예제 #1
0
 def setUpClass(cls):
     super(FormPostTest, cls).setUpClass()
     cls.key_cache_time = (
         cls.objectstorage_api_config.tempurl_key_cache_time)
     cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY
     cls.object_name = cls.behaviors.VALID_OBJECT_NAME
     cls.object_data = cls.behaviors.VALID_OBJECT_DATA
     cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA))
     cls.http_client = HTTPClient()
     cls.redirect_url = "http://example.com/form_post_test"
예제 #2
0
 def setUpClass(cls):
     super(TempUrl, cls).setUpClass()
     cls.key_cache_time = (
         cls.objectstorage_api_config.tempurl_key_cache_time)
     cls.http = HTTPClient()
     cls.tempurl_key = cls.behaviors.VALID_TEMPURL_KEY
     cls.object_name = cls.behaviors.VALID_OBJECT_NAME
     cls.obj_name_containing_trailing_slash = \
         cls.behaviors.VALID_OBJECT_NAME_WITH_TRAILING_SLASH
     cls.obj_name_containing_slash = \
         cls.behaviors.VALID_OBJECT_NAME_WITH_SLASH
     cls.object_data = cls.behaviors.VALID_OBJECT_DATA
     cls.content_length = str(len(cls.behaviors.VALID_OBJECT_DATA))
예제 #3
0
    def setUpClass(cls):
        super(FormPostTest, cls).setUpClass()
        cls.key_cache_time = (
            cls.objectstorage_api_config.tempurl_key_cache_time)
        cls.object_name = Constants.VALID_OBJECT_NAME
        cls.object_data = Constants.VALID_OBJECT_DATA
        cls.content_length = str(len(Constants.VALID_OBJECT_DATA))
        cls.http_client = HTTPClient()
        cls.redirect_url = "http://example.com/form_post_test"

        keys_set = cls.behaviors.check_account_tempurl_keys()
        if keys_set:
            metadata_response = cls.client.get_account_metadata()
            cls.tempurl_key = \
                metadata_response.headers.get("X-Account-Meta-Temp-Url-Key")
        else:
            raise Exception("An error occurred while checking for Account "
                            "TempURL keys")
예제 #4
0
    def setUpClass(cls):
        super(CORSTest, cls).setUpClass()

        cls.dumb_client = HTTPClient()
        cls.object_name = Constants.VALID_OBJECT_NAME
예제 #5
0
    def ddtest_object_override_container_cors_with_tempurl(
            self, object_type, generate_object):
        """
        Scenario:
            Create a container with CORS headers.
            Create a object with CORS headers.
            Retrieve the object via TempURL.

        Expected Results:
            If no Origin is set:
                The object should be returned with no CORS headers.
            If the Origin matches the object's Allow-Origin:
                The object should be returned with the CORS headers.
            If strict_cors_mode == True and the Origin does not match:
                The object should be returned with no CORS headers.
            If strict_cors_mode == False and the Origin does not match:
                The object should be returned with the CORS headers.
        """
        container_expose_headers = ['Content-Length', 'Etag']
        container_headers = {
            'X-Container-Meta-Access-Control-Allow-Origin':
            'http://foo.com',
            'X-Container-Meta-Access-Control-Expose-Headers':
            ','.join(container_expose_headers)}
        container_name = self.create_temp_container(
            descriptor='container-smoke', headers=container_headers)

        object_expose_headers = ['X-Timestamp', 'X-Trans-Id']
        object_headers = {
            'Content-Type': 'text/plain',
            'X-Object-Meta-Access-Control-Allow-Origin':
            'http://bar.com',
            'X-Object-Meta-Access-Control-Expose-Headers':
            ','.join(object_expose_headers)}
        object_name = 'object'
        object_headers = {'Content-Type': 'text/plain'}
        generate_object(container_name, object_name, headers=object_headers)
        tempurl_key = self.behaviors.get_tempurl_key()
        tempurl_info = self.client.create_temp_url(
            'GET', container_name, object_name, 900, tempurl_key)

        dumb_client = HTTPClient()

