From b2fbc742c6e61b5607f5a31cd9cac49e29c25284 Mon Sep 17 00:00:00 2001
From: Tim Burke <tim.burke@gmail.com>
Date: Fri, 19 Jan 2018 22:20:59 +0000
Subject: [PATCH] Clean up comment about 404s leaking out during COPYs

Apparently that isn't a thing we have to worry about any more? Probably
got fixed when we pulled COPY out to middleware.

Add some tests where we definitely expect 403s across the board, too.

Change-Id: Idb5c0b25969b839cc71c487208447bdd6817c2cf
---
 test/functional/tests.py | 46 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/test/functional/tests.py b/test/functional/tests.py
index 6ed11ed396..0ef6e84629 100644
--- a/test/functional/tests.py
+++ b/test/functional/tests.py
@@ -1781,9 +1781,7 @@ class TestFile(Base):
                                                    (prefix,
                                                     Utils.create_name(),
                                                     source_filename)})
-            # looks like cached responses leak "not found"
-            # to un-authorized users, not going to fix it now, but...
-            self.assert_status([403, 404])
+            self.assert_status(403)
 
             # invalid source object
             file_item = self.env.container.file(Utils.create_name())
@@ -1806,6 +1804,48 @@ class TestFile(Base):
                                                     source_filename)})
             self.assert_status(404)
 
+    def testCopyFromAccountHeader403s(self):
+        acct = self.env.conn2.account_name
+        src_cont = self.env.account2.container(Utils.create_name())
+        self.assertTrue(src_cont.create())  # Primary user has no access
+        source_filename = Utils.create_name()
+        file_item = src_cont.file(source_filename)
+        file_item.write_random()
+        dest_cont = self.env.account.container(Utils.create_name())
+        self.assertTrue(dest_cont.create())
+
+        for prefix in ('', '/'):
+            # invalid source container
+            file_item = dest_cont.file(Utils.create_name())
+            self.assertRaises(ResponseError, file_item.write,
+                              hdrs={'X-Copy-From-Account': acct,
+                                    'X-Copy-From': '%s%s/%s' %
+                                                   (prefix,
+                                                    Utils.create_name(),
+                                                    source_filename)})
+            self.assert_status(403)
+
+            # invalid source object
+            file_item = self.env.container.file(Utils.create_name())
+            self.assertRaises(ResponseError, file_item.write,
+                              hdrs={'X-Copy-From-Account': acct,
+                                    'X-Copy-From': '%s%s/%s' %
+                                                   (prefix,
+                                                    src_cont,
+                                                    Utils.create_name())})
+            self.assert_status(403)
+
+            # invalid destination container
+            dest_cont = self.env.account.container(Utils.create_name())
+            file_item = dest_cont.file(Utils.create_name())
+            self.assertRaises(ResponseError, file_item.write,
+                              hdrs={'X-Copy-From-Account': acct,
+                                    'X-Copy-From': '%s%s/%s' %
+                                                   (prefix,
+                                                    src_cont,
+                                                    source_filename)})
+            self.assert_status(403)
+
     def testNameLimit(self):
         limit = load_constraint('max_object_name_length')