def setUpClass(cls): super(FormPostTest, cls).setUpClass() cls.key_cache_time = ( cls.objectstorage_api_config.tempurl_key_cache_time) cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY cls.object_name = cls.behaviors.VALID_OBJECT_NAME cls.object_data = cls.behaviors.VALID_OBJECT_DATA cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA)) cls.http_client = HTTPClient() cls.redirect_url = "http://example.com/form_post_test"
def setUpClass(cls): super(TempUrl, cls).setUpClass() cls.key_cache_time = ( cls.objectstorage_api_config.tempurl_key_cache_time) cls.http = HTTPClient() cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY cls.object_name = cls.behaviors.VALID_OBJECT_NAME cls.obj_name_containing_trailing_slash = \ cls.behaviors.VALID_OBJECT_NAME_WITH_TRAILING_SLASH cls.obj_name_containing_slash = \ cls.behaviors.VALID_OBJECT_NAME_WITH_SLASH cls.object_data = cls.behaviors.VALID_OBJECT_DATA cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA))
def setUpClass(cls): super(FormPostTest, cls).setUpClass() cls.key_cache_time = ( cls.objectstorage_api_config.tempurl_key_cache_time) cls.object_name = Constants.VALID_OBJECT_NAME cls.object_data = Constants.VALID_OBJECT_DATA cls.content_length = str(len(Constants.VALID_OBJECT_DATA)) cls.http_client = HTTPClient() cls.redirect_url = "http://example.com/form_post_test" keys_set = cls.behaviors.check_account_tempurl_keys() if keys_set: metadata_response = cls.client.get_account_metadata() cls.tempurl_key = \ metadata_response.headers.get("X-Account-Meta-Temp-Url-Key") else: raise Exception("An error occurred while checking for Account " "TempURL keys")
def setUpClass(cls): super(CORSTest, cls).setUpClass() cls.dumb_client = HTTPClient() cls.object_name = Constants.VALID_OBJECT_NAME
def ddtest_object_override_container_cors_with_tempurl( self, object_type, generate_object): """ Scenario: Create a container with CORS headers. Create a object with CORS headers. Retrieve the object via TempURL. Expected Results: If no Origin is set: The object should be returned with no CORS headers. If the Origin matches the object's Allow-Origin: The object should be returned with the CORS headers. If strict_cors_mode == True and the Origin does not match: The object should be returned with no CORS headers. If strict_cors_mode == False and the Origin does not match: The object should be returned with the CORS headers. """ container_expose_headers = ['Content-Length', 'Etag'] container_headers = { 'X-Container-Meta-Access-Control-Allow-Origin': 'http://foo.com', 'X-Container-Meta-Access-Control-Expose-Headers': ','.join(container_expose_headers)} container_name = self.create_temp_container( descriptor='container-smoke', headers=container_headers) object_expose_headers = ['X-Timestamp', 'X-Trans-Id'] object_headers = { 'Content-Type': 'text/plain', 'X-Object-Meta-Access-Control-Allow-Origin': 'http://bar.com', 'X-Object-Meta-Access-Control-Expose-Headers': ','.join(object_expose_headers)} object_name = 'object' object_headers = {'Content-Type': 'text/plain'} generate_object(container_name, object_name, headers=object_headers) tempurl_key = self.behaviors.get_tempurl_key() tempurl_info = self.client.create_temp_url( 'GET', container_name, object_name, 900, tempurl_key) dumb_client = HTTPClient() # Requests with no Origin should not return CORS headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}) self.assertTrue( 'Access-Control-Allow-Origin' not in response.headers, 'Allow-Origin header should not be returned.') self.assertTrue( 'Access-Control-Expose-Headers' not in response.headers, 'Expose-Headers should not be returned.') # Requests with Origin which matches object, should return CORS # headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}, headers={'Origin': 'http://bar.com'}) self.assertTrue( 'Access-Control-Allow-Origin' in response.headers, 'Allow-Origin header should be returned.') self.assertEqual( 'http://bar.com', response.headers.get( 'Access-Control-Allow-Origin', ''), 'Allow-Origin header should be returned.') self.assertTrue( 'Access-Control-Expose-Headers' in response.headers, 'Expose-Headers should be returned.') if self.objectstorage_api_config.strict_cors_mode: # CORS should work according to the spec. # Requests with Origin which matches container, should not return # CORS headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}, headers={'Origin': 'http://foo.com'}) self.assertTrue( 'Access-Control-Allow-Origin' not in response.headers, 'Allow-Origin header should not be returned.') self.assertTrue( 'Access-Control-Expose-Headers' not in response.headers, 'Expose-Headers should not be returned.') # Requests with Origin which does not match, should not return # CORS headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}, headers={'Origin': 'http://example.com'}) self.assertTrue( 'Access-Control-Allow-Origin' not in response.headers, 'Allow-Origin header should not be returned.') self.assertTrue( 'Access-Control-Expose-Headers' not in response.headers, 'Expose-Headers should not be returned.') else: # Early implementation of CORS. # Requests with Origin which matches container, should not return # CORS headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}, headers={'Origin': 'http://foo.com'}) self.assertTrue( 'Access-Control-Allow-Origin' in response.headers, 'Allow-Origin header should be returned.') self.assertTrue( 'Access-Control-Expose-Headers' in response.headers, 'Expose-Headers should be returned.') # Requests with Origin which does not match, should not return # CORS headers. response = dumb_client.request( 'GET', tempurl_info.get('target_url'), params={ 'temp_url_sig': tempurl_info.get('signature'), 'temp_url_expires': tempurl_info.get('expires')}, headers={'Origin': 'http://example.com'}) self.assertTrue( 'Access-Control-Allow-Origin' in response.headers, 'Allow-Origin header should be returned with ' 'differing origin.') self.assertTrue( 'Access-Control-Expose-Headers' in response.headers, 'Expose-Headers should be returned with ' 'differing origin.')
