diff --git a/CMakeModules/prepare_asapo.cmake b/CMakeModules/prepare_asapo.cmake
index f3d264437adfc802e20e3dd4de68d45ceb810703..6249467e58838f0c041af6b76796ac7a507ff5aa 100644
--- a/CMakeModules/prepare_asapo.cmake
+++ b/CMakeModules/prepare_asapo.cmake
@@ -7,6 +7,17 @@ function(prepare_asapo)
get_target_property(BROKER_FULLPATH asapo-broker EXENAME)
set(WORK_DIR ${CMAKE_CURRENT_BINARY_DIR})
+ file(TO_NATIVE_PATH ${CMAKE_CURRENT_BINARY_DIR}/asap3 ASAP3_FOLDER )
+ file(TO_NATIVE_PATH ${CMAKE_CURRENT_BINARY_DIR}/beamline CURRENT_BEAMLINES_FOLDER )
+
+ if (WIN32)
+ string(REPLACE "\\" "\\\\" ASAP3_FOLDER "${ASAP3_FOLDER}")
+ string(REPLACE "\\" "\\\\" CURRENT_BEAMLINES_FOLDER "${CURRENT_BEAMLINES_FOLDER}")
+ endif()
+
+ set (ASAP3_FOLDER "${ASAP3_FOLDER}" PARENT_SCOPE)
+ set (CURRENT_BEAMLINES_FOLDER "${CURRENT_BEAMLINES_FOLDER}" PARENT_SCOPE)
+
if(NOT DEFINED RECEIVER_USE_CACHE)
set(RECEIVER_USE_CACHE true)
endif()
diff --git a/authorizer/src/asapo_authorizer/server/authorize.go b/authorizer/src/asapo_authorizer/server/authorize.go
index 023dc3878027f9b52f34c313d946499198a80cde..42ee3cd020546075e3a30e72a20fddd68eefe74c 100644
--- a/authorizer/src/asapo_authorizer/server/authorize.go
+++ b/authorizer/src/asapo_authorizer/server/authorize.go
@@ -89,7 +89,7 @@ func beamtimeMetaFromMatch(match string) (beamtimeMeta, error) {
return beamtimeMeta{}, errors.New("skipped fodler")
}
- bt.OfflinePath = match
+ bt.OfflinePath = settings.RootBeamtimesFolder+string(filepath.Separator)+match
bt.Beamline, bt.BeamtimeId = vars[2], vars[5]
return bt, nil
diff --git a/authorizer/src/asapo_authorizer/server/authorize_test.go b/authorizer/src/asapo_authorizer/server/authorize_test.go
index e4f2d89cfeda1de4032d77edfb8cbb87e941b1cc..ca2c21f7689272ce12281f597e91fcdda7bb4293 100644
--- a/authorizer/src/asapo_authorizer/server/authorize_test.go
+++ b/authorizer/src/asapo_authorizer/server/authorize_test.go
@@ -148,7 +148,7 @@ func TestAuthorizeWithToken(t *testing.T) {
assert.Contains(t, body_str, "tf/gpfs/bl1/2019/data/test", "")
if (test.beamtime_id == "test_online") {
assert.Contains(t, body_str, "tf/gpfs/bl1/2019/data/test_online", "")
- assert.Contains(t, body_str, "./bl1/current", "")
+ assert.Contains(t, body_str, "bl1/current", "")
} else {
assert.NotContains(t, body_str, "current", "")
}
@@ -339,7 +339,7 @@ func TestGetBeamtimeInfo(t *testing.T) {
settings.RootBeamtimesFolder=test.root
bt,err:= beamtimeMetaFromMatch(test.root+string(filepath.Separator)+test.fname)
if test.ok {
- assert.Equal(t,bt.OfflinePath,test.fname)
+ assert.Equal(t,bt.OfflinePath,test.root+string(filepath.Separator)+test.fname)
assert.Equal(t,bt.Beamline,test.beamline)
assert.Equal(t,bt.BeamtimeId,test.id)
assert.Nil(t,err,"should not be error")
diff --git a/authorizer/src/asapo_authorizer/server/folder_token.go b/authorizer/src/asapo_authorizer/server/folder_token.go
index b72fc1a86e81825d8c7adeced351ab23c0aeb2a0..8c50ae06224924888ea1ce450a73e16e37731769 100644
--- a/authorizer/src/asapo_authorizer/server/folder_token.go
+++ b/authorizer/src/asapo_authorizer/server/folder_token.go
@@ -6,6 +6,7 @@ import (
