Also update workbench tests use v2 tokens.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>
var session = db.loadLocal();
return db.tokenUUID().then(function(token_uuid) {
var shaObj = new jsSHA("SHA-1", "TEXT");
var session = db.loadLocal();
return db.tokenUUID().then(function(token_uuid) {
var shaObj = new jsSHA("SHA-1", "TEXT");
- shaObj.setHMACKey(session.token, "TEXT");
+ var secret = session.token;
+ if (session.token.startsWith("v2/")) {
+ secret = session.token.split("/")[2];
+ }
+ shaObj.setHMACKey(secret, "TEXT");
shaObj.update(uuid_prefix);
var hmac = shaObj.getHMAC("HEX");
return 'v2/' + token_uuid + '/' + hmac;
shaObj.update(uuid_prefix);
var hmac = shaObj.getHMAC("HEX");
return 'v2/' + token_uuid + '/' + hmac;
var cache = db.tokenUUIDCache;
if (!cache) {
var session = db.loadLocal();
var cache = db.tokenUUIDCache;
if (!cache) {
var session = db.loadLocal();
- return db.request(session, '/arvados/v1/api_client_authorizations', {
+ if (session.token.startsWith("v2/")) {
+ var uuid = session.token.split("/")[1]
+ db.tokenUUIDCache = uuid;
+ return new Promise(function(resolve, reject) {
+ resolve(uuid);
+ });
+ }
+ return db.request(session, 'arvados/v1/api_client_authorizations', {
data: {
filters: JSON.stringify([['api_token', '=', session.token]])
}
data: {
filters: JSON.stringify([['api_token', '=', session.token]])
}
def config_anonymous enable
Rails.configuration.anonymous_user_token =
if enable
def config_anonymous enable
Rails.configuration.anonymous_user_token =
if enable
- api_fixture('api_client_authorizations')['anonymous']['api_token']
def assert_session_for_auth(client_auth)
api_token =
def assert_session_for_auth(client_auth)
api_token =
- api_fixture('api_client_authorizations')[client_auth.to_s]['api_token']
+ self.api_token(client_auth.to_s)
assert_hash_includes(session, {arvados_api_token: api_token},
"session token does not belong to #{client_auth}")
end
assert_hash_includes(session, {arvados_api_token: api_token},
"session token does not belong to #{client_auth}")
end
test "viewing collection files with a reader token" do
params = collection_params(:foo_file)
test "viewing collection files with a reader token" do
params = collection_params(:foo_file)
- params[:reader_token] = api_fixture("api_client_authorizations",
- "active_all_collections", "api_token")
+ params[:reader_token] = api_token("active_all_collections")
get(:show_file_links, params)
assert_response :redirect
assert_no_session
get(:show_file_links, params)
assert_response :redirect
assert_no_session
test "fetching collection file with reader token" do
setup_for_keep_web
params = collection_params(:foo_file, "foo")
test "fetching collection file with reader token" do
setup_for_keep_web
params = collection_params(:foo_file, "foo")
- params[:reader_token] = api_fixture("api_client_authorizations",
- "active_all_collections", "api_token")
+ params[:reader_token] = api_token("active_all_collections")
get(:show_file, params)
assert_response :redirect
assert_match /foo/, response.redirect_url
get(:show_file, params)
assert_response :redirect
assert_match /foo/, response.redirect_url
test "getting a file from Keep with a good reader token" do
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
test "getting a file from Keep with a good reader token" do
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
- read_token = api_fixture('api_client_authorizations')['active']['api_token']
+ read_token = api_token('active')
params[:reader_token] = read_token
get(:show_file, params)
assert_response :redirect
params[:reader_token] = read_token
get(:show_file, params)
assert_response :redirect
config_anonymous anon
params = collection_params(:foo_file, 'foo')
params[:reader_token] =
config_anonymous anon
params = collection_params(:foo_file, 'foo')
params[:reader_token] =
- api_fixture('api_client_authorizations')['active_noscope']['api_token']
+ api_token('active_noscope')
get(:show_file, params)
if anon
# Some files can be shown without a valid token, but not this one.
get(:show_file, params)
