Merge branch 'release_16.01'

galaxyproject · May 3, 2016 · e77d3f0 · e77d3f0
2 parents b794740 + 063b25f
commit e77d3f0
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 32 deletions.
diff --git a/lib/galaxy/web/framework/middleware/remoteuser.py b/lib/galaxy/web/framework/middleware/remoteuser.py
@@ -40,13 +40,14 @@
 
 
 class RemoteUser( object ):
-    def __init__( self, app, maildomain=None, display_servers=None, admin_users=None, remote_user_header=None, remote_user_secret_header=None ):
+    def __init__( self, app, maildomain=None, display_servers=None, admin_users=None, remote_user_header=None, remote_user_secret_header=None, normalize_remote_user_email=False ):
         self.app = app
         self.maildomain = maildomain
         self.display_servers = display_servers or []
         self.admin_users = admin_users or []
         self.remote_user_header = remote_user_header or 'HTTP_REMOTE_USER'
         self.config_secret_header = remote_user_secret_header
+        self.normalize_remote_user_email = normalize_remote_user_email
 
     def __call__( self, environ, start_response ):
         # Allow display servers
@@ -59,11 +60,21 @@ def __call__( self, environ, start_response ):
             if host in self.display_servers:
                 environ[ self.remote_user_header ] = 'remote_display_server@%s' % ( self.maildomain or 'example.org' )
                 return self.app( environ, start_response )
-        # Apache sets REMOTE_USER to the string '(null)' when using the
-        # Rewrite* method for passing REMOTE_USER and a user is
-        # un-authenticated.  Any other possible values need to go here as well.
+
+        if self.remote_user_header in environ:
+            # process remote user with configuration options.
+            if self.normalize_remote_user_email:
+                environ[self.remote_user_header] = environ[self.remote_user_header].lower()
+            if self.maildomain and '@' not in environ[self.remote_user_header]:
+                environ[self.remote_user_header] = "%s@%s" % (environ[self.remote_user_header], self.maildomain)
+
         path_info = environ.get('PATH_INFO', '')
 
+        # The API handles its own authentication via keys
+        # Check for API key before checking for header
+        if path_info.startswith( '/api/' ):
+            return self.app( environ, start_response )
+
         # If the secret header is enabled, we expect upstream to send along some key
         # in HTTP_GX_SECRET, so we'll need to compare that here to the correct value
         #
@@ -76,12 +87,7 @@ def __call__( self, environ, start_response ):
         # seems improbable that an attacker with access to the server hosting
         # Galaxy would not have access to Galaxy itself, and be attempting to
         # attack the system
-        if path_info.startswith( '/api/' ):
-            # The API handles its own authentication via keys
-            # Check for API key before checking for header
-            return self.app( environ, start_response )
-
-        elif self.config_secret_header is not None:
+        if self.config_secret_header is not None:
             if environ.get('HTTP_GX_SECRET') is None:
                 title = "Access to Galaxy is denied"
                 message = """
@@ -95,7 +101,6 @@ def __call__( self, environ, start_response ):
                 access Galaxy.
                 """
                 return self.error( start_response, title, message )
-
             if not safe_str_cmp(environ.get('HTTP_GX_SECRET', ''), self.config_secret_header):
                 title = "Access to Galaxy is denied"
                 message = """
@@ -110,6 +115,9 @@ def __call__( self, environ, start_response ):
                 """
                 return self.error( start_response, title, message )
 
+        # Apache sets REMOTE_USER to the string '(null)' when using the
+        # Rewrite* method for passing REMOTE_USER and a user is
+        # un-authenticated.  Any other possible values need to go here as well.
         if not environ.get(self.remote_user_header, '(null)').startswith('(null)'):
             if not environ[ self.remote_user_header ].count( '@' ):
                 if self.maildomain is not None:
@@ -127,7 +135,6 @@ def __call__( self, environ, start_response ):
                         before you may access Galaxy.
                     """
                     return self.error( start_response, title, message )
-
             user_accessible_paths = (
                 '/user/api_keys',
                 '/user/edit_username',

diff --git a/lib/galaxy/web/framework/webapp.py b/lib/galaxy/web/framework/webapp.py
@@ -382,8 +382,6 @@ def _ensure_valid_session( self, session_cookie, create=True):
             assert self.app.config.remote_user_header in self.environ, \
                 "use_remote_user is set but %s header was not provided" % self.app.config.remote_user_header
             remote_user_email = self.environ[ self.app.config.remote_user_header ]
-            if getattr( self.app.config, "normalize_remote_user_email", False ):
-                remote_user_email = remote_user_email.lower()
             if galaxy_session:
                 # An existing session, make sure correct association exists
                 if galaxy_session.user is None:

