars.*`) +} + // XHRs can't follow redirect-with-cookie so they rely on method=POST // and disposition=attachment (telling us it's acceptable to respond // with content instead of a redirect) and an Origin header that gets @@ -466,7 +538,7 @@ func (s *IntegrationSuite) testVhostRedirectTokenToCookie(c *check.C, method, ho if resp.Code != http.StatusSeeOther { return resp } - c.Check(resp.Body.String(), check.Matches, `.*href="//`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`) + c.Check(resp.Body.String(), check.Matches, `.*href="http://`+regexp.QuoteMeta(html.EscapeString(hostPath))+`(\?[^"]*)?".*`) cookies := (&http.Response{Header: resp.Header()}).Cookies() u, _ = u.Parse(resp.Header().Get("Location")) @@ -493,10 +565,11 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { "Authorization": {"OAuth2 " + arvadostest.ActiveToken}, } for _, trial := range []struct { - uri string - header http.Header - expect []string - cutDirs int + uri string + header http.Header + expect []string + redirect string + cutDirs int }{ { uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/", @@ -508,7 +581,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { uri: strings.Replace(arvadostest.FooAndBarFilesInDirPDH, "+", "-", -1) + ".example.com/dir1/", header: authHeader, expect: []string{"foo", "bar"}, - cutDirs: 0, + cutDirs: 1, }, { uri: "download.example.com/collections/" + arvadostest.FooAndBarFilesInDirUUID + "/", @@ -516,6 +589,50 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { expect: []string{"dir1/foo", "dir1/bar"}, cutDirs: 2, }, + { + uri: "download.example.com/users/active/foo_file_in_dir/", + header: authHeader, + expect: []string{"dir1/"}, + cutDirs: 3, + }, + { + uri: "download.example.com/users/active/foo_file_in_dir/dir1/", + header: authHeader, + expect: []string{"bar"}, + cutDirs: 4, + }, + { + uri: "download.example.com/", + header: authHeader, + expect: []string{"users/"}, + cutDirs: 0, + }, + { + uri: "download.example.com/users", + header: authHeader, + redirect: "/users/", + expect: []string{"active/"}, + cutDirs: 1, + }, + { + uri: "download.example.com/users/", + header: authHeader, + expect: []string{"active/"}, + cutDirs: 1, + }, + { + uri: "download.example.com/users/active", + header: authHeader, + redirect: "/users/active/", + expect: []string{"foo_file_in_dir/"}, + cutDirs: 2, + }, + { + uri: "download.example.com/users/active/", + header: authHeader, + expect: []string{"foo_file_in_dir/"}, + cutDirs: 2, + }, { uri: "collections.example.com/collections/download/" + arvadostest.FooAndBarFilesInDirUUID + "/" + arvadostest.ActiveToken + "/", header: nil, @@ -541,28 +658,42 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { cutDirs: 1, }, { - uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/", - header: authHeader, - expect: []string{"foo", "bar"}, - cutDirs: 1, + uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1", + header: authHeader, + redirect: "/c=" + arvadostest.FooAndBarFilesInDirUUID + "/dir1/", + expect: []string{"foo", "bar"}, + cutDirs: 2, }, { uri: "download.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/_/dir1/", header: authHeader, expect: []string{"foo", "bar"}, - cutDirs: 2, + cutDirs: 3, }, { - uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken, - header: authHeader, - expect: []string{"foo", "bar"}, - cutDirs: 0, + uri: arvadostest.FooAndBarFilesInDirUUID + ".example.com/dir1?api_token=" + arvadostest.ActiveToken, + header: authHeader, + redirect: "/dir1/", + expect: []string{"foo", "bar"}, + cutDirs: 1, }, { uri: "collections.example.com/c=" + arvadostest.FooAndBarFilesInDirUUID + "/theperthcountyconspiracydoesnotexist/", header: authHeader, expect: nil, }, + { + uri: "download.example.com/c=" + arvadostest.WazVersion1Collection, + header: authHeader, + expect: []string{"waz"}, + cutDirs: 1, + }, + { + uri: "download.example.com/by_id/" + arvadostest.WazVersion1Collection, + header: authHeader, + expect: []string{"waz"}, + cutDirs: 2, + }, } { c.Logf("HTML: %q => %q", trial.uri, trial.expect) resp := httptest.NewRecorder() @@ -572,7 +703,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { Host: u.Host, URL: u, RequestURI: u.RequestURI(), - Header: trial.header, + Header: copyHeader(trial.header), } s.testServer.Handler.ServeHTTP(resp, req) var cookies []*http.Cookie @@ -583,7 +714,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { Host: u.Host, URL: u, RequestURI: u.RequestURI(), - Header: trial.header, + Header: copyHeader(trial.header), } cookies = append(cookies, (&http.Response{Header: resp.Header()}).Cookies()...) for _, c := range cookies { @@ -592,12 +723,15 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { resp = httptest.NewRecorder() s.testServer.Handler.ServeHTTP(resp, req) } + if trial.redirect != "" { + c.Check(req.URL.Path, check.Equals, trial.redirect) + } if trial.expect == nil { c.Check(resp.Code, check.Equals, http.StatusNotFound) } else { c.Check(resp.Code, check.Equals, http.StatusOK) for _, e := range trial.expect { - c.Check(resp.Body.String(), check.Matches, `(?ms).*href="`+e+`".*`) + c.Check(resp.Body.String(), check.Matches, `(?ms).*href="./`+e+`".*`) } c.Check(resp.Body.String(), check.Matches, `(?ms).*--cut-dirs=`+fmt.Sprintf("%d", trial.cutDirs)+` .*`) } @@ -608,7 +742,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { Host: u.Host, URL: u, RequestURI: u.RequestURI(), - Header: trial.header, + Header: copyHeader(trial.header), Body: ioutil.NopCloser(&bytes.Buffer{}), } resp = httptest.NewRecorder() @@ -624,7 +758,7 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { Host: u.Host, URL: u, RequestURI: u.RequestURI(), - Header: trial.header, + Header: copyHeader(trial.header), Body: ioutil.NopCloser(&bytes.Buffer{}), } resp = httptest.NewRecorder() @@ -640,6 +774,46 @@ func (s *IntegrationSuite) TestDirectoryListing(c *check.C) { } } +func (s *IntegrationSuite) TestDeleteLastFile(c *check.C) { + arv := arvados.NewClientFromEnv() + var newCollection arvados.Collection + err := arv.RequestAndDecode(&newCollection, "POST", "arvados/v1/collections", nil, map[string]interface{}{ + "collection": map[string]string{ + "owner_uuid": arvadostest.ActiveUserUUID, + "manifest_text": ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo.txt 0:3:bar.txt\n", + "name": "keep-web test collection", + }, + "ensure_unique_name": true, + }) + c.Assert(err, check.IsNil) + defer arv.RequestAndDecode(&newCollection, "DELETE", "arvados/v1/collections/"+newCollection.UUID, nil, nil) + + var updated arvados.Collection + for _, fnm := range []string{"foo.txt", "bar.txt"} { + s.testServer.Config.AttachmentOnlyHost = "example.com" + u, _ := url.Parse("http://example.com/c=" + newCollection.UUID + "/" + fnm) + req := &http.Request{ + Method: "DELETE", + Host: u.Host, + URL: u, + RequestURI: u.RequestURI(), + Header: http.Header{ + "Authorization": {"Bearer " + arvadostest.ActiveToken}, + }, + } + resp := httptest.NewRecorder() + s.testServer.Handler.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusNoContent) + + updated = arvados.Collection{} + err = arv.RequestAndDecode(&updated, "GET", "arvados/v1/collections/"+newCollection.UUID, nil, nil) + c.Check(err, check.IsNil) + c.Check(updated.ManifestText, check.Not(check.Matches), `(?ms).*\Q`+fnm+`\E.*`) + c.Logf("updated manifest_text %q", updated.ManifestText) + } + c.Check(updated.ManifestText, check.Equals, "") +} + func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) { s.testServer.Config.ManagementToken = arvadostest.ManagementToken authHeader := http.Header{ @@ -660,3 +834,11 @@ func (s *IntegrationSuite) TestHealthCheckPing(c *check.C) { c.Check(resp.Code, check.Equals, http.StatusOK) c.Check(resp.Body.String(), check.Matches, `{"health":"OK"}\n`) } + +func copyHeader(h http.Header) http.Header { + hc := http.Header{} + for k, v := range h { + hc[k] = append([]string(nil), v...) + } + return hc +}