"time"
log "asapo_common/logger"
"errors"
+ "path/filepath"
)
type folderTokenRequest struct {
@@ -64,6 +65,23 @@ func extractFolderTokenrequest(r *http.Request) (folderTokenRequest,error) {
}
+func checkBeamtimeFolder(request folderTokenRequest) error {
+ beamtimeMeta, err := findMeta(SourceCredentials{request.BeamtimeId,"auto","",""})
+ if err != nil {
+ log.Error("cannot get beamtime meta"+err.Error())
+ return err
+ }
+
+ folder := filepath.Clean(request.Folder)
+ if (folder != filepath.Clean(beamtimeMeta.OnlinePath) && folder != filepath.Clean(beamtimeMeta.OfflinePath)) {
+ err_string := folder + " does not match beamtime folders "+beamtimeMeta.OnlinePath+" or " +beamtimeMeta.OfflinePath
+ log.Error(err_string)
+ return errors.New(err_string)
+ }
+
+ return nil
+}
+
func routeFolderToken(w http.ResponseWriter, r *http.Request) {
request, err := extractFolderTokenrequest(r)
if err != nil {
@@ -77,12 +95,20 @@ func routeFolderToken(w http.ResponseWriter, r *http.Request) {
return
}
+ err = checkBeamtimeFolder(request)
+ if err != nil {
+ utils.WriteServerError(w,err,http.StatusUnauthorized)
+ return
+ }
+
token, err := prepareJWTToken(request)
if err != nil {
utils.WriteServerError(w,err,http.StatusInternalServerError)
return
}
+ log.Debug("generated folder token for beamtime " + request.BeamtimeId + ", folder " + request.Folder)
+
answer := folderTokenResponce(token)
w.WriteHeader(http.StatusOK)
w.Write(answer)
diff --git a/authorizer/src/asapo_authorizer/server/folder_token_test.go b/authorizer/src/asapo_authorizer/server/folder_token_test.go
index d8fc02db9c8984a5c8785b11118f523326e8b6fd..dbd48e2c42ad871d4157cf9b97e9af8677de9d99 100644
--- a/authorizer/src/asapo_authorizer/server/folder_token_test.go
+++ b/authorizer/src/asapo_authorizer/server/folder_token_test.go
@@ -6,36 +6,59 @@ import (
"io/ioutil"
"net/http"
"testing"
+ "os"
+ "path/filepath"
+ "fmt"
)
var fodlerTokenTests = [] struct {
beamtime_id string
+ root_folder string
token string
status int
message string
}{
- {"11111111", prepareToken("11111111"),http.StatusOK,"beamtime found"},
- {"11111111", prepareToken("11111112"),http.StatusUnauthorized,"wrong token"},
- {"11111111", prepareToken("11111111"),http.StatusBadRequest,"bad request"},
-
+ {"test", "tf/gpfs/bl1/2019/data/test",prepareToken("test"),http.StatusOK,"beamtime found"},
+ {"test_online", "bl1/current",prepareToken("test_online"),http.StatusOK,"online beamtime found"},
+ {"test", "bl1/current",prepareToken("test"),http.StatusUnauthorized,"no online beamtime found"},
+ {"test_online", "bl2/current",prepareToken("test_online"),http.StatusUnauthorized,"wrong online folder"},
+ {"test", "tf/gpfs/bl1/2019/data/test1",prepareToken("test"),http.StatusUnauthorized,"wrong folder"},
+ {"test", "tf/gpfs/bl1/2019/data/test",prepareToken("test1"),http.StatusUnauthorized,"wrong token"},
+ {"11111111", "tf/gpfs/bl1/2019/data/test",prepareToken("11111111"),http.StatusBadRequest,"bad request"},
}
func TestFolderToken(t *testing.T) {
+ allowBeamlines([]beamtimeMeta{})
+ settings.RootBeamtimesFolder ="."
+ settings.CurrentBeamlinesFolder="."
