Bug #19933
closed
Create working sharing URLs in login federation
Added by Brett Smith over 1 year ago. Updated 9 months ago.
Description
I'm making this an ops ticket because I'm not sure if it's an ops problem or something else. If it's an Arvados bug this can be moved to the Arvados tracker, that's no problem.
Steps to reproduce:
- Visit a collection on workbench2.pirca.arvadosapi.com
- Share→Sharing URLs→Create sharing URL - it looks like
https://pirca-4zz18-collectionuuid.collections.pirca.arvadosapi.com/t=…/_/ - Copy the sharing URL and open in it a new incognito tab
Expected result: You can browse the collection.
Actual result: You get a 404 Not Found error.
Related issues
Updated by Brett Smith 11 months ago
- Related to Bug #20683: sharing links produced by wb2 don't work added
Updated by Peter Amstutz 11 months ago
- Related to deleted (Bug #20683: sharing links produced by wb2 don't work)
Updated by Peter Amstutz 11 months ago
- Has duplicate Bug #20683: sharing links produced by wb2 don't work added
Updated by Peter Amstutz 11 months ago
- Target version set to Future
- Project changed from 40 to Arvados
Updated by Brett Smith 11 months ago
Note the linked ticket: is it possible the reason sharing links are broken is because the API token created for the link needs additional scopes? Namely "GET /arvados/v1/users/current" and "GET /arvados/v1/api_client_authorizations/current".
Updated by Peter Amstutz 11 months ago
Brett Smith wrote in #note-8:
Note the linked ticket: is it possible the reason sharing links are broken is because the API token created for the link needs additional scopes? Namely
"GET /arvados/v1/users/current"and"GET /arvados/v1/api_client_authorizations/current".
That is a very plausible explanation, just need to dig in and confirm it.
Updated by Peter Amstutz 10 months ago
- Target version changed from Future to Development 2023-07-19 sprint
- Assigned To set to Peter Amstutz
Updated by Peter Amstutz 10 months ago
Jul 14 16:32:38 keep.pirca.arvadosapi.com keep-web4808: {"ClusterID":"pirca","PID":4808,"RequestID":"req-870r6vcymxshyedvg06x","level":"info","msg":"request","remoteAddr":"127.0.0.1:47936","reqBytes":0,"reqForwardedFor":"199.125.68.207","reqHost":"pirca-4zz18-8s77zjy4fnd115l.collections.pirca.arvadosapi.com","reqMethod":"GET","reqPath":"t=n58ac2q706i5pmzbmfitow0i0o0yy8v7yxnnsv9f5e2oqkfvl/_/","reqQuery":"","time":"2023-07-14T16:32:38.522752104Z"}
Jul 14 16:32:38 api.pirca.arvadosapi.com arvados-controller14384: {"ClusterID":"pirca","PID":14384,"RequestID":"req-e72snin9pr2kcyriqjno","level":"info","msg":"response","remoteAddr":"127.0.0.1:50644","reqBytes":0,"reqForwardedFor":"10.254.0.199","reqHost":"pirca.arvadosapi.com","reqMethod":"GET","reqPath":"arvados/v1/config","reqQuery":"","respBytes":13364,"respStatus":"OK","respStatusCode":200,"time":"2023-07-14T16:32:38.550378563Z","timeToStatus":0.003002,"timeTotal":0.003078,"timeWriteBody":0.000076,"tokenUUIDs":["v1 token ending in qkfvl"]}
Jul 14 16:32:38 api.pirca.arvadosapi.com arvados-controller14384: {"ClusterID":"pirca","PID":14384,"RequestID":"req-snr0pvomgtcl1je0433r","level":"info","msg":"response","remoteAddr":"127.0.0.1:50660","reqBytes":0,"reqForwardedFor":"10.254.0.199","reqHost":"pirca.arvadosapi.com","reqMethod":"GET","reqPath":"arvados/v1/users/current","reqQuery":"","respBody":"{\"errors\":[\"//railsapi.internal/arvados/v1/users/current: 401 Unauthorized: Not logged in (req-snr0pvomgtcl1je0433r)\"]}\n","respBytes":120,"respStatus":"Unauthorized","respStatusCode":401,"time":"2023-07-14T16:32:38.585373080Z","timeToStatus":0.032742,"timeTotal":0.032757,"timeWriteBody":0.000015,"tokenUUIDs":["v1 token ending in qkfvl"]}
