Add POST and DELETE to tempurl default methods
The tempurl middleware supports any configured HTTP methods, but the default set was only GET, PUT, and HEAD, so cluster operators had to take action to enable POST and DELETE. This commit changes the defaults to include POST and DELETE. Note that this doesn't affect any existing temporary URLs at all; the method is baked into the signature (temp_url_sig query param), so no new access is granted to a holder of a temporary URL by this change. It simply gives more flexibility to creators of temporary URLs. Change-Id: I5bc15bbd2968ab7bedcd7c0df10f2ec825537191
This commit is contained in:
parent
698919e67b
commit
134e864fa1
@ -415,7 +415,7 @@ use = egg:swift#staticweb
|
|||||||
[filter:tempurl]
|
[filter:tempurl]
|
||||||
use = egg:swift#tempurl
|
use = egg:swift#tempurl
|
||||||
# The methods allowed with Temp URLs.
|
# The methods allowed with Temp URLs.
|
||||||
# methods = GET HEAD PUT
|
# methods = GET HEAD PUT POST DELETE
|
||||||
#
|
#
|
||||||
# The headers to remove from incoming requests. Simply a whitespace delimited
|
# The headers to remove from incoming requests. Simply a whitespace delimited
|
||||||
# list of header names and names can optionally end with '*' to indicate a
|
# list of header names and names can optionally end with '*' to indicate a
|
||||||
|
@ -212,7 +212,8 @@ class TempURL(object):
|
|||||||
:param conf: The configuration dict for the middleware.
|
:param conf: The configuration dict for the middleware.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, app, conf, methods=('GET', 'HEAD', 'PUT')):
|
def __init__(self, app, conf,
|
||||||
|
methods=('GET', 'HEAD', 'PUT', 'POST', 'DELETE')):
|
||||||
#: The next WSGI application/filter in the paste.deploy pipeline.
|
#: The next WSGI application/filter in the paste.deploy pipeline.
|
||||||
self.app = app
|
self.app = app
|
||||||
#: The filter configuration dict.
|
#: The filter configuration dict.
|
||||||
@ -513,7 +514,7 @@ def filter_factory(global_conf, **local_conf):
|
|||||||
conf = global_conf.copy()
|
conf = global_conf.copy()
|
||||||
conf.update(local_conf)
|
conf.update(local_conf)
|
||||||
|
|
||||||
methods = conf.get('methods', 'GET HEAD PUT').split()
|
methods = conf.get('methods', 'GET HEAD PUT POST DELETE').split()
|
||||||
register_swift_info('tempurl', methods=methods)
|
register_swift_info('tempurl', methods=methods)
|
||||||
|
|
||||||
return lambda app: TempURL(app, conf, methods=methods)
|
return lambda app: TempURL(app, conf, methods=methods)
|
||||||
|
@ -487,7 +487,8 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.assertEquals(resp.status_int, 401)
|
self.assertEquals(resp.status_int, 401)
|
||||||
self.assertTrue('Www-Authenticate' in resp.headers)
|
self.assertTrue('Www-Authenticate' in resp.headers)
|
||||||
|
|
||||||
def test_post_not_allowed(self):
|
def test_post_when_forbidden_by_config(self):
|
||||||
|
self.tempurl.methods.remove('POST')
|
||||||
method = 'POST'
|
method = 'POST'
|
||||||
expires = int(time() + 86400)
|
expires = int(time() + 86400)
|
||||||
path = '/v1/a/c/o'
|
path = '/v1/a/c/o'
|
||||||
@ -504,7 +505,8 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.assertTrue('Temp URL invalid' in resp.body)
|
self.assertTrue('Temp URL invalid' in resp.body)
|
||||||
