Merge branch '16726-anon-fed' into 16726-anon-user-token

author Peter Amstutz <peter.amstutz@curii.com>

Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)

committer Peter Amstutz <peter.amstutz@curii.com>

Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)
author Peter Amstutz <peter.amstutz@curii.com>
Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)
committer Peter Amstutz <peter.amstutz@curii.com>
Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb

index c31f097828b8b0401aab0c799720e76483a741f3..ab6fd8000c1f4a966be7e01450402719f7182d5a 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -226,6 +226,11 @@ class ApiClientAuthorization < ArvadosModel
        # Add or update user and token in local database so we can
        # validate subsequent requests faster.
  
+      if remote_user['uuid'][-22..-1] == '-tpzed-anonymouspublic'
+        # Special case: map the remote anonymous user to local anonymous user
+        remote_user['uuid'] = anonymous_user_uuid
+      end
+
        user = User.find_by_uuid(remote_user['uuid'])
  
        if !user
@@ -257,6 +262,11 @@ class ApiClientAuthorization < ArvadosModel
          user.send(attr+'=', remote_user[attr])
        end
  
+      if remote_user['uuid'][-22..-1] == '-tpzed-000000000000000'
+        user.first_name = "root"
+        user.last_name = "from cluster #{remote_user_prefix}"
+      end
+
        act_as_system_user do
          if user.is_active && !remote_user['is_active']
            user.unsetup
diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb

index 04a45420fd4b768c105e89f8bd600739d69c8a6f..8ad09894a16df4bc6281ba95db6c8b6b25be589c 100644 (file)
--- a/services/api/test/integration/remote_user_test.rb
+++ b/services/api/test/integration/remote_user_test.rb
@@ -79,7 +79,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
      Arvados::V1::SchemaController.any_instance.stubs(:root_url).returns "https://#{@remote_host[0]}"
      @stub_status = 200
      @stub_content = {
-      uuid: 'zbbbb-tpzed-000000000000000',
+      uuid: 'zbbbb-tpzed-000000000000001',
        email: 'foo@example.com',
        username: 'barney',
        is_admin: true,
@@ -98,7 +98,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
        params: {format: 'json'},
        headers: auth(remote: 'zbbbb')
      assert_response :success
-    assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+    assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
      assert_equal false, json_response['is_admin']
      assert_equal false, json_response['is_active']
      assert_equal 'foo@example.com', json_response['email']
@@ -286,12 +286,12 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
        params: {format: 'json'},
        headers: auth(remote: 'zbbbb')
      assert_response :success
-    assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+    assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
      assert_equal false, json_response['is_admin']
      assert_equal false, json_response['is_active']
      assert_equal 'foo@example.com', json_response['email']
      assert_equal 'barney', json_response['username']
-    post '/arvados/v1/users/zbbbb-tpzed-000000000000000/activate',
+    post '/arvados/v1/users/zbbbb-tpzed-000000000000001/activate',
        params: {format: 'json'},
        headers: auth(remote: 'zbbbb')
      assert_response 422
@@ -303,7 +303,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
        params: {format: 'json'},
        headers: auth(remote: 'zbbbb')
      assert_response :success
-    assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+    assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
      assert_equal false, json_response['is_admin']
      assert_equal true, json_response['is_active']
      assert_equal 'foo@example.com', json_response['email']
@@ -316,7 +316,7 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
        params: {format: 'json'},
        headers: auth(remote: 'zbbbb')
      assert_response :success
-    assert_equal 'zbbbb-tpzed-000000000000000', json_response['uuid']
+    assert_equal 'zbbbb-tpzed-000000000000001', json_response['uuid']
      assert_equal true, json_response['is_admin']
      assert_equal true, json_response['is_active']
      assert_equal 'foo@example.com', json_response['email']
@@ -412,4 +412,22 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
      end
    end
  
+  test 'authenticate with remote token, remote user is system user' do
+    @stub_content[:uuid] = 'zbbbb-tpzed-000000000000000'
+    get '/arvados/v1/users/current',
+      params: {format: 'json'},
+      headers: auth(remote: 'zbbbb')
+    assert_equal 'from cluster zbbbb', json_response['last_name']
+  end
+
+  test 'authenticate with remote token, remote user is anonymous user' do
+    @stub_content[:uuid] = 'zbbbb-tpzed-anonymouspublic'
+    get '/arvados/v1/users/current',
+      params: {format: 'json'},
+      headers: auth(remote: 'zbbbb')
+    assert_response :success
+    assert_equal 'zzzzz-tpzed-anonymouspublic', json_response['uuid']
+  end
+
+
  end
author	Peter Amstutz <peter.amstutz@curii.com>
	Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Tue, 1 Sep 2020 19:23:02 +0000 (15:23 -0400)
services/api/app/models/api_client_authorization.rb		patch \| blob \| history
services/api/test/integration/remote_user_test.rb		patch \| blob \| history