16923: user/pass api_client is trusted by default

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index bbed47c73ff3e0a8f7653dbed0d6ed33e727af13..f4632751e30dc24944d04157e939d676ee33c53a 100644 (file)
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -141,7 +141,7 @@ func createAPIClientAuthorization(ctx context.Context, conn *rpc.Conn, rootToken
                // Send a fake ReturnTo value instead of the caller's
                // opts.ReturnTo. We won't follow the resulting
                // redirect target anyway.
-               ReturnTo: ",https://none.invalid",
+               ReturnTo: ",https://controller.api.client.invalid",
                AuthInfo: authinfo,
        })
        if err != nil {

diff --git a/services/api/app/models/api_client.rb b/services/api/app/models/api_client.rb
index c6c48a5b6b13c803d8d54d660a2d8fbd2a265740..c9eeaf2669192a9e3178b0c613609dd49d77a6d7 100644 (file)
--- a/services/api/app/models/api_client.rb
+++ b/services/api/app/models/api_client.rb
@@ -21,8 +21,10 @@ class ApiClient < ArvadosModel
   protected
 
   def from_trusted_url
-    norm(self.url_prefix) == norm(Rails.configuration.Services.Workbench1.ExternalURL) ||
-      norm(self.url_prefix) == norm(Rails.configuration.Services.Workbench2.ExternalURL)
+    norm_url_prefix = norm(self.url_prefix)
+    norm_url_prefix == norm(Rails.configuration.Services.Workbench1.ExternalURL) or
+      norm_url_prefix == norm(Rails.configuration.Services.Workbench2.ExternalURL) or
+      norm_url_prefix == norm("https://controller.api.client.invalid")
   end
 
   def norm url