Merge pull request #873 from uc-cdis/fix/no_force_sign

PXP-7529: sign download urls where no_force_sign=False

fence/blueprints/data/indexd.py

@@ -59,7 +59,8 @@ def get_signed_url_for_file(action, file_id, file_name=None):
     # default to signing the url even if it's a public object
     # this will work so long as we're provided a user token
     force_signed_url = True
-    if flask.request.args.get("no_force_sign"):
+    no_force_sign_param = flask.request.args.get("no_force_sign")
+    if no_force_sign_param and no_force_sign_param.lower() == "true":
         force_signed_url = False
 
     indexed_file = IndexedFile(file_id)

tests/data/test_data.py

@@ -467,14 +467,23 @@ def test_public_object_download_file_no_force_sign(
     """
     Test ``GET /data/download/1?no_force_sign=True``.
     """
-    path = "/data/download/1?no_force_sign=True"
-    response = client.get(path)
+
+    no_force_sign_enabled_path = "/data/download/1?no_force_sign=True"
+    response = client.get(no_force_sign_enabled_path)
     assert response.status_code == 200
     assert "url" in list(response.json.keys())
 
     # make sure we honor no_force_sign, check that response is unsigned raw url
     assert urllib.parse.urlparse(response.json["url"]).query == ""
 
+    no_force_sign_disabled_path = "/data/download/1?no_force_sign=False"
+    response = client.get(no_force_sign_disabled_path)
+    assert response.status_code == 200
+    assert "url" in list(response.json.keys())
+
+    # url should be signed, as normal
+    assert urllib.parse.urlparse(response.json["url"]).query != ""
+
 
 @pytest.mark.parametrize(
     "public_bucket_indexd_client", ["gs", "s3", "gs_acl", "s3_acl"], indirect=True