def test_removed_outgoing_header(self): self.tempurl = tempurl.filter_factory({"outgoing_remove_headers": "x-test-header-one-a"})(self.auth) method = "GET" expires = int(time() + 86400) path = "/v1/a/c/o" key = "abc" hmac_body = "%s\n%s\n%s" % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, keys=[key], environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)} ) resp = req.get_response(self.tempurl) self.assertEqual(resp.status_int, 404) self.assertTrue("x-test-header-one-a" not in resp.headers) self.assertEqual(resp.headers["x-test-header-two-a"], "value2")
def test_removed_incoming_header(self): self.tempurl = tempurl.filter_factory({ 'incoming_remove_headers': 'x-remove-this'})(self.auth) method = 'GET' expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request(path, headers={'x-remove-this': 'value'}, environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)}) req.environ['swift.cache'].set('temp-url-key/a', key) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) self.assertTrue('x-remove-this' not in self.app.request.headers)
def test_removed_outgoing_header(self): self.tempurl = tempurl.filter_factory({ 'outgoing_remove_headers': 'x-test-header-one-a'})(self.auth) method = 'GET' expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request(path, keys=[key], environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)}) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) self.assertTrue('x-test-header-one-a' not in resp.headers) self.assertEquals(resp.headers['x-test-header-two-a'], 'value2')
def test_removed_incoming_header(self): self.tempurl = tempurl.filter_factory({"incoming_remove_headers": "x-remove-this"})(self.auth) method = "GET" expires = int(time() + 86400) path = "/v1/a/c/o" key = "abc" hmac_body = "%s\n%s\n%s" % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, keys=[key], headers={"x-remove-this": "value"}, environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)}, ) resp = req.get_response(self.tempurl) self.assertEqual(resp.status_int, 404) self.assertTrue("x-remove-this" not in self.app.request.headers)
def test_disallowed_header_object_manifest(self): self.tempurl = tempurl.filter_factory({})(self.auth) expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' for method in ('PUT', 'POST'): hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, method=method, keys=[key], headers={'x-object-manifest': 'private/secret'}, environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)}) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 400) self.assertTrue('header' in resp.body) self.assertTrue('not allowed' in resp.body) self.assertTrue('X-Object-Manifest' in resp.body)
def test_allow_trumps_incoming_header_startswith_conflict(self): self.tempurl = tempurl.filter_factory({ 'incoming_remove_headers': 'x-conflict-header-*', 'incoming_allow_headers': 'x-conflict-header-*'})(self.auth) method = 'GET' expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, keys=[key], headers={'x-conflict-header-test': 'value'}, environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % ( sig, expires)}) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) self.assertTrue('x-conflict-header-test' in self.app.request.headers)
def test_disallowed_header_object_manifest(self): self.tempurl = tempurl.filter_factory({})(self.auth) expires = int(time() + 86400) path = "/v1/a/c/o" key = "abc" for method in ("PUT", "POST"): hmac_body = "%s\n%s\n%s" % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, method=method, keys=[key], headers={"x-object-manifest": "private/secret"}, environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)}, ) resp = req.get_response(self.tempurl) self.assertEqual(resp.status_int, 400) self.assertTrue("header" in resp.body) self.assertTrue("not allowed" in resp.body) self.assertTrue("X-Object-Manifest" in resp.body)
def test_removed_incoming_headers_match(self): self.tempurl = tempurl.filter_factory({ 'incoming_remove_headers': 'x-remove-this-*', 'incoming_allow_headers': 'x-remove-this-except-this'})(self.auth) method = 'GET' expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request(path, keys=[key], headers={'x-remove-this-one': 'value1', 'x-remove-this-except-this': 'value2'}, environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (sig, expires)}) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) self.assertTrue('x-remove-this-one' not in self.app.request.headers) self.assertEquals( self.app.request.headers['x-remove-this-except-this'], 'value2')
def test_allow_trumps_outgoing_header_conflict(self): self.tempurl = tempurl.filter_factory({ 'outgoing_remove_headers': 'x-conflict-header', 'outgoing_allow_headers': 'x-conflict-header'})(self.auth) method = 'GET' expires = int(time() + 86400) path = '/v1/a/c/o' key = 'abc' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, keys=[key], headers={}, environ={'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % ( sig, expires)}) self.tempurl.app = FakeApp(iter([('200 Ok', { 'X-Conflict-Header': 'value'}, '123')])) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 200) self.assertTrue('x-conflict-header' in resp.headers) self.assertEqual(resp.headers['x-conflict-header'], 'value')
def test_allow_trumps_outgoing_header_startswith_conflict(self): self.tempurl = tempurl.filter_factory( {"outgoing_remove_headers": "x-conflict-header-*", "outgoing_allow_headers": "x-conflict-header-*"} )(self.auth) method = "GET" expires = int(time() + 86400) path = "/v1/a/c/o" key = "abc" hmac_body = "%s\n%s\n%s" % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() req = self._make_request( path, keys=[key], headers={}, environ={"QUERY_STRING": "temp_url_sig=%s&temp_url_expires=%s" % (sig, expires)}, ) self.tempurl.app = FakeApp(iter([("200 Ok", {"X-Conflict-Header-Test": "value"}, "123")])) resp = req.get_response(self.tempurl) self.assertEqual(resp.status_int, 200) self.assertTrue("x-conflict-header-test" in resp.headers) self.assertEqual(resp.headers["x-conflict-header-test"], "value")
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({})(self.app) self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self): self.app = FakeApp() self.auth = tempauth_only_once.filter_factory({'reseller_prefix': ''})(self.app) self.tempurl = tempurl.filter_factory({})(self.auth)
def test_registered_defaults(self): tempurl.filter_factory({}) swift_info = utils.get_swift_info() self.assertTrue("tempurl" in swift_info) self.assertEqual(set(swift_info["tempurl"]["methods"]), set(("GET", "HEAD", "PUT", "POST", "DELETE")))
def test_non_default_methods(self): tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))
def test_registered_defaults(self): tempurl.filter_factory({}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({})(self.app) self.tempurl = tempurl.filter_factory({})(self.auth)
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({})(self.app) self.auth.reseller_prefix = 'a' self.tempurl = tempurl.filter_factory({})(self.auth)
def test_non_default_methods(self): tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))
def test_non_default_methods(self): tempurl.filter_factory({"methods": "GET HEAD PUT DELETE BREW"}) swift_info = utils.get_swift_info() self.assertTrue("tempurl" in swift_info) self.assertEqual(set(swift_info["tempurl"]["methods"]), set(("GET", "HEAD", "PUT", "DELETE", "BREW")))
def setUp(self): self.app = FakeApp() self.auth = tempauth.filter_factory({})(self.app) self.auth.reseller_prefix = 'a' self.tempurl = tempurl.filter_factory({})(self.auth)
def test_registered_defaults(self): tempurl.filter_factory({}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))