Create a can_login link for a new user object, even if there are already

stray can_login link objects for another user object with the same
e-mail address in the database. Add a test for that scenario, too.

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 50dc668448a9eee7a81a0924cd1c0b27b7b8b18b..f00a42e1a0d01d440341837064d38e44857b0f7c 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -250,7 +250,7 @@ class User < ArvadosModel
     # Check oid_login_perm
     oid_login_perms = Link.where(tail_uuid: self.email,
                                    link_class: 'permission',
-                                   name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
+                                   name: 'can_login').where("head_uuid = ?", self.uuid)
 
     if !oid_login_perms.any?
       # create openid login permission

diff --git a/services/api/test/unit/user_test.rb b/services/api/test/unit/user_test.rb
index 6cee757ee1953abbf18b72e956bdd90b16b239cb..6eb048e87166d6b042d835de5f6823b713d9460a 100644 (file)
--- a/services/api/test/unit/user_test.rb
+++ b/services/api/test/unit/user_test.rb
@@ -188,6 +188,50 @@ class UserTest < ActiveSupport::TestCase
     verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
   end
 
+  test "setup new user with junk in database" do
+    Thread.current[:user] = @admin_user
+
+    email = 'foo@example.com'
+    openid_prefix = 'http://openid/prefix'
+
+    user = User.create ({uuid: 'zzzzz-tpzed-abcdefghijklmno', email: email})
+
+    vm = VirtualMachine.create
+
+    # Set up the bogus Link
+    bad_uuid = 'zzzzz-tpzed-xyzxyzxyzxyzxyz'
+
+    resp_link = Link.create ({tail_uuid: email, link_class: 'permission',
+        name: 'can_login', head_uuid: bad_uuid})
+    resp_link.save(validate: false)
+
+    verify_link resp_link, 'permission', 'can_login', email, bad_uuid
+
+    response = User.setup user, openid_prefix, 'test_repo', vm.uuid
+
+    resp_user = find_obj_in_resp response, 'User'
+    verify_user resp_user, email
+
+    oid_login_perm = find_obj_in_resp response, 'Link', 'arvados#user'
+
+    verify_link oid_login_perm, 'permission', 'can_login', resp_user[:email],
+        resp_user[:uuid]
+
+    assert_equal openid_prefix, oid_login_perm[:properties][:identity_url_prefix],
+        'expected identity_url_prefix not found for oid_login_perm'
+
+    group_perm = find_obj_in_resp response, 'Link', 'arvados#group'
+    verify_link group_perm, 'permission', 'can_read', resp_user[:uuid], nil
+
+    repo_perm = find_obj_in_resp response, 'Link', 'arvados#repository'
+    verify_link repo_perm, 'permission', 'can_write', resp_user[:uuid], nil
+
+    vm_perm = find_obj_in_resp response, 'Link', 'arvados#virtualMachine'
+    verify_link vm_perm, 'permission', 'can_login', resp_user[:uuid], vm.uuid
+  end
+
+
+
   test "setup new user in multiple steps" do
     Thread.current[:user] = @admin_user