Project

General

Profile

Actions

Bug #18676

closed

[api] handle anonymous token like system root token, removing need for db record

Added by Ward Vandewege almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
-
Release relationship:
Auto

Description

As per the configuration reference:

      # Set AnonymousUserToken to enable anonymous user access. Populate this
      # field with a long random string. Then run "bundle exec
      # ./script/get_anonymous_user_token.rb" in the directory where your API
      # server is running to record the token in the database.
      AnonymousUserToken: "" 

The salt-based installer does not run that ruby script, which means the anonymous user token is unusable. Observed on 2.3-release.

It would be nice to do away with the need to run this script to make the anonymous token work.

Tom suggests: I suspect we could handle the anonymous token the same way we handle system root token, in app/models/api_client_authorization.rb -> check_system_root_token ... no db record or rake task needed. It would change the semantics a bit (changing the config would invalidate the old token, if you wanted multiple anon tokens you'd need to create real db records) which I think would be an improvement.

TODO:
  • make the rails adjustment as Tom suggested
  • update documentation
  • remove script/get_anonymous_user_token.rb and any remaining references to it

Subtasks 1 (0 open1 closed)

Task #18720: review 18676-anon-token-improvementResolvedWard Vandewege02/11/2022Actions

Related issues 2 (0 open2 closed)

Related to Arvados - Feature #17298: remove the need to run get_anonymous_user_token.rb during installationResolvedActions
Related to Arvados - Bug #18887: [federation] wb1 fiddlesticks in login federationResolvedWard Vandewege03/25/2022Actions
Actions

Also available in: Atom PDF