def test_removed_outgoing_header(self):
self.tempurl = tempurl.filter_factory({"outgoing_remove_headers": "x-test-header-one-a"})(self.auth)
method = "GET"
expires = int(time() + 86400)
path = "/v1/a/c/o"
key = "abc"
hmac_body = "%s\n%s\n%s" % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path, keys=[key], environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)}
)
resp = req.get_response(self.tempurl)
self.assertEqual(resp.status_int, 404)
self.assertTrue("x-test-header-one-a" not in resp.headers)
self.assertEqual(resp.headers["x-test-header-two-a"], "value2")
def test_removed_incoming_header(self):
self.tempurl = tempurl.filter_factory({
'incoming_remove_headers': 'x-remove-this'})(self.auth)
method = 'GET'
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(path, headers={'x-remove-this': 'value'},
environ={'QUERY_STRING':
'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)})
req.environ['swift.cache'].set('temp-url-key/a', key)
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 404)
self.assertTrue('x-remove-this' not in self.app.request.headers)
def test_removed_outgoing_header(self):
self.tempurl = tempurl.filter_factory({
'outgoing_remove_headers': 'x-test-header-one-a'})(self.auth)
method = 'GET'
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(path, keys=[key],
environ={'QUERY_STRING':
'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)})
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 404)
self.assertTrue('x-test-header-one-a' not in resp.headers)
self.assertEquals(resp.headers['x-test-header-two-a'], 'value2')
def test_removed_incoming_header(self):
self.tempurl = tempurl.filter_factory({"incoming_remove_headers": "x-remove-this"})(self.auth)
method = "GET"
expires = int(time() + 86400)
path = "/v1/a/c/o"
key = "abc"
hmac_body = "%s\n%s\n%s" % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path,
keys=[key],
headers={"x-remove-this": "value"},
environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)},
)
resp = req.get_response(self.tempurl)
self.assertEqual(resp.status_int, 404)
self.assertTrue("x-remove-this" not in self.app.request.headers)
def test_disallowed_header_object_manifest(self):
self.tempurl = tempurl.filter_factory({})(self.auth)
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
for method in ('PUT', 'POST'):
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path, method=method, keys=[key],
headers={'x-object-manifest': 'private/secret'},
environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s'
% (sig, expires)})
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 400)
self.assertTrue('header' in resp.body)
self.assertTrue('not allowed' in resp.body)
self.assertTrue('X-Object-Manifest' in resp.body)
def test_allow_trumps_incoming_header_startswith_conflict(self):
self.tempurl = tempurl.filter_factory({
'incoming_remove_headers': 'x-conflict-header-*',
'incoming_allow_headers': 'x-conflict-header-*'})(self.auth)
method = 'GET'
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path, keys=[key],
headers={'x-conflict-header-test': 'value'},
environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
sig, expires)})
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 404)
self.assertTrue('x-conflict-header-test' in self.app.request.headers)
def test_disallowed_header_object_manifest(self):
self.tempurl = tempurl.filter_factory({})(self.auth)
expires = int(time() + 86400)
path = "/v1/a/c/o"
key = "abc"
for method in ("PUT", "POST"):
hmac_body = "%s\n%s\n%s" % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path,
method=method,
keys=[key],
headers={"x-object-manifest": "private/secret"},
environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)},
)
resp = req.get_response(self.tempurl)
self.assertEqual(resp.status_int, 400)
self.assertTrue("header" in resp.body)
self.assertTrue("not allowed" in resp.body)
self.assertTrue("X-Object-Manifest" in resp.body)
def test_removed_incoming_headers_match(self):
self.tempurl = tempurl.filter_factory({
'incoming_remove_headers': 'x-remove-this-*',
'incoming_allow_headers': 'x-remove-this-except-this'})(self.auth)
method = 'GET'
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(path, keys=[key],
headers={'x-remove-this-one': 'value1',
