17106: Comment on stored_secret behavior.

author Tom Clegg <tom@tomclegg.ca>

Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)

committer Tom Clegg <tom@tomclegg.ca>

Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)
author Tom Clegg <tom@tomclegg.ca>
Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)
committer Tom Clegg <tom@tomclegg.ca>
Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb

index 1c1c669deb27d55d24774b3392077a4710840eb6..6b308a231cb7ede8cf50b949da75a861a46219d3 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -345,6 +345,11 @@ class ApiClientAuthorization < ArvadosModel
          auth.user = user
          auth.api_client_id = 0
        end
+      # If stored_secret is set, we save stored_secret in the database
+      # but return the real secret to the caller. This way, if we end
+      # up returning the auth record to the client, they see the same
+      # secret they supplied, instead of the HMAC we saved in the
+      # database.
        stored_secret = stored_secret || secret
        auth.update_attributes!(user: user,
                                api_token: stored_secret,
author	Tom Clegg <tom@tomclegg.ca>
	Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)
committer	Tom Clegg <tom@tomclegg.ca>
	Wed, 18 Nov 2020 15:02:40 +0000 (10:02 -0500)