diff --git a/.secrets.baseline b/.secrets.baseline index 59e25190..056a0af8 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": null, "lines": null }, - "generated_at": "2020-12-17T14:53:23Z", + "generated_at": "2021-02-09T16:11:33Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -198,7 +198,7 @@ { "hashed_secret": "5666c088b494f26cd8f63ace013992f5fc391ce0", "is_verified": false, - "line_number": 25, + "line_number": 31, "type": "Hex High Entropy String" } ], diff --git a/indexd/fence_client.py b/indexd/fence_client.py index 62bcc405..6a56a5eb 100644 --- a/indexd/fence_client.py +++ b/indexd/fence_client.py @@ -26,6 +26,8 @@ def get_signed_url_for_object(self, object_id, access_id): raise AuthError("Not Authorized. Access Token Required.") if access_id: url += "?protocol=" + access_id + if flask.request.query_string: + url = f"{url}&{flask.request.query_string.decode()}" try: req = requests.get(url, headers=headers) except Exception as e: diff --git a/tests/test_drs.py b/tests/test_drs.py index 5cf2bffb..c68cdb1c 100644 --- a/tests/test_drs.py +++ b/tests/test_drs.py @@ -6,10 +6,16 @@ from tests.test_bundles import get_bundle_doc -def generate_presigned_url_response(did, protocol="", status=200): - full_url = ( - "https://fictitious-commons.io/data/download/" + did + "?protocol=" + protocol - ) +def generate_presigned_url_response(did, status=200, **query_params): + if query_params: + query_string = "&".join( + f"{param}={value}" for param, value in query_params.items() + ) + full_url = ( + "https://fictitious-commons.io/data/download/" + did + "?" + query_string + ) + else: + full_url = "https://fictitious-commons.io/data/download/" + did presigned_url = { "url": "https://storage.googleapis.com/nih-mock-project-released-phs123-c2/RootStudyConsentSet_phs000007.Whatever.v666.p1.c2.FBI-BMW-CIA.tar.gz?GoogleAccessId=internal-someuser-1399@dcpstage-210518.iam.gserviceaccount.com&Expires=1582215120&Signature=hUsgjkegdsfkjbsajkafnsdjksdnfjknbdsajkfbsdkjfbjdfbkjdasfbnjsdnfjsnd2FTr%2FKs2kGKs0fJ8v5elFk5NQAYdrGcU3kROrzJuHUbI%2BMZ839SAbAz2rbMBuC9e46%2BdB91%2FA==&userProject=dcf-mock-project" } @@ -117,7 +123,7 @@ def test_get_presigned_url_unauthorized(client, user): res_1 = client.post("/index/", json=data, headers=user) assert res_1.status_code == 200 rec_1 = res_1.json - generate_presigned_url_response(rec_1["did"], "s3", status=401) + generate_presigned_url_response(rec_1["did"], protocol="s3", status=401) res_2 = client.get( "/ga4gh/drs/v1/objects/" + rec_1["did"] + "/access/s3", headers=user, @@ -133,7 +139,7 @@ def test_get_presigned_url_with_access_id(client, user): rec_1 = res_1.json access_id_list = ["s3", "gs", "ftp"] for access_id in access_id_list: - presigned = generate_presigned_url_response(rec_1["did"], access_id) + presigned = generate_presigned_url_response(rec_1["did"], protocol=access_id) res_2 = client.get( "/ga4gh/drs/v1/objects/" + rec_1["did"] + "/access/" + access_id, headers={"AUTHORIZATION": "12345"}, @@ -147,7 +153,7 @@ def test_get_presigned_url_no_access_id(client, user): res_1 = client.post("/index/", json=data, headers=user) assert res_1.status_code == 200 rec_1 = res_1.json - generate_presigned_url_response(rec_1["did"], "s3") + generate_presigned_url_response(rec_1["did"], protocol="s3") res_2 = client.get( "/ga4gh/drs/v1/objects/" + rec_1["did"] + "/access/", headers={"AUTHORIZATION": "12345"}, @@ -160,7 +166,7 @@ def test_get_presigned_url_no_bearer_token(client, user): res_1 = client.post("/index/", json=data, headers=user) assert res_1.status_code == 200 rec_1 = res_1.json - generate_presigned_url_response(rec_1["did"], "s3") + generate_presigned_url_response(rec_1["did"], protocol="s3") res_2 = client.get("/ga4gh/drs/v1/objects/" + rec_1["did"] + "/access/s3") assert res_2.status_code == 403 @@ -171,7 +177,7 @@ def test_get_presigned_url_wrong_access_id(client, user): res_1 = client.post("/index/", json=data, headers=user) assert res_1.status_code == 200 rec_1 = res_1.json - generate_presigned_url_response(rec_1["did"], "s2", status=404) + generate_presigned_url_response(rec_1["did"], protocol="s2", status=404) res_2 = client.get( "/ga4gh/drs/v1/objects/" + rec_1["did"] + "/access/s2", headers={"AUTHORIZATION": "12345"}, @@ -208,10 +214,39 @@ def test_get_presigned_url_with_encoded_slash(client, user): rec_1 = res_1.json access_id_list = ["s3", "gs", "ftp"] for access_id in access_id_list: - presigned = generate_presigned_url_response(rec_1["did"], access_id) + presigned = generate_presigned_url_response(rec_1["did"], protocol=access_id) res_2 = client.get( "/ga4gh/drs/v1/objects/" + did + "/access/" + access_id, headers={"AUTHORIZATION": "12345"}, ) assert res_2.status_code == 200 assert res_2.json == presigned + + +@responses.activate +def test_get_presigned_url_with_query_params(client, user): + data = get_doc() + data["did"] = "dg.TEST/ed8f4658-6acd-4f96-9dd8-3709890c959e" + did = "dg.TEST%2Fed8f4658-6acd-4f96-9dd8-3709890c959e" + res_1 = client.post("/index/", json=data, headers=user) + assert res_1.status_code == 200 + + rec_1 = res_1.json + access_id_list = ["s3", "gs", "ftp"] + for access_id in access_id_list: + presigned = generate_presigned_url_response( + rec_1["did"], + protocol=access_id, + userProject="someproject", + arbitrary_parameter="val", + ) + res_2 = client.get( + "/ga4gh/drs/v1/objects/" + + did + + "/access/" + + access_id + + "?userProject=someproject&arbitrary_parameter=val", + headers={"AUTHORIZATION": "12345"}, + ) + assert res_2.status_code == 200 + assert res_2.json == presigned