From 3167926a35521efb58550ef0e26fb8c9e3a8450b Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Fri, 27 Apr 2018 16:45:28 -0400 Subject: [PATCH] 13111: Disable siteFS routes for anonymous requests. This enables dav clients to use HTTP authentication even when anonymous tokens are configured. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- services/keep-web/cadaver_test.go | 2 ++ services/keep-web/handler.go | 13 ++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/services/keep-web/cadaver_test.go b/services/keep-web/cadaver_test.go index db5d373be7..3814a459d5 100644 --- a/services/keep-web/cadaver_test.go +++ b/services/keep-web/cadaver_test.go @@ -53,6 +53,8 @@ func (s *IntegrationSuite) TestCadaverUserProject(c *check.C) { } func (s *IntegrationSuite) testCadaver(c *check.C, password string, pathFunc func(arvados.Collection) (string, string, string), skip func(string) bool) { + s.testServer.Config.AnonymousTokens = []string{arvadostest.AnonymousToken} + testdata := []byte("the human tragedy consists in the necessity of living with the consequences of actions performed under the pressure of compulsions we do not understand") tempdir, err := ioutil.TempDir("", "keep-web-test-") diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go index 8b61b54b97..1ecf446787 100644 --- a/services/keep-web/handler.go +++ b/services/keep-web/handler.go @@ -314,6 +314,14 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { return } + if useSiteFS { + if tokens == nil { + tokens = auth.NewCredentialsFromHTTPRequest(r).Tokens + } + h.serveSiteFS(w, r, tokens, credentialsOK, attachment) + return + } + targetPath := pathParts[stripParts:] if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") { // http://ID.example/t=TOKEN/PATH... @@ -335,11 +343,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { tokens = append(reqTokens, h.Config.AnonymousTokens...) } - if useSiteFS { - h.serveSiteFS(w, r, tokens, credentialsOK, attachment) - return - } - if len(targetPath) > 0 && targetPath[0] == "_" { // If a collection has a directory called "t=foo" or // "_", it can be served at -- 2.30.2