diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index 0e10892a73..12f4eac57e 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -415,7 +415,7 @@ use = egg:swift#staticweb [filter:tempurl] use = egg:swift#tempurl # The methods allowed with Temp URLs. -# methods = GET HEAD PUT +# methods = GET HEAD PUT POST DELETE # # The headers to remove from incoming requests. Simply a whitespace delimited # list of header names and names can optionally end with '*' to indicate a diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py index 517bb332d7..1f10b31ed4 100644 --- a/swift/common/middleware/tempurl.py +++ b/swift/common/middleware/tempurl.py @@ -212,7 +212,8 @@ class TempURL(object): :param conf: The configuration dict for the middleware. """ - def __init__(self, app, conf, methods=('GET', 'HEAD', 'PUT')): + def __init__(self, app, conf, + methods=('GET', 'HEAD', 'PUT', 'POST', 'DELETE')): #: The next WSGI application/filter in the paste.deploy pipeline. self.app = app #: The filter configuration dict. @@ -513,7 +514,7 @@ def filter_factory(global_conf, **local_conf): conf = global_conf.copy() conf.update(local_conf) - methods = conf.get('methods', 'GET HEAD PUT').split() + methods = conf.get('methods', 'GET HEAD PUT POST DELETE').split() register_swift_info('tempurl', methods=methods) return lambda app: TempURL(app, conf, methods=methods) diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index bb73993731..e9d166b5ff 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -487,7 +487,8 @@ class TestTempURL(unittest.TestCase): self.assertEquals(resp.status_int, 401) self.assertTrue('Www-Authenticate' in resp.headers) - def test_post_not_allowed(self): + def test_post_when_forbidden_by_config(self): + self.tempurl.methods.remove('POST') method = 'POST' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -504,7 +505,8 @@ class TestTempURL(unittest.TestCase): self.assertTrue('Temp URL invalid' in resp.body) self.assertTrue('Www-Authenticate' in resp.headers) - def test_delete_not_allowed(self): + def test_delete_when_forbidden_by_config(self): + self.tempurl.methods.remove('DELETE') method = 'DELETE' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -521,8 +523,7 @@ class TestTempURL(unittest.TestCase): self.assertTrue('Temp URL invalid' in resp.body) self.assertTrue('Www-Authenticate' in resp.headers) - def test_delete_allowed_with_conf(self): - self.tempurl.methods.append('DELETE') + def test_delete_allowed(self): method = 'DELETE' expires = int(time() + 86400) path = '/v1/a/c/o' @@ -708,9 +709,9 @@ class TestTempURL(unittest.TestCase): self.assertEquals(self.tempurl._get_account({ 'REQUEST_METHOD': 'PUT', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ - 'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), None) + 'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ - 'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), None) + 'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), 'a') self.assertEquals(self.tempurl._get_account({ 'REQUEST_METHOD': 'UNKNOWN', 'PATH_INFO': '/v1/a/c/o'}), None) self.assertEquals(self.tempurl._get_account({ @@ -953,14 +954,14 @@ class TestSwiftInfo(unittest.TestCase): swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), - set(('GET', 'HEAD', 'PUT'))) + set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE'))) def test_non_default_methods(self): - tempurl.filter_factory({'methods': 'GET HEAD PUT POST DELETE'}) + tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'}) swift_info = utils.get_swift_info() self.assertTrue('tempurl' in swift_info) self.assertEqual(set(swift_info['tempurl']['methods']), - set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE'))) + set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW'))) if __name__ == '__main__':