From 2525ca1c07d95ea817f8d6938377f393efd0f1c3 Mon Sep 17 00:00:00 2001
From: Christopher Bartz <bartz@dkrz.de>
Date: Fri, 18 Sep 2015 10:20:28 +0200
Subject: [PATCH] formpost should allow subprefix-based signature

formpost currently requires that the signature used to validate a file
upload contains the same object_prefix as the object_prefix specified
in the action url of the form.
We propose that the middleware should also accept signatures calculated
with a subprefix of the object_prefix in the action url. Thus, formpost
would accept all uploads to pseudofolders which contain a common
subprefix.
With this, sharing of data with external people is made much easier via
webbased applications, because only one signature is needed in order to
create forms for every pseudofolder in a container.

Change-Id: I4237f141022382131977ff16760f5645d0391ea5
---
 .../formpost_subprefix_signature.rst          | 132 ++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 specs/in_progress/formpost_subprefix_signature.rst

diff --git a/specs/in_progress/formpost_subprefix_signature.rst b/specs/in_progress/formpost_subprefix_signature.rst
new file mode 100644
index 0000000..1590b65
--- /dev/null
+++ b/specs/in_progress/formpost_subprefix_signature.rst
@@ -0,0 +1,132 @@
+::
+
+  This work is licensed under a Creative Commons Attribution 3.0
+  Unported License.
+  http://creativecommons.org/licenses/by/3.0/legalcode
+
+..
+
+================================================
+formpost should allow subprefix-based signatures
+================================================
+
+The signature used by formpost to validate a file upload should also be considered valid,
+if the object_prefix, which is used to calculate the signature, is a real subprefix of the
+object_prefix used in the action url of the form.
+With this, sharing of data with external people is made much easier
+via webbased applications, because just one signature is needed to create forms for every
+pseudofolder in a container.
+
+
+Problem Description
+===================
+
+At the moment, if one wants to use a form to upload data, the signature of the form must be
+calculated using the same object_prefix as the object_prefix in the url of the action attribute
+of the form.
+We propose to allow dynamically created forms, which are valid for all object_prefixes which contain
+a common prefix.
+
+With this, one could generate one signature, which is valid for all pseudofolders in a container.
+This signature could be used in a webapplication, to share every possible pseudofolder
+of a container with external people. The user who wants to share his container would not be obliged
+to generate a signature for every pseudofolder.
+
+
+Proposed Change
+===============
+
+The formpost middleware should be changed. The code change would be really small.
+If a subprefix-based signature is desired, the hmac_body of the signature must contain a "subprefix"
+field to make sure that the creator of the signature explicitly allows uploading of objects into
+sub-pseudofolders. Beyond that, the form must contain a hidden field "subprefix", too.
+Formpost would use the value of this field to calculate a hash based on that
+value. Furthermore, the middleware would check if the object path really contains this prefix.
+
+Lets have one example: A user wants to share the pseudofolder "folder" with external users in
+a web-based fashion. He (or a webapplication) calcluates the signature with the path
+"/v1/my_account/container/folder" and subprefix "folder":
+::
+
+    import hmac
+    from hashlib import sha1
+    from time import time
+    path = '/v1/my_account/container/folder'
+    redirect = 'https://myserver.com/some-page'
+    max_file_size = 104857600
+    max_file_count = 10
+    expires = int(time() + 600)
+    key = 'MYKEY'
+    hmac_body = '%s\n%s\n%s\n%s\n%s\n%s' % (path, redirect,
+    max_file_size, max_file_count, expires, "folder")
+    signature = hmac.new(key, hmac_body, sha1).hexdigest()
+
+If an external user is willing to post to the subfolder folder/subfolder/, a form which contains
+the above calculated signature and the hidden field subprefix would be used:
+::
+
+    <![CDATA[
+    <form action="https://myswift/v1/my_account_container/folder/subfolder/"
+        method="POST"
+        enctype="multipart/form-data">
+        <input type="hidden" name="redirect" value="REDIRECT_URL"/>
+        <input type="hidden" name="max_file_size" value="BYTES"/>
+        <input type="hidden" name="max_file_count" value="COUNT"/>
+        <input type="hidden" name="expires" value="UNIX_TIMESTAMP"/>
+        <input type="hidden" name="signature" value="HMAC"/>
+        <input type="hidden" name="subprefix" value="folder"
+        <input type="file" name="FILE_NAME"/>
+        <br/>
+        <input type="submit"/>
+    </form>
+    ]]>
+
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  bartz
+
+Work Items
+----------
+
+Add modifications to formpost and respective test module.
+
+Repositories
+------------
+
+None
+
+Servers
+-------
+
+None
+
+DNS Entries
+-----------
+
+None
+
+Documentation
+-------------
+
+Modify documentation for formpost middleware.
+
+Security
+--------
+
+None
+
+Testing
+-------
+
+Tests should be added to the existing test module.
+
+Dependencies
+============
+
+None