projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d862a83)
13111: Disable siteFS routes for anonymous requests.
authorTom Clegg <tclegg@veritasgenetics.com>
Fri, 27 Apr 2018 20:45:28 +0000 (16:45 -0400)
committerTom Clegg <tclegg@veritasgenetics.com>
Fri, 27 Apr 2018 20:45:28 +0000 (16:45 -0400)
This enables dav clients to use HTTP authentication even when
anonymous tokens are configured.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

services/keep-web/cadaver_test.go patch | blob | history
services/keep-web/handler.go patch | blob | history

diff --git a/services/keep-web/cadaver_test.go b/services/keep-web/cadaver_test.go
index db5d373be76934e6fd48d98498a059040b70c9bd..3814a459d53c46c8b92d7dc40d8fd8cd13ee6ae4 100644 (file)
--- a/services/keep-web/cadaver_test.go
+++ b/services/keep-web/cadaver_test.go
@@ -53,6 +53,8 @@ func (s *IntegrationSuite) TestCadaverUserProject(c *check.C) {
 }
 
 func (s *IntegrationSuite) testCadaver(c *check.C, password string, pathFunc func(arvados.Collection) (string, string, string), skip func(string) bool) {
+       s.testServer.Config.AnonymousTokens = []string{arvadostest.AnonymousToken}
+
        testdata := []byte("the human tragedy consists in the necessity of living with the consequences of actions performed under the pressure of compulsions we do not understand")
 
        tempdir, err := ioutil.TempDir("", "keep-web-test-")
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 8b61b54b97564d9d40dccfe9b5587acebc021e08..1ecf4467873706e61d5fbae7ac28835c542505cd 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -314,6 +314,14 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
                return
        }
 
+       if useSiteFS {
+               if tokens == nil {
+                       tokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
+               }
+               h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
+               return
+       }
+
        targetPath := pathParts[stripParts:]
        if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") {
                // http://ID.example/t=TOKEN/PATH...
@@ -335,11 +343,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
                tokens = append(reqTokens, h.Config.AnonymousTokens...)
        }
 
-       if useSiteFS {
-               h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
-               return
-       }
-
        if len(targetPath) > 0 && targetPath[0] == "_" {
                // If a collection has a directory called "t=foo" or
                // "_", it can be served at