fix

paulineribeyre · paulineribeyre · commit fcd3a9a5c2af · 2025-04-30T14:47:46.000-05:00
diff --git a/gen3workflow/routes/s3.py b/gen3workflow/routes/s3.py
@@ -1,5 +1,6 @@
 from datetime import datetime, timezone
 import hashlib
+import traceback
 from typing import Tuple
 import urllib.parse
 
@@ -42,6 +43,7 @@ def get_access_token(headers: Headers) -> Tuple[str, str]:
         (str, str): the user's access token or "" if not found, and the user's ID if the token is
         a client_credentials token
     """
+    # TODO unit tests for this function
     auth_header = headers.get("authorization")
     if not auth_header:
         return "", ""
@@ -51,13 +53,15 @@ def get_access_token(headers: Headers) -> Tuple[str, str]:
         raise HTTPException(HTTP_401_UNAUTHORIZED, err_msg)
     try:
         if "Credential=" in auth_header:  # format 1 (see docstring)
-            access_key_id = auth_header.split("Credential=")[1].split("/")[0]
+            access_token = auth_header.split("Credential=")[1].split("/")[0]
+            user_id = None
         else:  # format 2 (see docstring)
             access_key_id = auth_header.split("AWS ")[1]
             access_key_id = ":".join(access_key_id.split(":")[:-1])
-        access_token, user_id = access_key_id.split(";userId=")
+            access_token, user_id = access_key_id.split(";userId=")
         return access_token, user_id
     except Exception as e:
+        traceback.print_exc()
         logger.error(
             f"Unexpected format; unable to extract access token from authorization header: {e}"
         )
@@ -248,6 +252,7 @@ async def s3_endpoint(path: str, request: Request):
         data=body,
     )
 
+    logger.info(f"DEBUG: aws response = {response.status_code}")
     if response.status_code != 200:
         logger.debug(f"Received a non-200 status code from AWS: {response.status_code}")
         # no need to log 404 errors except in debug mode: they are are expected when running
@@ -259,7 +264,17 @@ async def s3_endpoint(path: str, request: Request):
     # return the response from AWS S3.
     # mask the details of 403 errors from the end user: authentication is done internally by this
     # function, so 403 errors are internal service errors
-    resp_contents = response.content if response.status_code != 403 else None
+    resp_contents = (
+        response.content if response.status_code != HTTP_403_FORBIDDEN else None
+    )
+    logger.info(f"DEBUG: aws resp_contents = {resp_contents}")
+    if "Content-Type" in response.headers:
+        return Response(
+            content=resp_contents,
+            status_code=response.status_code,
+            headers=response.headers,
+            media_type=response.headers["Content-Type"],
+        )
     return Response(
         content=resp_contents,
         status_code=response.status_code,
