# to read the collection.
opts[:query_token] = usable_token
end
- opts[:disposition] = params[:disposition]
+ opts[:disposition] = params[:disposition] if params[:disposition]
return redirect_to keep_web_url(params[:uuid], params[:file], opts)
end
end
def keep_web_url(uuid_or_pdh, file, opts)
- fmt = {uuid_or_pdh: uuid_or_pdh.sub('+', '-')}
+ munged_id = uuid_or_pdh.sub('+', '-')
+ fmt = {uuid_or_pdh: munged_id}
uri = URI.parse(Rails.configuration.keep_web_url % fmt)
uri.path += '/' unless uri.path.end_with? '/'
if opts[:path_token]
uri.path += '_/'
uri.path += CGI::escape(file)
- query_params = []
+ query = CGI::parse(uri.query || '')
{ query_token: 'api_token',
disposition: 'disposition' }.each do |opt, param|
- if opts[opt]
- query_params << param + '=' + CGI::escape(opts[opt])
+ if opts.include? opt
+ query[param] = opts[opt]
end
end
- unless query_params.empty?
- uri.query = query_params.join '&'
+ unless query.empty?
+ uri.query = query.to_query
+ end
+
+ if query.include? 'api_token' and
+ query['disposition'] != 'attachment' and
+ not uri.host.start_with?(munged_id + "--") and
+ not uri.host.start_with?(munged_id + ".")
+ # keep-web refuses query tokens ("?api_token=X") unless it sees
+ # the collection ID in the hostname, or is running in
+ # attachment-only mode.
+ logger.warn("Single-origin keep_web_url can't serve inline content, " \
+ "but redirecting anyway: #{uri.to_s}")
end
uri.to_s
assert_not_includes @response.body, '<a href="#Upload"'
end
- def setup_for_keep_web cfg='https://%{uuid_or_pdh}.dl.zzzzz.example'
+ def setup_for_keep_web cfg='https://%{uuid_or_pdh}.collections.zzzzz.example'
Rails.configuration.keep_web_url = cfg
@controller.expects(:file_enumerator).never
end
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.dl.zzzzz.example/_/w+a+z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.collections.zzzzz.example/_/w+a+z?api_token=#{tok}", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with reader token" do
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z", reader_token: tok}, session_for(:expired)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.dl.zzzzz.example/t=#{tok}/_/w+a+z", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.collections.zzzzz.example/t=#{tok}/_/w+a+z", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with no token" do
id = api_fixture('collections')['public_text_file'][id_type]
get :show_file, {uuid: id, file: "Hello World.txt"}
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.dl.zzzzz.example/_/Hello+World.txt", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.collections.zzzzz.example/_/Hello+World.txt", @response.redirect_url
+ end
+
+ test "Redirect to keep_web_url via #{id_type} with disposition param" do
+ setup_for_keep_web
+ config_anonymous true
+ id = api_fixture('collections')['public_text_file'][id_type]
+ get :show_file, {
+ uuid: id,
+ file: "Hello World.txt",
+ disposition: 'attachment',
+ }
+ assert_response :redirect
+ assert_equal "https://#{id.sub '+', '-'}.collections.zzzzz.example/_/Hello+World.txt?disposition=attachment", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} using -attachment-only-host mode" do
- setup_for_keep_web 'https://dl.zzzzz.example/c=%{uuid_or_pdh}'
+ setup_for_keep_web 'https://collections.zzzzz.example/c=%{uuid_or_pdh}'
tok = api_fixture('api_client_authorizations')['active']['api_token']
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://dl.zzzzz.example/c=#{id.sub '+', '-'}/_/w+a+z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://collections.zzzzz.example/c=#{id.sub '+', '-'}/_/w+a+z?api_token=#{tok}", @response.redirect_url
end
end