Jul 14 16:32:38 keep.pirca.arvadosapi.com keep-web4808: {"ClusterID":"pirca","PID":4808,"RequestID":"req-870r6vcymxshyedvg06x","level":"info","msg":"response","remoteAddr":"127.0.0.1:47936","reqBytes":0,"reqForwardedFor":"199.125.68.207","reqHost":"pirca-4zz18-8s77zjy4fnd115l.collections.pirca.arvadosapi.com","reqMethod":"GET","reqPath":"t=n58ac2q706i5pmzbmfitow0i0o0yy8v7yxnnsv9f5e2oqkfvl/_/","reqQuery":"","respBody":"Not Found\n","respBytes":10,"respStatus":"Not Found","respStatusCode":404,"time":"2023-07-14T16:32:38.582244489Z","timeToStatus":0.059475,"timeTotal":0.059484,"timeWriteBody":0.000009}
Updated by Peter Amstutz 10 months ago
Seems that the API server isn't accepting the token for some reason.
Updated by Peter Amstutz 10 months ago
- Related to Bug #20750: collection sharing tokens shouldn't leak account info of the person sharing (user/currrent) added
Updated by Peter Amstutz 10 months ago
it's exactly the thing documented in #20249
need to decide if #20750 is a blocker or not.
Updated by Brett Smith 10 months ago
Peter Amstutz wrote in #note-14:
need to decide if #20750 is a blocker or not.
I vote yes, at least for a fix going into a release. There's no indication in the Workbench 2 UI that you're revealing this information, and I can imagine scenarios where it's a very nasty surprise for some user. We should avoid putting ourselves and them in that situation.
Updated by Peter Amstutz 10 months ago
- Target version changed from Development 2023-07-19 sprint to Development 2023-08-02 sprint
Updated by Peter Amstutz 10 months ago
- Target version changed from Development 2023-08-02 sprint to Development 2023-08-16
Updated by Peter Amstutz 10 months ago
- Target version changed from Development 2023-08-16 to Development 2023-08-30
Updated by Peter Amstutz 10 months ago
- Target version changed from Development 2023-08-30 to Development 2023-08-16
Updated by Peter Amstutz 10 months ago
- Subject changed from Sharing URLs don't work on Playground (pirca) to Create working sharing URLs in login federation
Updated by Peter Amstutz 10 months ago
- Related to deleted (Bug #20750: collection sharing tokens shouldn't leak account info of the person sharing (user/currrent))
Updated by Peter Amstutz 10 months ago
- Blocked by Bug #20750: collection sharing tokens shouldn't leak account info of the person sharing (user/currrent) added
Updated by Peter Amstutz 10 months ago
If we do the 2nd note from https://dev.arvados.org/issues/20750#note-12 about special-casing api_client_authorizations/current then we don't need to change the token scopes at all, and this ticket can be closed without requiring any code changes.
Updated by Peter Amstutz 9 months ago
- Target version changed from Development 2023-08-16 to Development 2023-08-30
Updated by Peter Amstutz 9 months ago
This will be fixed by #20750 in Arvados 2.7, I am going to close this ticket because the fix won't require any Workbench 2 changes.
Updated by Peter Amstutz 9 months ago
- Blocked by deleted (Bug #20750: collection sharing tokens shouldn't leak account info of the person sharing (user/currrent))
Updated by Peter Amstutz 9 months ago
- Related to Bug #20750: collection sharing tokens shouldn't leak account info of the person sharing (user/currrent) added
Updated by Peter Amstutz 9 months ago
- Status changed from In Progress to Closed