+ os.MkdirAll(filepath.Clean("tf/gpfs/bl1/2019/data/test"), os.ModePerm)
+ os.MkdirAll(filepath.Clean("tf/gpfs/bl1/2019/data/test_online"), os.ModePerm)
+
+ os.MkdirAll(filepath.Clean("bl1/current"), os.ModePerm)
+ ioutil.WriteFile(filepath.Clean("bl1/current/beamtime-metadata-test_online.json"), []byte(beamtime_meta_online), 0644)
+
+ defer os.RemoveAll("tf")
+ defer os.RemoveAll("bl1")
+
for _, test := range fodlerTokenTests {
- root_folder := "/abc/def"
authJWT = utils.NewJWTAuth("secret")
- request := makeRequest(folderTokenRequest{root_folder,test.beamtime_id,test.token})
+ abs_path:=settings.RootBeamtimesFolder + string(filepath.Separator)+test.root_folder
+ request := makeRequest(folderTokenRequest{abs_path,test.beamtime_id,test.token})
if test.status == http.StatusBadRequest {
request =makeRequest(authorizationRequest{})
}
w := doPostRequest("/folder",request)
- if test.status == http.StatusOK {
+ if w.Code == http.StatusOK {
body, _ := ioutil.ReadAll(w.Body)
claims,_ := utils.CheckJWTToken(string(body),"secret")
var extra_claim utils.FolderTokenTokenExtraClaim
utils.MapToStruct(claims.(*utils.CustomClaims).ExtraClaims.(map[string]interface{}), &extra_claim)
- assert.Equal(t, root_folder, extra_claim.RootFolder, test.message)
+ assert.Equal(t, abs_path, extra_claim.RootFolder, test.message)
+ } else {
+ body, _ := ioutil.ReadAll(w.Body)
+ fmt.Println(string(body))
}
+
assert.Equal(t, test.status, w.Code, test.message)
}
}
diff --git a/tests/automatic/consumer/consumer_api_python/CMakeLists.txt b/tests/automatic/consumer/consumer_api_python/CMakeLists.txt
index 7d598dab6c180f003071c13708d5cc691f2aebd6..f63e4734aabc8983a8dd9b7bb01d4a2c12724e07 100644
--- a/tests/automatic/consumer/consumer_api_python/CMakeLists.txt
+++ b/tests/automatic/consumer/consumer_api_python/CMakeLists.txt
@@ -9,5 +9,8 @@ else()
get_target_property(PYTHON_LIBS asapo_consumer BINARY_DIR)
endif()
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/authorizer_settings.json.tpl.in authorizer.json.tpl @ONLY)
+
+
add_script_test("${TARGET_NAME}" "${PYTHON_LIBS} ${Python_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}" nomem)
diff --git a/tests/automatic/consumer/consumer_api_python/authorizer_settings.json.tpl.in b/tests/automatic/consumer/consumer_api_python/authorizer_settings.json.tpl.in
new file mode 100644
index 0000000000000000000000000000000000000000..7b88592e44067c5c1f3d3f2cca3c849f7313f8e5
--- /dev/null
+++ b/tests/automatic/consumer/consumer_api_python/authorizer_settings.json.tpl.in
@@ -0,0 +1,8 @@
+{
+ "Port": {{ env "NOMAD_PORT_authorizer" }},
+ "LogLevel":"debug",
+ "RootBeamtimesFolder":"@ASAP3_FOLDER@",
+ "CurrentBeamlinesFolder":"@CURRENT_BEAMLINES_FOLDER@",
+ "SecretFile":"auth_secret.key",
+ "TokenDurationMin":600
+}
diff --git a/tests/automatic/consumer/consumer_api_python/check_linux.sh b/tests/automatic/consumer/consumer_api_python/check_linux.sh
index 3084c8cb2391a29793682ae91f6681b73fd5bbad..04f3c058ba108f46132e138160a9900abbeb1dd8 100644
--- a/tests/automatic/consumer/consumer_api_python/check_linux.sh
+++ b/tests/automatic/consumer/consumer_api_python/check_linux.sh
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
-source_path=/tmp/asapo/consumer_test/files
beamtime_id=test_run
+source_path=`pwd`/asap3/petra3/gpfs/p01/2019/data/$beamtime_id
stream=detector
database_name=${beamtime_id}_${stream}
token_test_run=K38Mqc90iRv8fC7prcFHd994mF_wfUiJnWBfIjIzieo=
diff --git a/tests/automatic/consumer/consumer_api_python/check_windows.bat b/tests/automatic/consumer/consumer_api_python/check_windows.bat
