fix an issue after update RDF gem to 3.0 that frozen request params

ontoportal-lirmm · Feb 27, 2024 · 06b5c5a · 06b5c5a
1 parent d7da977
commit 06b5c5a
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/lib/ontologies_linked_data/security/authorization.rb b/lib/ontologies_linked_data/security/authorization.rb
@@ -1,14 +1,12 @@
 require 'set'
 
-
 module LinkedData
   module Security
     class Authorization
       APIKEYS_FOR_AUTHORIZATION = {}
       USER_APIKEY_PARAM = 'userapikey'.freeze
       API_KEY_PARAM = 'apikey'.freeze
 
-
       def initialize(app = nil)
         @app = app
       end
@@ -23,12 +21,11 @@ def initialize(app = nil)
       def call(env)
         req = Rack::Request.new(env)
         params = req.params
-        
+
         apikey = find_apikey(env, params)
         status = 200
         error_message = ''
 
-
         if !apikey
           status = 401
           error_message = <<-MESSAGE
@@ -48,6 +45,9 @@ def call(env)
         if status.eql?(401) && !bypass?(env)
           LinkedData::Serializer.build_response(env, status: status, body: response)
         else
+          # unfrozen params so that they can be encoded by Rack using occurring after updating the gem RDF to  v3.0
+          env["rack.request.form_hash"]&.transform_values!(&:dup)
+
           status, headers, response = @app.call(env)
           save_apikey_in_cookie(env, headers, apikey, params)
           [status, headers, response]
@@ -64,6 +64,7 @@ def bypass?(env)
       ##
       # Inject a cookie with the API Key if it is present and we're in HTML content type
       COOKIE_APIKEY_PARAM = "ncbo_apikey"
+
       def save_apikey_in_cookie(env, headers, apikey, params)
         # If we're using HTML, inject the apikey in a cookie (ignores bad accept headers)
         best = nil
@@ -95,16 +96,15 @@ def find_apikey(env, params)
         cookie_apikey(env)
       end
 
-
       def authorized?(apikey, env)
         return false if apikey.nil?
 
         if APIKEYS_FOR_AUTHORIZATION.key?(apikey)
           store_user(APIKEYS_FOR_AUTHORIZATION[apikey], env)
         else
           user = LinkedData::Models::User.where(apikey: apikey)
-                                          .include(LinkedData::Models::User.attributes(:all))
-                                          .first
+                                         .include(LinkedData::Models::User.attributes(:all))
+                                         .first
           return false if user.nil?
 
           # This will kind-of break if multiple apikeys exist
@@ -122,7 +122,6 @@ def store_user(user, env)
 
       private
 
-
       def request_header_apikey(env)
         header_auth = get_header_auth(env)
         return if header_auth.empty?
@@ -151,7 +150,7 @@ def get_header_auth(env)
         env["HTTP_AUTHORIZATION"] || env["Authorization"] || ''
       end
 
-      def user_apikey(env,params)
+      def user_apikey(env, params)
         return unless (params["apikey"] && params["userapikey"])
 
         apikey_authed = authorized?(params[API_KEY_PARAM], env)