Fix bug 607501. Raise 403, not exception if Authorization header not passed. Also added missing call to request.finish() & Python exception-handling style tweak
This commit is contained in:
commit
47d859a572
|
@ -103,13 +103,16 @@ def get_argument(request, key, default_value):
|
|||
def get_context(request):
|
||||
try:
|
||||
# Authorization Header format: 'AWS <access>:<secret>'
|
||||
access, sep, secret = request.getHeader('Authorization').split(' ')[1].rpartition(':')
|
||||
authorization_header = request.getHeader('Authorization')
|
||||
if not authorization_header:
|
||||
raise exception.NotAuthorized
|
||||
access, sep, secret = authorization_header.split(' ')[1].rpartition(':')
|
||||
um = users.UserManager.instance()
|
||||
print 'um %s' % um
|
||||
(user, project) = um.authenticate(access, secret, {}, request.method, request.host, request.uri, False)
|
||||
# FIXME: check signature here!
|
||||
return api.APIRequestContext(None, user, project)
|
||||
except exception.Error, ex:
|
||||
except exception.Error as ex:
|
||||
logging.debug("Authentication Failure: %s" % ex)
|
||||
raise exception.NotAuthorized
|
||||
|
||||
|
@ -165,7 +168,7 @@ class BucketResource(Resource):
|
|||
logging.debug("Creating bucket %s" % (self.name))
|
||||
try:
|
||||
print 'user is %s' % request.context
|
||||
except Exception, e:
|
||||
except Exception as e:
|
||||
logging.exception(e)
|
||||
logging.debug("calling bucket.Bucket.create(%r, %r)" % (self.name, request.context))
|
||||
bucket.Bucket.create(self.name, request.context)
|
||||
|
@ -239,9 +242,10 @@ class ImageResource(Resource):
|
|||
""" returns a json listing of all images
|
||||
that a user has permissions to see """
|
||||
|
||||
images = [i for i in image.Image.all() if i.is_authorized(self.context)]
|
||||
images = [i for i in image.Image.all() if i.is_authorized(request.context)]
|
||||
|
||||
request.write(json.dumps([i.metadata for i in images]))
|
||||
request.finish()
|
||||
return server.NOT_DONE_YET
|
||||
|
||||
def render_PUT(self, request):
|
||||
|
|
Loading…
Reference in New Issue