Commits

Joel Rivera committed d10ea82

Handle the case when the api is called from the client browser and have the tokens on the session.

  • Participants
  • Parent commits d14114d

Comments (0)

Files changed (1)

lib/galaxy/web/framework/ext/globus/middleware/auth.py

         else:
             return host in self.display_servers
 
+    def __normal_flow_on_dtype_of_request(self, session):
+        user_n_token = self._user_in_session(session)
+        if user_n_token is not None:
+            return self.AUTHENTICATED, user_n_token
+        return self.NOT_AUTHORIZED, ()
+
     def _detect_type_of_request(self, session, env, qs):
         """Always return a type of request and the arguments
         required for the handler.
         # just to allow the "display_servers" part that the remote_user
         # middleware support and still work with the custom tools that
         # needs to make request with the user.
+        path_info = env['PATH_INFO']
+        referer = env.get('HTTP_REFERER', '')
+        # Validate that the request comes from a display server
         if (self.display_servers and 
-            not env['PATH_INFO'].startswith('/globusonline/') and 
+            not path_info.startswith('/globusonline/') and 
             self._is_a_valid_display_server(env)):
             return self.DISPLAY_SERVER, () 
-        if env['PATH_INFO'] == '/':
+        # Handle OAuth
+        if path_info == '/':
             result = self._handle_oauth_flow(session, qs)
-            if result is not None:
+            if result is not None: # this is an OAuth flow.
                 return result
-        elif env['PATH_INFO'].startswith('/api/'):
-             return self.API_CALL, () 
+        # Handle the api calls
+        if path_info.startswith('/api/'):
+            if referer.endswith('/history'): # the request comes from the browser.
+                return self.__normal_flow_on_dtype_of_request(session)
+            else:
+                return self.API_CALL, ()
+        # Handle the impersonate case.
         if (env['REQUEST_METHOD'] == 'POST' and 
-            'HTTP_REFERER' in env and 
-            env['HTTP_REFERER'].endswith('/admin/impersonate')):
+              referer.endswith('/admin/impersonate')):
                 return self.IMPERSONATE, ()
-        user_n_token = self._user_in_session(session)
-        if user_n_token is not None:
-            return self.AUTHENTICATED, user_n_token
-        return self.NOT_AUTHORIZED, ()
+        # If none of the special cases are used then use the
+        # default handlers AUTHENTICATED or NOT_AUTHENTICATED.
+        return self.__normal_flow_on_dtype_of_request(session)
         
     def _user_in_session(self, session):
         if session is not None and \