if anon
# Some files can be shown without a valid token, but not this one.
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
sess = session_for(:expired)
setup_for_keep_web
params = collection_params(:foo_file, 'foo')
sess = session_for(:expired)
- read_token = api_fixture('api_client_authorizations')['active']['api_token']
+ read_token = api_token('active')
params[:reader_token] = read_token
get(:show_file, params, sess)
assert_response :redirect
params[:reader_token] = read_token
get(:show_file, params, sess)
assert_response :redirect
%w(uuid portable_data_hash).each do |id_type|
test "Redirect to keep_web_url via #{id_type}" do
setup_for_keep_web
%w(uuid portable_data_hash).each do |id_type|
test "Redirect to keep_web_url via #{id_type}" do
setup_for_keep_web
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.example/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.example/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with reader token" do
setup_for_keep_web
end
test "Redirect to keep_web_url via #{id_type} with reader token" do
setup_for_keep_web
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z", reader_token: tok}, session_for(:expired)
assert_response :redirect
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z", reader_token: tok}, session_for(:expired)
assert_response :redirect
- assert_equal "https://#{id.sub '+', '-'}.example/t=#{tok}/_/w%20a%20z", @response.redirect_url
+ assert_equal "https://#{id.sub '+', '-'}.example/t=#{URI.escape tok}/_/w%20a%20z", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} with no token" do
end
test "Redirect to keep_web_url via #{id_type} with no token" do
test "Redirect to keep_web_download_url via #{id_type}" do
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
test "Redirect to keep_web_download_url via #{id_type}" do
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
end
test "Redirect to keep_web_url via #{id_type} when trust_all_content enabled" do
Rails.configuration.trust_all_content = true
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
end
test "Redirect to keep_web_url via #{id_type} when trust_all_content enabled" do
Rails.configuration.trust_all_content = true
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
id = api_fixture('collections')['w_a_z_file'][id_type]
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://collections.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://collections.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
config_anonymous anon
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
config_anonymous anon
setup_for_keep_web('https://collections.example/c=%{uuid_or_pdh}',
'https://download.example/c=%{uuid_or_pdh}')
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['public_text_file']['uuid']
get :show_file, {
uuid: id,
id = api_fixture('collections')['public_text_file']['uuid']
get :show_file, {
uuid: id,
assert_response :redirect
expect_url = "https://download.example/c=#{id.sub '+', '-'}/_/Hello%20world.txt"
if not anon
assert_response :redirect
expect_url = "https://download.example/c=#{id.sub '+', '-'}/_/Hello%20world.txt"
if not anon
- expect_url += "?api_token=#{tok}"
+ expect_url += "?api_token=#{URI.escape tok, '/'}"
end
assert_equal expect_url, @response.redirect_url
end
end
assert_equal expect_url, @response.redirect_url
end
test "Redirect preview to keep_web_download_url when preview is disabled and trust_all_content is #{trust_all_content}" do
Rails.configuration.trust_all_content = trust_all_content
setup_for_keep_web false, 'https://download.example/c=%{uuid_or_pdh}'
test "Redirect preview to keep_web_download_url when preview is disabled and trust_all_content is #{trust_all_content}" do
Rails.configuration.trust_all_content = trust_all_content
setup_for_keep_web false, 'https://download.example/c=%{uuid_or_pdh}'
- tok = api_fixture('api_client_authorizations')['active']['api_token']
+ tok = api_token('active')
id = api_fixture('collections')['w_a_z_file']['uuid']
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
id = api_fixture('collections')['w_a_z_file']['uuid']
get :show_file, {uuid: id, file: "w a z"}, session_for(:active)
assert_response :redirect
- assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{tok}", @response.redirect_url
+ assert_equal "https://download.example/c=#{id.sub '+', '-'}/_/w%20a%20z?api_token=#{URI.escape tok, '/'}", @response.redirect_url
test "can download an entire collection with a reader token" do
use_keep_web_config
test "can download an entire collection with a reader token" do
use_keep_web_config
- token = api_fixture('api_client_authorizations')['active']['api_token']
+ token = api_token('active')
data = "foo\nfile\n"
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
data = "foo\nfile\n"
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
test 'view log via keep-web redirect' do
use_keep_web_config
test 'view log via keep-web redirect' do
use_keep_web_config
- token = api_fixture('api_client_authorizations')['active']['api_token']
+ token = api_token('active')
logdata = fakepipe_with_log_data.read
logblock = `echo -n #{logdata.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
logdata = fakepipe_with_log_data.read
logblock = `echo -n #{logdata.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
end
def upload_data_and_get_collection(data, user, filename, owner_uuid=nil)
end
def upload_data_and_get_collection(data, user, filename, owner_uuid=nil)
- token = api_fixture('api_client_authorizations')[user]['api_token']
+ token = api_token(user)
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
col = nil
datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
assert $?.success?, $?
