Merge "Fix HEAD tempurls"

2013-12-06 03:33:08 +00:00 · 2013-12-06 03:33:08 +00:00 · c36eeb3502
commit c36eeb3502
parent 7d8887c7cc d18b6d8d5d
2 changed files with 28 additions and 9 deletions
--- a/swift/common/middleware/tempurl.py
+++ b/swift/common/middleware/tempurl.py
@ -267,17 +267,16 @@ class TempURL(object):
        if not keys:
            return self._invalid(env, start_response)
        if env['REQUEST_METHOD'] == 'HEAD':
-            hmac_vals = self._get_hmacs(env, temp_url_expires, keys,
-                                        request_method='GET')
-            if temp_url_sig not in hmac_vals:
-                hmac_vals = self._get_hmacs(env, temp_url_expires, keys,
-                                            request_method='PUT')
-                if temp_url_sig not in hmac_vals:
-                    return self._invalid(env, start_response)
+            hmac_vals = (
+                self._get_hmacs(env, temp_url_expires, keys) +
+                self._get_hmacs(env, temp_url_expires, keys,
+                                request_method='GET') +
+                self._get_hmacs(env, temp_url_expires, keys,
+                                request_method='PUT'))
        else:
            hmac_vals = self._get_hmacs(env, temp_url_expires, keys)
-            if temp_url_sig not in hmac_vals:
-                return self._invalid(env, start_response)
+        if temp_url_sig not in hmac_vals:
+            return self._invalid(env, start_response)
        self._clean_incoming_headers(env)
        env['swift.authorize'] = lambda req: None
        env['swift.authorize_override'] = True
@ -387,6 +386,11 @@ class TempURL(object):
                        expires.
        :param keys: Key strings, from the X-Account-Meta-Temp-URL-Key[-2] of
                     the account.
+        :param request_method: Optional override of the request in
+                               the WSGI env. For example, if a HEAD
+                               does not match, you may wish to
+                               override with GET to still allow the
+                               HEAD.
        """
        if not request_method:
            request_method = env['REQUEST_METHOD']
--- a/test/unit/common/middleware/test_tempurl.py
+++ b/test/unit/common/middleware/test_tempurl.py
@ -146,6 +146,21 @@ class TestTempURL(unittest.TestCase):
        self.assertEquals(req.environ['swift.authorize_override'], True)
        self.assertEquals(req.environ['REMOTE_USER'], '.wsgi.tempurl')

+    def test_head_valid(self):
+        method = 'HEAD'
+        expires = int(time() + 86400)
+        path = '/v1/a/c/o'
+        key = 'abc'
+        hmac_body = '%s\n%s\n%s' % (method, expires, path)
+        sig = hmac.new(key, hmac_body, sha1).hexdigest()
+        req = self._make_request(path, keys=[key], environ={
+            'REQUEST_METHOD': 'HEAD',
+            'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s'
+            % (sig, expires)})
+        self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))
+        resp = req.get_response(self.tempurl)
+        self.assertEquals(resp.status_int, 200)
+
    def test_get_valid_with_filename_and_inline(self):
        method = 'GET'
        expires = int(time() + 86400)