Merge pull request #2293 from broadinstitute/jb-search-export-private

bistline · web-flow · commit f3d4cc11d0ce · 2025-07-31T09:50:09.000-04:00
Use correct auth token, properly sanitize descriptions in text export (SCP-6036)
diff --git a/app/controllers/api/v1/study_search_results_objects.rb b/app/controllers/api/v1/study_search_results_objects.rb
@@ -137,7 +137,7 @@ def study_text_export(study)
             'SCP',
             study.accession,
             study.name,
-            study.description,
+            Api::V1::StudySearchResultsObjects.strip_newlines(study.description),
             study.public,
             study.detached,
             study.cell_count,
@@ -156,7 +156,7 @@ def study_text_export(study)
             study[:hca_result] ? 'HCA' : 'TDR',
             study[:accession],
             study[:name],
-            study[:description].gsub(/\n/, ''),
+            Api::V1::StudySearchResultsObjects.strip_newlines(study[:description]),
             true,
             false,
             0,
@@ -182,6 +182,11 @@ def result_url_for(study)
         end
       end
 
+      # deal with very old or external descriptions which may have newlines in them
+      def self.strip_newlines(text)
+        text.to_s.gsub(/\n/, ' ').gsub(/\r/, '').strip
+      end
+
       # flatten facet matches into a text string for export
       def self.facet_results_as_text(facets)
         entries = []
diff --git a/app/javascript/lib/scp-api.jsx b/app/javascript/lib/scp-api.jsx
@@ -516,7 +516,7 @@ export async function exportSearchResultsText(searchParams, mock=false) {
   const init = {
     method: 'GET',
     headers: {
-      Authorization: `Bearer ${getOAuthToken()}`
+      Authorization: `Bearer ${getAccessToken()}`
     }
   }
   const [searchResults, perfTimes] = await scpApi(path, init, mock, false, false)
diff --git a/test/js/lib/scp-api.test.js b/test/js/lib/scp-api.test.js
@@ -3,7 +3,7 @@
 import CacheMock from 'browser-cache-mock';
 import 'isomorphic-fetch';
 
-import scpApi, { fetchSearch, fetchFacetFilters, setupRenewalForReadOnlyToken, setUpRenewalForUserAccessToken } from 'lib/scp-api'
+import scpApi, { fetchSearch, exportSearchResultsText, fetchFacetFilters, setupRenewalForReadOnlyToken, setUpRenewalForUserAccessToken } from 'lib/scp-api'
 import * as ServiceWorkerCache from 'lib/service-worker-cache'
 import * as SCPContextProvider from '~/providers/SCPContextProvider'
 import { getTokenExpiry } from '../upload-wizard/upload-wizard-test-utils'
@@ -39,7 +39,7 @@ describe('JavaScript client for SCP REST API', () => {
   })
 
   // Note: tests that mock global.fetch must be cleared after every test
-  afterEach(() => {
+  beforeEach(() => {
     // Restores all mocks back to their original value
     jest.restoreAllMocks()
     jest.spyOn(global, 'setTimeout').mockReset()
@@ -220,4 +220,39 @@ describe('JavaScript client for SCP REST API', () => {
     })
   })
 
+  it('uses user access token for exportSearchResultsText', async () => {
+    const mockSuccessResponse = "test response"
+    const exportFilename = 'scp_search_results_2025-01-01.tsv'
+    const mockFetchPromise = Promise.resolve({
+      ok: true,
+      headers: new Headers(
+        {
+          'Content-Disposition': `attachment; filename="${exportFilename}"`,
+          'Content-Type': 'application/octet-stream'
+        }
+      ),
+      blob: () => {
+        return mockSuccessResponse
+      }
+    })
+    jest.spyOn(global, 'fetch').mockImplementation(() => mockFetchPromise)
+
+    window.SCP = {
+      userAccessToken: 'ya11.b.foo_bar-baz'
+    }
+
+    const params = {type: 'study', page: 1, terms: 'spatial', facets: {}}
+    await exportSearchResultsText(params)
+
+    expect(global.fetch).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        method: 'GET',
+        headers: {
+          Authorization: 'Bearer ya11.b.foo_bar-baz'
+        }
+      })
+    )
+  })
+
 })
diff --git a/test/lib/study_search_results_objects_test.rb b/test/lib/study_search_results_objects_test.rb
@@ -23,4 +23,11 @@ class StudySearchResultsObjectsTest < ActiveSupport::TestCase
     expected_names = ['B cell', 'bipolar neuron', 'retinal bipolar neuron', 'retinal cone cell', 'amacrine cell']
     assert_equal expected_names, merged_data[:cell_type].map { |filter| filter[:name]}
   end
+
+  test 'should remove any newlines from result descriptions' do
+    description = "This is a study description.\nIt has newlines.\n\nAnd some more.\r\n\r\nAnd some Windows newlines."
+    cleaned_description = Api::V1::StudySearchResultsObjects.strip_newlines(description)
+    assert_equal 'This is a study description. It has newlines.  And some more.  And some Windows newlines.',
+                 cleaned_description
+  end
 end

Original file line number	Diff line number	Diff line change
`@@ -516,7 +516,7 @@ export async function exportSearchResultsText(searchParams, mock=false) {`
`516`	`516`	`const init = {`
`517`	`517`	`method: 'GET',`
`518`	`518`	`headers: {`
`519`		- Authorization: `Bearer ${getOAuthToken()}`
	`519`	+ Authorization: `Bearer ${getAccessToken()}`
`520`	`520`	`}`
`521`	`521`	`}`
`522`	`522`	`const [searchResults, perfTimes] = await scpApi(path, init, mock, false, false)`