[Dachs-support] UWS and user access control

Markus Demleitner msdemlei at ari.uni-heidelberg.de
Mon May 2 20:34:05 CEST 2016


Hi Ivan,

On Mon, May 02, 2016 at 07:39:28PM +0200, Ivan Zolotukhin wrote:
> I'm sitting on DaCHS revision 5026. Here's the first bug I came across
> when trying to fetch XML document of the job through the incorrect URL
> belonging to another service:
> 
> $ curl -I http://example.com/res/service1/r/uws.xml/VWmNgD
> HTTP/1.1 303 OK
> Date: Mon, 02 May 2016 17:30:23 GMT
> Content-Type: text/plain
> Location: http://example.com/res/service1/r/uws.xml/http://example.com/res/service2/r/uws.xml/VWmNgD
> Server: TwistedWeb/15.2.1
> 
> Note the incorrectly constructed redirect URL.

Whoops -- this is odd, as it would indicate that DaCHS for some
reason took the entire URL as jobId -- in which case it shouldn't
find it in the first place.

To get to the base of this (which at first glance is a "this can't
happen"), can I ask you to put in something like

  print ">>>>>>>>>>>>>>>", jobId

above the line

		if res[0]["jobClass"]!=self.service.getFullId():

around line 137 in gavo/protocols/useruws.py

and tell me what this prints (use gavo serve debug) when you do your
request?


Thanks,

         Markus



More information about the Dachs-support mailing list