Merge "Fix keystoneauth with OPTIONS headers (eg: CORS)"

2013-01-29 23:26:01 +00:00 · 2013-01-29 23:26:01 +00:00 · 5c93cb5766
commit 5c93cb5766
parent 988b1bac40 0dc32d31c5
2 changed files with 24 additions and 1 deletions
--- a/swift/common/middleware/keystoneauth.py
+++ b/swift/common/middleware/keystoneauth.py
@ -169,6 +169,10 @@ class KeystoneAuth(object):
        user = env_identity.get('user', '')
        referrers, roles = swift_acl.parse_acl(getattr(req, 'acl', None))

+        #allow OPTIONS requests to proceed as normal
+        if req.method == 'OPTIONS':
+            return
+
        try:
            part = swift_utils.split_path(req.path, 1, 4, True)
            version, account, container, obj = part
@ -244,6 +248,10 @@ class KeystoneAuth(object):
        except ValueError:
            return HTTPNotFound(request=req)

+        #allow OPTIONS requests to proceed as normal
+        if req.method == 'OPTIONS':
+            return
+
        is_authoritative_authz = (account and
                                  account.startswith(self.reseller_prefix))
        if not is_authoritative_authz:
--- a/test/unit/common/middleware/test_keystoneauth.py
+++ b/test/unit/common/middleware/test_keystoneauth.py
@ -49,7 +49,7 @@ class SwiftAuth(unittest.TestCase):
        return Request.blank(path, headers=headers, **kwargs)

    def _get_identity_headers(self, status='Confirmed', tenant_id='1',
-                          tenant_name='acct', user='usr', role=''):
+                              tenant_name='acct', user='usr', role=''):
        return dict(X_IDENTITY_STATUS=status,
                    X_TENANT_ID=tenant_id,
                    X_TENANT_NAME=tenant_name,
@ -113,6 +113,21 @@ class SwiftAuth(unittest.TestCase):
        resp = req.get_response(self.test_auth)
        self.assertEquals(resp.status_int, 404)

+    def test_anonymous_options_allowed(self):
+        req = self._make_request('/v1/AUTH_account',
+                                 environ={'REQUEST_METHOD': 'OPTIONS'})
+        resp = req.get_response(self._get_successful_middleware())
+        self.assertEqual(resp.status_int, 200)
+
+    def test_identified_options_allowed(self):
+        headers = self._get_identity_headers()
+        headers['REQUEST_METHOD'] = 'OPTIONS'
+        req = self._make_request('/v1/AUTH_account',
+                                 headers=self._get_identity_headers(),
+                                 environ={'REQUEST_METHOD': 'OPTIONS'})
+        resp = req.get_response(self._get_successful_middleware())
+        self.assertEqual(resp.status_int, 200)
+

 class TestAuthorize(unittest.TestCase):
    def setUp(self):