diff --git a/lib/galaxy/webapps/galaxy/buildapp.py b/lib/galaxy/webapps/galaxy/buildapp.py
@@ -688,7 +688,8 @@ def wrap_in_middleware( app, global_conf, **local_conf ):
                           display_servers=util.listify( conf.get( 'display_servers', '' ) ),
                           admin_users=conf.get( 'admin_users', '' ).split( ',' ),
                           remote_user_header=conf.get( 'remote_user_header', 'HTTP_REMOTE_USER' ),
-                          remote_user_secret_header=conf.get('remote_user_secret', None) )
+                          remote_user_secret_header=conf.get('remote_user_secret', None),
+                          normalize_remote_user_email=conf.get('normalize_remote_user_email', False))
     # The recursive middleware allows for including requests in other
     # requests or forwarding of requests, all on the server side.
     if asbool(conf.get('use_recursive', True)):

diff --git a/lib/galaxy/workflow/run.py b/lib/galaxy/workflow/run.py
@@ -166,7 +166,10 @@ def invoke( self ):
                     workflow_invocation_step = model.WorkflowInvocationStep()
                     workflow_invocation_step.workflow_invocation = workflow_invocation
                     workflow_invocation_step.workflow_step = step
-                    workflow_invocation_step.job = job
+                    # Job may not be generated in this thread if bursting is enabled
+                    # https://github.com/galaxyproject/galaxy/issues/2259
+                    if job:
+                        workflow_invocation_step.job_id = job.id
             except modules.DelayedWorkflowEvaluation:
                 step_delayed = delayed_steps = True
                 self.progress.mark_step_outputs_delayed( step )

diff --git a/templates/webapps/galaxy/library/common/browse_library.mako b/templates/webapps/galaxy/library/common/browse_library.mako
@@ -300,7 +300,7 @@
                 <td id="libraryItemInfo">${render_library_item_info( ldda )}</td>
                 <td>${ldda.extension | h}</td>
             % endif
-            <td>${ldda.create_time.strftime( trans.app.config.pretty_datetime_format ) | h}</td>
+            <td>${util.unicodify(ldda.create_time.strftime( trans.app.config.pretty_datetime_format )) | h}</td>
             <td>${ldda.get_size( nice_size=True ) | h}</td>
         </tr>
         <%

diff --git a/templates/webapps/galaxy/library/common/ldda_info.mako b/templates/webapps/galaxy/library/common/ldda_info.mako
@@ -101,7 +101,7 @@
         </div>
         <div class="form-row">
             <label>Date uploaded:</label>
-            ${ldda.create_time.strftime( trans.app.config.pretty_datetime_format ) | h}
+            ${util.unicodify(ldda.create_time.strftime( trans.app.config.pretty_datetime_format )) | h}
             <div style="clear: both"></div>
         </div>
         <div class="form-row">

diff --git a/test/tool_shed/base/twilltestcase.py b/test/tool_shed/base/twilltestcase.py
@@ -10,7 +10,6 @@
 
 import twill.commands as tc
 from mercurial import commands, hg, ui
-from mercurial.util import Abort
 
 import galaxy.model.tool_shed_install as galaxy_model
 import galaxy.util
@@ -256,20 +255,17 @@ def clone_repository( self, repository, destination_path ):
     def commit_and_push( self, repository, hgrepo, options, username, password ):
         url = 'http://%s:%s@%s:%s/repos/%s/%s' % ( username, password, self.host, self.port, repository.user.username, repository.name )
         commands.commit( ui.ui(), hgrepo, **options )
-        try:
-            commands.push( ui.ui(), hgrepo, dest=url )
-        except Abort as a:
-            message = a
-            if 'authorization failed' in message:
-                return False
-            else:
-                raise
-        except Exception as e:
-            if str(e).find('Pushing to Tool Shed is disabled') != -1:
-                return False
+        #  Try pushing multiple times as it transiently fails on Jenkins.
+        #  TODO: Figure out why that happens
+        for i in range(2):
+            try:
+                commands.push( ui.ui(), hgrepo, dest=url )
+            except Exception as e:
+                if str(e).find('Pushing to Tool Shed is disabled') != -1:
+                    return False
             else:
-                raise
-        return True
+                return True
+        raise
 
     def create_category( self, **kwd ):
         category = test_db_util.get_category_by_name( kwd[ 'name' ] )