'x-remove-this-except-this': 'value2'},
environ={'QUERY_STRING':
'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)})
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 404)
self.assertTrue('x-remove-this-one' not in self.app.request.headers)
self.assertEquals(
self.app.request.headers['x-remove-this-except-this'], 'value2')
def test_allow_trumps_outgoing_header_conflict(self):
self.tempurl = tempurl.filter_factory({
'outgoing_remove_headers': 'x-conflict-header',
'outgoing_allow_headers': 'x-conflict-header'})(self.auth)
method = 'GET'
expires = int(time() + 86400)
path = '/v1/a/c/o'
key = 'abc'
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path, keys=[key],
headers={},
environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
sig, expires)})
self.tempurl.app = FakeApp(iter([('200 Ok', {
'X-Conflict-Header': 'value'}, '123')]))
resp = req.get_response(self.tempurl)
self.assertEquals(resp.status_int, 200)
self.assertTrue('x-conflict-header' in resp.headers)
self.assertEqual(resp.headers['x-conflict-header'], 'value')
def test_allow_trumps_outgoing_header_startswith_conflict(self):
self.tempurl = tempurl.filter_factory(
{"outgoing_remove_headers": "x-conflict-header-*", "outgoing_allow_headers": "x-conflict-header-*"}
)(self.auth)
method = "GET"
expires = int(time() + 86400)
path = "/v1/a/c/o"
key = "abc"
hmac_body = "%s\n%s\n%s" % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
req = self._make_request(
path,
keys=[key],
headers={},
environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)},
)
self.tempurl.app = FakeApp(iter([("200 Ok", {"X-Conflict-Header-Test": "value"}, "123")]))
resp = req.get_response(self.tempurl)
self.assertEqual(resp.status_int, 200)
self.assertTrue("x-conflict-header-test" in resp.headers)
self.assertEqual(resp.headers["x-conflict-header-test"], "value")
def setUp(self):
self.app = FakeApp()
self.auth = tempauth.filter_factory({})(self.app)
self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self):
self.app = FakeApp()
self.auth = tempauth_only_once.filter_factory({'reseller_prefix': ''})(self.app)
self.tempurl = tempurl.filter_factory({})(self.auth)
def test_registered_defaults(self):
tempurl.filter_factory({})
swift_info = utils.get_swift_info()
self.assertTrue("tempurl" in swift_info)
self.assertEqual(set(swift_info["tempurl"]["methods"]), set(("GET", "HEAD", "PUT", "POST", "DELETE")))
def test_non_default_methods(self):
tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'})
swift_info = utils.get_swift_info()
self.assertTrue('tempurl' in swift_info)
self.assertEqual(set(swift_info['tempurl']['methods']),
set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))
def test_registered_defaults(self):
tempurl.filter_factory({})
swift_info = utils.get_swift_info()
self.assertTrue('tempurl' in swift_info)
self.assertEqual(set(swift_info['tempurl']['methods']),
set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
def setUp(self):
self.app = FakeApp()
self.auth = tempauth.filter_factory({})(self.app)
self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self):
self.app = FakeApp()
self.auth = tempauth.filter_factory({})(self.app)
self.auth.reseller_prefix = 'a'
self.tempurl = tempurl.filter_factory({})(self.auth)
def test_non_default_methods(self):
tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'})
swift_info = utils.get_swift_info()
self.assertTrue('tempurl' in swift_info)
self.assertEqual(set(swift_info['tempurl']['methods']),
set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))
def test_non_default_methods(self):
tempurl.filter_factory({"methods": "GET HEAD PUT DELETE BREW"})
swift_info = utils.get_swift_info()
self.assertTrue("tempurl" in swift_info)
self.assertEqual(set(swift_info["tempurl"]["methods"]), set(("GET", "HEAD", "PUT", "DELETE", "BREW")))
def setUp(self):
self.app = FakeApp()
self.auth = tempauth.filter_factory({})(self.app)
self.auth.reseller_prefix = 'a'
self.tempurl = tempurl.filter_factory({})(self.auth)
def test_registered_defaults(self):
tempurl.filter_factory({})
swift_info = utils.get_swift_info()
self.assertTrue('tempurl' in swift_info)
self.assertEqual(set(swift_info['tempurl']['methods']),
set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