def test_container_cors_with_formpost(self): """ Scenario: Create a container with CORS headers. POST an object to the container via FormPOST. Expected Results: If no Origin is set: The response should be returned with no CORS headers. If the Origin matches the Allow-Origin set: The response should be returned with the CORS headers. If strict_cors_mode == True and the Origin does not match: The response should be returned with no CORS headers. If strict_cors_mode == False and the Origin does not match: The response should be returned with the CORS headers. """ expose_headers = ['Content-Length', 'Etag', 'X-Timestamp', 'X-Trans-Id'] container_headers = { 'X-Container-Meta-Access-Control-Allow-Origin': 'http://example.com', 'X-Container-Meta-Access-Control-Max-Age': '5', 'X-Container-Meta-Access-Control-Expose-Headers': ','.join(expose_headers)} container_name = self.create_temp_container( descriptor='container-smoke', headers=container_headers) tempurl_key = self.behaviors.get_tempurl_key() files = [{'name': 'foo1'}] # Requests with no Origin should not return CORS headers. formpost_info = self.client.create_formpost( container_name, files, key=tempurl_key) dumb_client = HTTPClient() headers = formpost_info.get('headers') response = dumb_client.post( formpost_info.get('target_url'), headers=headers, data=formpost_info.get('body'), requestslib_kwargs={'allow_redirects': False}) self.assertTrue(303, response.status_code) self.assertTrue('location' in response.headers) self.assertTrue('access-control-expose-headers' not in response.headers) self.assertTrue('access-control-allow-origin' not in response.headers) # Requests with Origin which does match, should return CORS headers. formpost_info = self.client.create_formpost( container_name, files, key=tempurl_key) dumb_client = HTTPClient() headers = formpost_info.get('headers') headers['Origin'] = 'http://example.com' response = dumb_client.post( formpost_info.get('target_url'), headers=headers, data=formpost_info.get('body'), requestslib_kwargs={'allow_redirects': False}) self.assertTrue(303, response.status_code) self.assertTrue('access-control-expose-headers' in response.headers) self.assertTrue('location' in response.headers) self.assertTrue('access-control-allow-origin' in response.headers) if self.objectstorage_api_config.strict_cors_mode: # CORS should work according to the spec. # Requests with Origin which does not match, should not return # CORS headers. formpost_info = self.client.create_formpost( container_name, files, key=tempurl_key) dumb_client = HTTPClient() headers = formpost_info.get('headers') headers['Origin'] = 'http://foo.com' response = dumb_client.post( formpost_info.get('target_url'), headers=headers, data=formpost_info.get('body'), requestslib_kwargs={'allow_redirects': False}) self.assertTrue(303, response.status_code) self.assertTrue('access-control-expose-headers' not in response.headers) self.assertTrue('location' not in response.headers) self.assertTrue('access-control-allow-origin' not in response.headers) else: # Early implementation of CORS. # Requests with Origin which does not match, should not return # CORS headers. formpost_info = self.client.create_formpost( container_name, files, key=tempurl_key) dumb_client = HTTPClient() headers = formpost_info.get('headers') headers['Origin'] = 'http://foo.com' response = dumb_client.post( formpost_info.get('target_url'), headers=headers, data=formpost_info.get('body'), requestslib_kwargs={'allow_redirects': False}) self.assertTrue(303, response.status_code) self.assertTrue('access-control-expose-headers' in response.headers) self.assertTrue('location' in response.headers) self.assertTrue('access-control-allow-origin' in response.headers)