Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
webdav: fix path-to-caveat for macaroon minting endpoint
Motivation: A macaroon request is an HTTP POST request that targets a specific path. If that path is not root ("/") then the HTTP path is used to build a "path" caveat. Commit 99c726e inadvertently broke this feature, resulting in certain dCache users requesting a path-limited macaroon being returned a macaroon without any "path" caveat. Modification: If the HTTP POST request contains a non-root path then, after processing this request in the context of that user's restrictions, verify that a path caveat is requested. If not (because the user has no path restriction) then add the path caveat request. Result: Users without any path restriction in dCache are able to request a path-limited macaroon by specifying a non-root path in the HTTP POST request. Target: master Request: 5.0 Request: 4.2 Request: 4.1 Request: 4.0 Request: 3.2 Requires-notes: yes Requires-book: no Patch: https://rb.dcache.org/r/11573/ Acked-by: Tigran Mkrtchyan
- Loading branch information