index e707efb12c3221ff848380921d429b79a7bfe73c..86d08b03e970cd32a50f1ff9e9bbe555d67ae7f7 100644
--- a/tests/automatic/consumer/consumer_api_python/check_windows.bat
+++ b/tests/automatic/consumer/consumer_api_python/check_windows.bat
@@ -1,6 +1,8 @@
-SET source_path=c:\\tmp\\asapo\\consumer_test\\files
-
+setlocal
SET beamtime_id=test_run
+SET source_path=%cd%\asap3\petra3\gpfs\p01\2019\data\%beamtime_id%
+set source_path=%source_path:\=\\%
+
SET stream=detector
SET database_name=%beamtime_id%_%stream%
diff --git a/tests/automatic/curl_http_client/curl_http_client_command/CMakeLists.txt b/tests/automatic/curl_http_client/curl_http_client_command/CMakeLists.txt
index 5b93903a59026ea3990b46ab1fa41229517e294c..506902ea3b035cda2fe255ef5606afd12d1f518a 100644
--- a/tests/automatic/curl_http_client/curl_http_client_command/CMakeLists.txt
+++ b/tests/automatic/curl_http_client/curl_http_client_command/CMakeLists.txt
@@ -20,4 +20,6 @@ target_link_libraries(${TARGET_NAME} test_common asapo-consumer)
prepare_asapo()
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/authorizer_settings.json.tpl.in authorizer.json.tpl @ONLY)
+
add_script_test("${TARGET_NAME}" "$<TARGET_FILE:${TARGET_NAME}>" nomem)
diff --git a/tests/automatic/curl_http_client/curl_http_client_command/authorizer_settings.json.tpl.in b/tests/automatic/curl_http_client/curl_http_client_command/authorizer_settings.json.tpl.in
new file mode 100644
index 0000000000000000000000000000000000000000..7b88592e44067c5c1f3d3f2cca3c849f7313f8e5
--- /dev/null
+++ b/tests/automatic/curl_http_client/curl_http_client_command/authorizer_settings.json.tpl.in
@@ -0,0 +1,8 @@
+{
+ "Port": {{ env "NOMAD_PORT_authorizer" }},
+ "LogLevel":"debug",
+ "RootBeamtimesFolder":"@ASAP3_FOLDER@",
+ "CurrentBeamlinesFolder":"@CURRENT_BEAMLINES_FOLDER@",
+ "SecretFile":"auth_secret.key",
+ "TokenDurationMin":600
+}
diff --git a/tests/automatic/curl_http_client/curl_http_client_command/check_linux.sh b/tests/automatic/curl_http_client/curl_http_client_command/check_linux.sh
index 032a91d3790c697061cfbc55f5c8a12e46001397..989a4562e6b4e5708dc3d000e31b1394c4b38ece 100644
--- a/tests/automatic/curl_http_client/curl_http_client_command/check_linux.sh
+++ b/tests/automatic/curl_http_client/curl_http_client_command/check_linux.sh
@@ -4,7 +4,8 @@ set -e
trap Cleanup EXIT
-file_transfer_folder=/tmp/asapo/file_transfer/files
+beamtime_id=aaa
+file_transfer_folder=`pwd`/asap3/petra3/gpfs/p01/2019/data/$beamtime_id
Cleanup() {
echo cleanup
diff --git a/tests/automatic/curl_http_client/curl_http_client_command/check_windows.bat b/tests/automatic/curl_http_client/curl_http_client_command/check_windows.bat
index 6e9245472f1e495f6fd4d669b3a27ef148869282..1748f6e8c9c643754a6f2c383c12dc154c1ed4f7 100644
--- a/tests/automatic/curl_http_client/curl_http_client_command/check_windows.bat
+++ b/tests/automatic/curl_http_client/curl_http_client_command/check_windows.bat
@@ -1,4 +1,9 @@
-SET file_transfer_folder=c:\\tmp\\asapo\\file_transfer\\files
+setlocal
+SET beamtime_id=aaa
+SET file_transfer_folder=%cd%\asap3\petra3\gpfs\p01\2019\data\%beamtime_id%
+set file_transfer_folder=%file_transfer_folder:\=\\%
+
+
c:\opt\consul\nomad run authorizer.nmd
c:\opt\consul\nomad run file_transfer.nmd
diff --git a/tests/automatic/file_transfer_service/rest_api/CMakeLists.txt b/tests/automatic/file_transfer_service/rest_api/CMakeLists.txt
index 1f550cc4e35f843885835cf00beeec2c8a1caa1a..7ead397a72d3fdf0c9d4dca1b8701a22b29e281f 100644
