@read_auths.select! { |auth| auth.scopes_allow_request? request }
# Use a salted token as a reader token for /groups/ and /users/current
- if params[:remote_id] && (
+ if params[:remote] && (
request.path.start_with?('/arvados/v1/groups') ||
request.path.start_with?('/arvados/v1/users/current'))
auth = ApiClientAuthorization.
validate(token: Thread.current[:supplied_token],
- remote: params[:remote_id])
+ remote: params[:remote])
if auth && auth.user
Thread.current[:user] = auth.user
@read_auths << auth
# [re]validate it.
arv = Arvados.new(api_host: remote_host(uuid: uuid),
api_token: token)
- remote_user = arv.user.current(remote_id: Rails.configuration.uuid_prefix)
+ remote_user = arv.user.current(remote: Rails.configuration.uuid_prefix)
if remote_user && remote_user[:uuid][0..4] == uuid[0..4]
act_as_system_user do
# Add/update user and token in our database so we can
end
test "list readable groups with salted token" do
- salted_token = salt_token(fixture: :active, remote_id: 'zbbbb')
+ salted_token = salt_token(fixture: :active, remote: 'zbbbb')
ArvadosApiToken.new.call("rack.input" => "",
"HTTP_AUTHORIZATION" => "Bearer #{salted_token}")
- get :index, {remote_id: 'zbbbb', limit: 10000}
+ get :index, {remote: 'zbbbb', limit: 10000}
assert_response 200
group_uuids = json_response['items'].collect { |i| i['uuid'] }
assert_includes(group_uuids, 'zzzzz-j7d0g-fffffffffffffff')
['zbbbb', 'z0000'].each do |token_valid_for|
test "validate #{token_valid_for}-salted token for remote cluster zbbbb" do
- salted_token = salt_token(fixture: :active, remote_id: token_valid_for)
+ salted_token = salt_token(fixture: :active, remote: token_valid_for)
ArvadosApiToken.new.call("rack.input" => "",
"HTTP_AUTHORIZATION" => "Bearer #{salted_token}")
- get :current, {remote_id: 'zbbbb'}
+ get :current, {remote: 'zbbbb'}
if token_valid_for == 'zbbbb'
assert_equal(users(:active).uuid, json_response['uuid'])
assert_response 200
"HTTP_AUTHORIZATION" => "OAuth2 #{t}")
end
- def salt_token(fixture:, remote_id:)
+ def salt_token(fixture:, remote:)
auth = api_client_authorizations(fixture)
uuid = auth.uuid
token = auth.api_token
- hmac = OpenSSL::HMAC.hexdigest('sha1', token, remote_id)
+ hmac = OpenSSL::HMAC.hexdigest('sha1', token, remote)
return "v2/#{uuid}/#{hmac}"
end