        # Requests with no Origin should not return CORS headers.
        response = dumb_client.request(
            'GET', tempurl_info.get('target_url'), params={
                'temp_url_sig': tempurl_info.get('signature'),
                'temp_url_expires': tempurl_info.get('expires')})
        self.assertTrue(
            'Access-Control-Allow-Origin' not in response.headers,
            'Allow-Origin header should not be returned.')
        self.assertTrue(
            'Access-Control-Expose-Headers' not in response.headers,
            'Expose-Headers should not be returned.')

        # Requests with Origin which matches object, should return CORS
        # headers.
        response = dumb_client.request(
            'GET', tempurl_info.get('target_url'), params={
                'temp_url_sig': tempurl_info.get('signature'),
                'temp_url_expires': tempurl_info.get('expires')},
            headers={'Origin': 'http://bar.com'})
        self.assertTrue(
            'Access-Control-Allow-Origin' in response.headers,
            'Allow-Origin header should be returned.')
        self.assertEqual(
            'http://bar.com', response.headers.get(
                'Access-Control-Allow-Origin', ''),
            'Allow-Origin header should be returned.')
        self.assertTrue(
            'Access-Control-Expose-Headers' in response.headers,
            'Expose-Headers should be returned.')

        if self.objectstorage_api_config.strict_cors_mode:
            # CORS should work according to the spec.

            # Requests with Origin which matches container, should not return
            # CORS headers.
            response = dumb_client.request(
                'GET', tempurl_info.get('target_url'), params={
                    'temp_url_sig': tempurl_info.get('signature'),
                    'temp_url_expires': tempurl_info.get('expires')},
                headers={'Origin': 'http://foo.com'})
            self.assertTrue(
                'Access-Control-Allow-Origin' not in response.headers,
                'Allow-Origin header should not be returned.')
            self.assertTrue(
                'Access-Control-Expose-Headers' not in response.headers,
                'Expose-Headers should not be returned.')

            # Requests with Origin which does not match, should not return
            # CORS headers.
            response = dumb_client.request(
                'GET', tempurl_info.get('target_url'), params={
                    'temp_url_sig': tempurl_info.get('signature'),
                    'temp_url_expires': tempurl_info.get('expires')},
                headers={'Origin': 'http://example.com'})
            self.assertTrue(
                'Access-Control-Allow-Origin' not in response.headers,
                'Allow-Origin header should not be returned.')
            self.assertTrue(
                'Access-Control-Expose-Headers' not in response.headers,
                'Expose-Headers should not be returned.')
        else:
            # Early implementation of CORS.

            # Requests with Origin which matches container, should not return
            # CORS headers.
            response = dumb_client.request(
                'GET', tempurl_info.get('target_url'), params={
                    'temp_url_sig': tempurl_info.get('signature'),
                    'temp_url_expires': tempurl_info.get('expires')},
                headers={'Origin': 'http://foo.com'})
            self.assertTrue(
                'Access-Control-Allow-Origin' in response.headers,
                'Allow-Origin header should be returned.')
            self.assertTrue(
                'Access-Control-Expose-Headers' in response.headers,
                'Expose-Headers should be returned.')

            # Requests with Origin which does not match, should not return
            # CORS headers.
            response = dumb_client.request(
                'GET', tempurl_info.get('target_url'), params={
                    'temp_url_sig': tempurl_info.get('signature'),
                    'temp_url_expires': tempurl_info.get('expires')},
                headers={'Origin': 'http://example.com'})
            self.assertTrue(
                'Access-Control-Allow-Origin' in response.headers,
                'Allow-Origin header should be returned with '
                'differing origin.')
            self.assertTrue(
                'Access-Control-Expose-Headers' in response.headers,
                'Expose-Headers should be returned with '
                'differing origin.')
예제 #6
0
    def test_container_cors_with_formpost(self):
        """
        Scenario:
            Create a container with CORS headers.
            POST an object to the container via FormPOST.