--- a/tests/automatic/file_transfer_service/rest_api/CMakeLists.txt
+++ b/tests/automatic/file_transfer_service/rest_api/CMakeLists.txt
@@ -3,7 +3,7 @@ set(TARGET_NAME file_transfer_rest_api)
################################
# Testing
################################
-
prepare_asapo()
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/authorizer_settings.json.tpl.in authorizer.json.tpl @ONLY)
add_script_test("${TARGET_NAME}" "" nomem)
diff --git a/tests/automatic/file_transfer_service/rest_api/authorizer_settings.json.tpl.in b/tests/automatic/file_transfer_service/rest_api/authorizer_settings.json.tpl.in
new file mode 100644
index 0000000000000000000000000000000000000000..7b88592e44067c5c1f3d3f2cca3c849f7313f8e5
--- /dev/null
+++ b/tests/automatic/file_transfer_service/rest_api/authorizer_settings.json.tpl.in
@@ -0,0 +1,8 @@
+{
+ "Port": {{ env "NOMAD_PORT_authorizer" }},
+ "LogLevel":"debug",
+ "RootBeamtimesFolder":"@ASAP3_FOLDER@",
+ "CurrentBeamlinesFolder":"@CURRENT_BEAMLINES_FOLDER@",
+ "SecretFile":"auth_secret.key",
+ "TokenDurationMin":600
+}
diff --git a/tests/automatic/file_transfer_service/rest_api/check_linux.sh b/tests/automatic/file_transfer_service/rest_api/check_linux.sh
index b0bb0f327d89bb78c977a9f26964c9e068c8b2ef..89f45c4c8440887d845f022b61d7c1296e25e024 100644
--- a/tests/automatic/file_transfer_service/rest_api/check_linux.sh
+++ b/tests/automatic/file_transfer_service/rest_api/check_linux.sh
@@ -4,7 +4,7 @@ set -e
trap Cleanup EXIT
-file_transfer_folder=/tmp/asapo/file_transfer/files
+file_transfer_folder=`pwd`/asap3/petra3/gpfs/p01/2019/data/aaa
Cleanup() {
@@ -19,10 +19,12 @@ nomad run file_transfer.nmd
sleep 1
+mkdir -p $file_transfer_folder
+
token=bnCXpOdBV90wU1zybEw1duQNSORuwaKz6oDHqmL35p0= #token for aaa
folder_token=`curl --silent --data "{\"Folder\":\"$file_transfer_folder\",\"BeamtimeId\":\"aaa\",\"Token\":\"$token\"}" 127.0.0.1:5007/folder`
+echo $folder_token
-mkdir -p $file_transfer_folder
echo hello > $file_transfer_folder/aaa
curl -o aaa --silent -H "Authorization: Bearer ${folder_token}" --data "{\"Folder\":\"$file_transfer_folder\",\"FileName\":\"aaa\",\"Token\":\"$folder_token\"}" 127.0.0.1:5008/transfer --stderr - | tee /dev/stderr
diff --git a/tests/automatic/file_transfer_service/rest_api/check_windows.bat b/tests/automatic/file_transfer_service/rest_api/check_windows.bat
index cd940974f1e435d5184b6a11113add279721bbdd..a193eaefc45e3e90dd296b4e8d248ff40fec2e5e 100644
--- a/tests/automatic/file_transfer_service/rest_api/check_windows.bat
+++ b/tests/automatic/file_transfer_service/rest_api/check_windows.bat
@@ -1,4 +1,8 @@
-SET file_transfer_folder=c:\\tmp\\asapo\\file_transfer\\files
+setlocal
+SET beamtime_id=aaa
+SET file_transfer_folder=%cd%\asap3\petra3\gpfs\p01\2019\data\%beamtime_id%
+set file_transfer_folder=%file_transfer_folder:\=\\%
+
c:\opt\consul\nomad run authorizer.nmd
c:\opt\consul\nomad run file_transfer.nmd
@@ -7,11 +11,11 @@ ping 1.0.0.0 -n 1 -w 100 > nul
set token=bnCXpOdBV90wU1zybEw1duQNSORuwaKz6oDHqmL35p0=
+mkdir %file_transfer_folder%
+
C:\Curl\curl.exe --silent --data "{\"Folder\":\"%file_transfer_folder%\",\"BeamtimeId\":\"aaa\",\"Token\":\"%token%\"}" 127.0.0.1:5007/folder > token
set /P folder_token=< token
-mkdir %file_transfer_folder%
-
echo hello > %file_transfer_folder%\aaa
C:\Curl\curl.exe --silent -H "Authorization: Bearer %folder_token%" --data "{\"Folder\":\"%file_transfer_folder%\",\"FileName\":\"aaa\",\"Token\":\"%folder_token%\"}" 127.0.0.1:5008/transfer --stderr - | findstr hello || goto :error