Do not attempt to generate URLToken for anonymous downloads (#5078)

This is a regression since last release - fixes #5076
2017-10-17 22:44:27 -07:00 · 2017-10-17 22:44:27 -07:00 · f25bec6bf1
parent 75865efb0e
commit f25bec6bf1
3 changed files with 58 additions and 45 deletions
--- a/browser/app/js/components/Browse.js
+++ b/browser/app/js/components/Browse.js
@ -150,16 +150,21 @@ export default class Browse extends React.Component {
      if (prefix === currentPath) return
      browserHistory.push(utils.pathJoin(currentBucket, encPrefix))
    } else {
-      // Download the selected file.
-      web.CreateURLToken()
-        .then(res => {
-          let url = `${window.location.origin}/minio/download/${currentBucket}/${encPrefix}?token=${res.token}`
-          window.location = url
-        })
-        .catch(err => dispatch(actions.showAlert({
-          type: 'danger',
-          message: err.message
-        })))
+      if (!web.LoggedIn()) {
+        let url = `${window.location.origin}/minio/download/${currentBucket}/${encPrefix}?token=''`
+        window.location = url
+      } else {
+        // Download the selected file.
+        web.CreateURLToken()
+          .then(res => {
+            let url = `${window.location.origin}/minio/download/${currentBucket}/${encPrefix}?token=${res.token}`
+            window.location = url
+          })
+          .catch(err => dispatch(actions.showAlert({
+            type: 'danger',
+            message: err.message
+          })))
+      }
    }
  }

@ -421,18 +426,23 @@ export default class Browse extends React.Component {
      objects: this.props.checkedObjects,
      prefix: this.props.currentPath
    }
+    if (!web.LoggedIn()) {
+      let requestUrl = location.origin + "/minio/zip?token=''"
+      this.xhr = new XMLHttpRequest()
+      dispatch(actions.downloadSelected(requestUrl, req, this.xhr))
+    } else {
+      web.CreateURLToken()
+        .then(res => {
+          let requestUrl = location.origin + "/minio/zip?token=" + res.token

-    web.CreateURLToken()
-      .then(res => {
-        let requestUrl = location.origin + "/minio/zip?token=" + res.token
-
-        this.xhr = new XMLHttpRequest()
-        dispatch(actions.downloadSelected(requestUrl, req, this.xhr))
-      })
-      .catch(err => dispatch(actions.showAlert({
-        type: 'danger',
-        message: err.message
-      })))
+          this.xhr = new XMLHttpRequest()
+          dispatch(actions.downloadSelected(requestUrl, req, this.xhr))
+        })
+        .catch(err => dispatch(actions.showAlert({
+          type: 'danger',
+          message: err.message
+        })))
+    }
  }

  clearSelected() {
--- a/browser/ui-assets.go
+++ b/browser/ui-assets.go
--- a/cmd/jwt.go
+++ b/cmd/jwt.go
@ -93,6 +93,9 @@ func keyFuncCallback(jwtToken *jwtgo.Token) (interface{}, error) {
 }

 func isAuthTokenValid(tokenString string) bool {
+	if tokenString == "" {
+		return false
+	}
 	var claims jwtgo.StandardClaims
 	jwtToken, err := jwtgo.ParseWithClaims(tokenString, &claims, keyFuncCallback)
 	if err != nil {