fixed auth_copy bug, and early denial for proxy.server.ObjectController.COPY method; added tests
This commit is contained in:
Clay Gerrard
parent
2c11c6ca1b
commit
208d7b8e00
@ -629,7 +629,8 @@ class ObjectController(Controller):
|
||||
return HTTPPreconditionFailed(request=req,
|
||||
body='X-Copy-From header must be of the form'
|
||||
'<container name>/<object name>')
|
||||
source_req = Request.blank(source_header, environ=req.environ)
|
||||
source_req = req.copy_get()
|
||||
source_req.path_info = source_header
|
||||
orig_obj_name = self.object_name
|
||||
orig_container_name = self.container_name
|
||||
self.object_name = src_obj_name
|
||||
@ -820,6 +821,7 @@ class ObjectController(Controller):
|
||||
'Object DELETE')
|
||||
|
||||
@public
|
||||
@delay_denial
|
||||
def COPY(self, req):
|
||||
"""HTTP COPY request handler."""
|
||||
dest = req.headers.get('Destination')
|
||||
@ -845,8 +847,8 @@ class ObjectController(Controller):
|
||||
new_headers['Content-Length'] = 0
|
||||
del new_headers['Destination']
|
||||
new_path = '/' + self.account_name + dest
|
||||
new_req = Request.blank(new_path,
|
||||
environ={'REQUEST_METHOD': 'PUT'}, headers=new_headers)
|
||||
new_req = Request.blank(new_path, environ=req.environ,
|
||||
headers=new_headers)
|
||||
return self.PUT(new_req)
|
||||
|
||||
|
||||
|
||||
@ -131,17 +131,28 @@ class TestObject(unittest.TestCase):
|
||||
resp = retry(put, use_account=3)
|
||||
resp.read()
|
||||
self.assertEquals(resp.status, 201)
|
||||
# verify third account STILL can not copy from private container
|
||||
def copy(url, token, parsed, conn):
|
||||
conn.request('PUT', '%s/%s/%s' % (parsed.path,
|
||||
shared_container,
|
||||
'private_object'),
|
||||
# verify third account can copy "obj1" to shared container
|
||||
def copy2(url, token, parsed, conn):
|
||||
conn.request('COPY', '%s/%s/%s' % (parsed.path,
|
||||
shared_container,
|
||||
'obj1'),
|
||||
'', {'X-Auth-Token': token,
|
||||
'Content-Length': '0',
|
||||
'X-Copy-From': '%s/%s' % (self.container,
|
||||
self.obj)})
|
||||
'Destination': '%s/%s' % (shared_container,
|
||||
'obj1')})
|
||||
return check_response(conn)
|
||||
resp = retry(copy, use_account=3)
|
||||
resp = retry(copy2, use_account=3)
|
||||
resp.read()
|
||||
self.assertEquals(resp.status, 201)
|
||||
# verify third account STILL can not copy from private container
|
||||
def copy3(url, token, parsed, conn):
|
||||
conn.request('COPY', '%s/%s/%s' % (parsed.path,
|
||||
self.container,
|
||||
self.obj),
|
||||
'', {'X-Auth-Token': token,
|
||||
'Destination': '%s/%s' % (shared_container,
|
||||
'private_object')})
|
||||
return check_response(conn)
|
||||
resp = retry(copy3, use_account=3)
|
||||
resp.read()
|
||||
self.assertEquals(resp.status, 403)
|
||||
# clean up "obj1"
|
||||
|
||||
@ -1904,6 +1904,23 @@ class TestObjectController(unittest.TestCase):
|
||||
res = controller.PUT(req)
|
||||
self.assert_(called[0])
|
||||
|
||||
def test_COPY_calls_authorize(self):
|
||||
called = [False]
|
||||
|
||||
def authorize(req):
|
||||
called[0] = True
|
||||
return HTTPUnauthorized(request=req)
|
||||
with save_globals():
|
||||
proxy_server.http_connect = \
|
||||
fake_http_connect(200, 200, 200, 200, 200, 201, 201, 201)
|
||||
controller = proxy_server.ObjectController(self.app, 'account',
|
||||
'container', 'object')
|
||||
req = Request.blank('/a/c/o', environ={'REQUEST_METHOD': 'COPY'},
|
||||
headers={'Destination': 'c/o'})
|
||||
req.environ['swift.authorize'] = authorize
|
||||
self.app.update_request(req)
|
||||
res = controller.COPY(req)
|
||||
self.assert_(called[0])
|
||||
|
||||
class TestContainerController(unittest.TestCase):
|
||||
"Test swift.proxy_server.ContainerController"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user