        Expected Results:
            If no Origin is set:
                The response should be returned with no CORS headers.
            If the Origin matches the Allow-Origin set:
                The response should be returned with the CORS headers.
            If strict_cors_mode == True and the Origin does not match:
                The response should be returned with no CORS headers.
            If strict_cors_mode == False and the Origin does not match:
                The response should be returned with the CORS headers.
        """
        expose_headers = ['Content-Length', 'Etag', 'X-Timestamp',
                          'X-Trans-Id']
        container_headers = {
            'X-Container-Meta-Access-Control-Allow-Origin':
            'http://example.com',
            'X-Container-Meta-Access-Control-Max-Age': '5',
            'X-Container-Meta-Access-Control-Expose-Headers':
            ','.join(expose_headers)}
        container_name = self.create_temp_container(
            descriptor='container-smoke', headers=container_headers)

        tempurl_key = self.behaviors.get_tempurl_key()
        files = [{'name': 'foo1'}]

        # Requests with no Origin should not return CORS headers.
        formpost_info = self.client.create_formpost(
            container_name, files, key=tempurl_key)
        dumb_client = HTTPClient()
        headers = formpost_info.get('headers')
        response = dumb_client.post(
            formpost_info.get('target_url'),
            headers=headers,
            data=formpost_info.get('body'),
            requestslib_kwargs={'allow_redirects': False})
        self.assertTrue(303, response.status_code)
        self.assertTrue('location' in response.headers)
        self.assertTrue('access-control-expose-headers' not in
                        response.headers)
        self.assertTrue('access-control-allow-origin' not in response.headers)

        # Requests with Origin which does match, should return CORS headers.
        formpost_info = self.client.create_formpost(
            container_name, files, key=tempurl_key)
        dumb_client = HTTPClient()
        headers = formpost_info.get('headers')
        headers['Origin'] = 'http://example.com'
        response = dumb_client.post(
            formpost_info.get('target_url'),
            headers=headers,
            data=formpost_info.get('body'),
            requestslib_kwargs={'allow_redirects': False})
        self.assertTrue(303, response.status_code)
        self.assertTrue('access-control-expose-headers' in response.headers)
        self.assertTrue('location' in response.headers)
        self.assertTrue('access-control-allow-origin' in response.headers)

        if self.objectstorage_api_config.strict_cors_mode:
            # CORS should work according to the spec.
            # Requests with Origin which does not match, should not return
            # CORS headers.
            formpost_info = self.client.create_formpost(
                container_name, files, key=tempurl_key)
            dumb_client = HTTPClient()
            headers = formpost_info.get('headers')
            headers['Origin'] = 'http://foo.com'
            response = dumb_client.post(
                formpost_info.get('target_url'),
                headers=headers,
                data=formpost_info.get('body'),
                requestslib_kwargs={'allow_redirects': False})
            self.assertTrue(303, response.status_code)
            self.assertTrue('access-control-expose-headers' not in
                            response.headers)
            self.assertTrue('location' not in response.headers)
            self.assertTrue('access-control-allow-origin' not in
                            response.headers)
        else:
            # Early implementation of CORS.
            # Requests with Origin which does not match, should not return
            # CORS headers.
            formpost_info = self.client.create_formpost(
                container_name, files, key=tempurl_key)
            dumb_client = HTTPClient()
            headers = formpost_info.get('headers')
            headers['Origin'] = 'http://foo.com'
            response = dumb_client.post(
                formpost_info.get('target_url'),
                headers=headers,
                data=formpost_info.get('body'),
                requestslib_kwargs={'allow_redirects': False})
            self.assertTrue(303, response.status_code)
            self.assertTrue('access-control-expose-headers' in
                            response.headers)
            self.assertTrue('location' in response.headers)
            self.assertTrue('access-control-allow-origin' in response.headers)