14196: Login process returns v2 tokens

Unit/functional/integration tests now use v2 tokens by default.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>

diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 8589b3c7a55f366fb5668884d71aac40139bea7f..8b20c0c1660b7fbb9cf01e5294105dd04189a8e6 100644 (file)
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -344,13 +344,20 @@ class ApplicationController < ActionController::Base
     # If there are too many reader tokens, assume the request is malicious
     # and ignore it.
     if request.get? and params[:reader_tokens] and
-        params[:reader_tokens].size < 100
+      params[:reader_tokens].size < 100
+      secrets = params[:reader_tokens].map { |t|
+        if t.starts_with? "v2/"
+          t.split("/")[2]
+        else
+          t
+        end
+      }
       @read_auths += ApiClientAuthorization
         .includes(:user)
         .where('api_token IN (?) AND
                 (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
-               params[:reader_tokens])
-        .all
+               secrets)
+        .to_a
     end
     @read_auths.select! { |auth| auth.scopes_allow_request? request }
     @read_users = @read_auths.map(&:user).uniq

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index b8fe2948923582ad9f40f3ec00c394cd6b2473ec..020dfa53b83a6ba645a79a1696b84968144cc0cd 100644 (file)
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -159,7 +159,7 @@ class UserSessionsController < ApplicationController
     else
       callback_url += '?'
     end
-    callback_url += 'api_token=' + api_client_auth.api_token
+    callback_url += 'api_token=' + api_client_auth.token
     redirect_to callback_url
   end
 

diff --git a/services/api/test/test_helper.rb b/services/api/test/test_helper.rb
index 73b45f95ec71a7b28564c8a5767eb48503ec5465..e4b86e93c5bc95ae8e14feffe2fe05c473778e1a 100644 (file)
--- a/services/api/test/test_helper.rb
+++ b/services/api/test/test_helper.rb
@@ -41,11 +41,11 @@ module ArvadosTestSupport
   end
 
   def api_token(api_client_auth_name)
-    api_client_authorizations(api_client_auth_name).api_token
+    api_client_authorizations(api_client_auth_name).token
   end
 
   def auth(api_client_auth_name)
-    {'HTTP_AUTHORIZATION' => "OAuth2 #{api_token(api_client_auth_name)}"}
+    {'HTTP_AUTHORIZATION' => "Bearer #{api_token(api_client_auth_name)}"}
   end
 
   def show_errors model
@@ -119,14 +119,14 @@ class ActiveSupport::TestCase
   end
 
   def authorize_with api_client_auth_name
-    authorize_with_token api_client_authorizations(api_client_auth_name).api_token
+    authorize_with_token api_client_authorizations(api_client_auth_name).token
   end
 
   def authorize_with_token token
     t = token
-    t = t.api_token if t.respond_to? :api_token
+    t = t.token if t.respond_to? :token
     ArvadosApiToken.new.call("rack.input" => "",
-                             "HTTP_AUTHORIZATION" => "OAuth2 #{t}")
+                             "HTTP_AUTHORIZATION" => "Bearer #{t}")
   end
 
   def salt_token(fixture:, remote:)