col = nil
user_was = Thread.current[:user]
token_was = Thread.current[:arvados_api_token]
auth = api_fixture('api_client_authorizations')[token_name.to_s]
user_was = Thread.current[:user]
token_was = Thread.current[:arvados_api_token]
auth = api_fixture('api_client_authorizations')[token_name.to_s]
- Thread.current[:arvados_api_token] = auth['api_token']
+ Thread.current[:arvados_api_token] = "v2/#{auth['uuid']}/#{auth['api_token']}"
if block_given?
begin
yield
if block_given?
begin
yield
keys.inject(@@api_fixtures[name]) { |hash, key| hash[key] }.deep_dup
end
end
keys.inject(@@api_fixtures[name]) { |hash, key| hash[key] }.deep_dup
end
end
def api_fixture(name, *keys)
self.class.api_fixture(name, *keys)
end
def api_fixture(name, *keys)
self.class.api_fixture(name, *keys)
end
+ def api_token(name)
+ auth = api_fixture('api_client_authorizations')[name]
+ "v2/#{auth['uuid']}/#{auth['api_token']}"
+ end
+
def find_fixture(object_class, name)
object_class.find(api_fixture(object_class.to_s.pluralize.underscore,
name, "uuid"))
def find_fixture(object_class, name)
object_class.find(api_fixture(object_class.to_s.pluralize.underscore,
name, "uuid"))
class ActiveSupport::TestCase
include ApiFixtureLoader
def session_for api_client_auth_name
class ActiveSupport::TestCase
include ApiFixtureLoader
def session_for api_client_auth_name
+ auth = api_fixture('api_client_authorizations')[api_client_auth_name.to_s]
- arvados_api_token: api_fixture('api_client_authorizations')[api_client_auth_name.to_s]['api_token']
+ arvados_api_token: "v2/#{auth['uuid']}/#{auth['api_token']}"
return unless Rails.env == 'test'
auth = api_fixture('api_client_authorizations')['admin_trustedclient']
return unless Rails.env == 'test'
auth = api_fixture('api_client_authorizations')['admin_trustedclient']
- Thread.current[:arvados_api_token] = auth['api_token']
+ Thread.current[:arvados_api_token] = "v2/#{auth['uuid']}/#{auth['api_token']}"
ArvadosApiClient.new.api(nil, '../../database/reset', {})
Thread.current[:arvados_api_token] = nil
end
ArvadosApiClient.new.api(nil, '../../database/reset', {})
Thread.current[:arvados_api_token] = nil
end
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'
- response.headers['Access-Control-Max-Age'] = '86486400'
+ #response.headers['Access-Control-Max-Age'] = '86486400'
+ response.headers['Access-Control-Max-Age'] = '1'
end
def respond_with_json_by_default
end
def respond_with_json_by_default