From 038585ecce8564f8ebd5f5b28b3909593b1b45ec Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Thu, 3 Feb 2022 13:58:39 -0500 Subject: [PATCH] 18676: simplify AnonymousUserToken configuration. Arvados-DCO-1.1-Signed-off-by: Ward Vandewege --- lib/boot/seed.go | 4 ---- lib/config/config.default.yml | 4 +--- .../api/app/models/api_client_authorization.rb | 16 ++++++++++++++++ services/api/app/models/database_seeds.rb | 1 + services/api/lib/current_api_client.rb | 10 ++++++++++ 5 files changed, 28 insertions(+), 7 deletions(-) diff --git a/lib/boot/seed.go b/lib/boot/seed.go index bd1e942658..b43d907201 100644 --- a/lib/boot/seed.go +++ b/lib/boot/seed.go @@ -27,9 +27,5 @@ func (seedDatabase) Run(ctx context.Context, fail func(error), super *Supervisor if err != nil { return err } - err = super.RunProgram(ctx, "services/api", runOptions{env: railsEnv}, "bundle", "exec", "./script/get_anonymous_user_token.rb") - if err != nil { - return err - } return nil } diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index 17bba5410b..a7ce982857 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -294,9 +294,7 @@ Clusters: NewInactiveUserNotificationRecipients: {} # Set AnonymousUserToken to enable anonymous user access. Populate this - # field with a long random string. Then run "bundle exec - # ./script/get_anonymous_user_token.rb" in the directory where your API - # server is running to record the token in the database. + # field with a random string at least 50 characters long. AnonymousUserToken: "" # If a new user has an alternate email address (local@domain) diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb index 7c7ed759c6..26853c3496 100644 --- a/services/api/app/models/api_client_authorization.rb +++ b/services/api/app/models/api_client_authorization.rb @@ -111,6 +111,17 @@ class ApiClientAuthorization < ArvadosModel clnt end + def self.check_anonymous_user_token token + if token.length >= 50 and token == Rails.configuration.Users.AnonymousUserToken + return ApiClientAuthorization.new(user: User.find_by_uuid(anonymous_user_uuid), + uuid: Rails.configuration.ClusterID+"-gj3su-anonymouspublic", + api_token: token, + api_client: anonymous_user_token_api_client) + else + return nil + end + end + def self.check_system_root_token token if token == Rails.configuration.SystemRootToken return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid), @@ -126,6 +137,11 @@ class ApiClientAuthorization < ArvadosModel return nil if token.nil? or token.empty? remote ||= Rails.configuration.ClusterID + auth = self.check_anonymous_user_token(token) + if !auth.nil? + return auth + end + auth = self.check_system_root_token(token) if !auth.nil? return auth diff --git a/services/api/app/models/database_seeds.rb b/services/api/app/models/database_seeds.rb index 67bd3d10d7..e0ae850ae7 100644 --- a/services/api/app/models/database_seeds.rb +++ b/services/api/app/models/database_seeds.rb @@ -14,6 +14,7 @@ class DatabaseSeeds anonymous_group anonymous_group_read_permission anonymous_user + anonymous_user_token_api_client system_root_token_api_client public_project_group public_project_read_permission diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb index 37e86976c1..ee666b77ab 100644 --- a/services/api/lib/current_api_client.rb +++ b/services/api/lib/current_api_client.rb @@ -225,6 +225,16 @@ module CurrentApiClient end end + def anonymous_user_token_api_client + $anonymous_user_token_api_client = check_cache $anonymous_user_token_api_client do + act_as_system_user do + ActiveRecord::Base.transaction do + ApiClient.find_or_create_by!(is_trusted: false, url_prefix: "", name: "AnonymousUserToken") + end + end + end + end + def system_root_token_api_client $system_root_token_api_client = check_cache $system_root_token_api_client do act_as_system_user do -- 2.30.2