"Download .zip" fails on charms with terms

[kwmonroe]

Click the download .zip button on a charm with terms, eg:

https://jujucharms.com/u/ibmcharmers/ibm-http/trusty/5

The request will fail. If you try to curl/wget the link, you'll see an error about macaroons:

wget https://api.jujucharms.com/charmstore/v5/~ibmcharmers/trusty/ibm-http-5/archive

This feels like a bug to me. I understand that deployment from the store should be gated on term acceptance, but surely we should be able to download the charm archive. We can already click on all the files and save manually -- why block on downloading them all at once with 'Download .zip'?

[urosj]

We need to properly verify terms agreement, which we currently don't.

[johnsca]

@urosj I thought our story was that the charm code was considered open source and agreeing to the terms was only required for deploying it? That is, it seems to me that the terms agreement applies to the resource payload rather than the charm code itself.

[cmars]

Bump. Ran into this today when trying to download cs:~cmars/mattermost. Actually it was Tim but didn't work for me either. Looks like the web page (https://jujucharms.com/u/cmars/mattermost/16) isn't discharging the third-party caveat on the terms service, even if terms have already been agreed to.

[cmars]

@SimonRichardson @howbazaar @hatched @huwshimi ^^

[frankban]

This is still an issue, and we need to have a conversation about how to fix this.
The storefront (for anonymous users) does not have any notion of bakery auth, so we maybe should trigger a GUI authentication when clicking links to get resources that require a discharge. But the GUI itself, who could easily provide the required macaroons, fails to initiate the macaroon acquisition process. Therefore I created a bug in the GUI as well: juju/juju-gui#3760