self.assertTrue('Www-Authenticate' in resp.headers)
|
self.assertTrue('Www-Authenticate' in resp.headers)
|
||||||
|
|
||||||
def test_delete_not_allowed(self):
|
def test_delete_when_forbidden_by_config(self):
|
||||||
|
self.tempurl.methods.remove('DELETE')
|
||||||
method = 'DELETE'
|
method = 'DELETE'
|
||||||
expires = int(time() + 86400)
|
expires = int(time() + 86400)
|
||||||
path = '/v1/a/c/o'
|
path = '/v1/a/c/o'
|
||||||
@ -521,8 +523,7 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.assertTrue('Temp URL invalid' in resp.body)
|
self.assertTrue('Temp URL invalid' in resp.body)
|
||||||
self.assertTrue('Www-Authenticate' in resp.headers)
|
self.assertTrue('Www-Authenticate' in resp.headers)
|
||||||
|
|
||||||
def test_delete_allowed_with_conf(self):
|
def test_delete_allowed(self):
|
||||||
self.tempurl.methods.append('DELETE')
|
|
||||||
method = 'DELETE'
|
method = 'DELETE'
|
||||||
expires = int(time() + 86400)
|
expires = int(time() + 86400)
|
||||||
path = '/v1/a/c/o'
|
path = '/v1/a/c/o'
|
||||||
@ -708,9 +709,9 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.assertEquals(self.tempurl._get_account({
|
self.assertEquals(self.tempurl._get_account({
|
||||||
'REQUEST_METHOD': 'PUT', 'PATH_INFO': '/v1/a/c/o'}), 'a')
|
'REQUEST_METHOD': 'PUT', 'PATH_INFO': '/v1/a/c/o'}), 'a')
|
||||||
self.assertEquals(self.tempurl._get_account({
|
self.assertEquals(self.tempurl._get_account({
|
||||||
'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), None)
|
'REQUEST_METHOD': 'POST', 'PATH_INFO': '/v1/a/c/o'}), 'a')
|
||||||
self.assertEquals(self.tempurl._get_account({
|
self.assertEquals(self.tempurl._get_account({
|
||||||
'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), None)
|
'REQUEST_METHOD': 'DELETE', 'PATH_INFO': '/v1/a/c/o'}), 'a')
|
||||||
self.assertEquals(self.tempurl._get_account({
|
self.assertEquals(self.tempurl._get_account({
|
||||||
'REQUEST_METHOD': 'UNKNOWN', 'PATH_INFO': '/v1/a/c/o'}), None)
|
'REQUEST_METHOD': 'UNKNOWN', 'PATH_INFO': '/v1/a/c/o'}), None)
|
||||||
self.assertEquals(self.tempurl._get_account({
|
self.assertEquals(self.tempurl._get_account({
|
||||||
@ -953,14 +954,14 @@ class TestSwiftInfo(unittest.TestCase):
|
|||||||
swift_info = utils.get_swift_info()
|
swift_info = utils.get_swift_info()
|
||||||
self.assertTrue('tempurl' in swift_info)
|
self.assertTrue('tempurl' in swift_info)
|
||||||
self.assertEqual(set(swift_info['tempurl']['methods']),
|
self.assertEqual(set(swift_info['tempurl']['methods']),
|
||||||
set(('GET', 'HEAD', 'PUT')))
|
set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
|
||||||
|
|
||||||
def test_non_default_methods(self):
|
def test_non_default_methods(self):
|
||||||
tempurl.filter_factory({'methods': 'GET HEAD PUT POST DELETE'})
|
tempurl.filter_factory({'methods': 'GET HEAD PUT DELETE BREW'})
|
||||||
swift_info = utils.get_swift_info()
|
swift_info = utils.get_swift_info()
|
||||||
self.assertTrue('tempurl' in swift_info)
|
self.assertTrue('tempurl' in swift_info)
|
||||||
self.assertEqual(set(swift_info['tempurl']['methods']),
|
self.assertEqual(set(swift_info['tempurl']['methods']),
|
||||||
set(('GET', 'HEAD', 'PUT', 'POST', 'DELETE')))
|
set(('GET', 'HEAD', 'PUT', 'DELETE', 'BREW')))
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
Loading…
Reference in New Issue
Block a user