Merge "Unquote URL before using splited parts."

2018-09-28 22:55:46 +00:00
parent 07e25b8698 8c7ca01ea7
commit 16fe18ae3b
2 changed files with 45 additions and 1 deletions
--- a/swift/common/middleware/s3api/s3token.py
+++ b/swift/common/middleware/s3api/s3token.py
@@ -199,7 +199,7 @@ class S3Token(object):
            req.headers.update({h: None for h in KEYSTONE_AUTH_HEADERS})

        try:
-            parts = split_path(req.path, 1, 4, True)
+            parts = split_path(urllib.parse.unquote(req.path), 1, 4, True)
            version, account, container, obj = parts
        except ValueError:
            msg = 'Not a path query: %s, skipping.' % req.path
--- a/test/unit/common/middleware/s3api/test_s3token.py
+++ b/test/unit/common/middleware/s3api/test_s3token.py
@@ -482,6 +482,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
        req.get_response(self.middleware)
        self._assert_authorized(req)

+    def test_authorize_with_access_key(self):
+        req = Request.blank('/v1/accesskey/c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_TENANT_ID/c/o')
+
+    def test_authorize_with_access_key_and_unquote_chars(self):
+        req = Request.blank('/v1/access%key=/c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_TENANT_ID/c/o')
+

 class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
    def test_unauthorized_token(self):
@@ -819,3 +841,25 @@ class S3TokenMiddlewareTestV3(S3TokenMiddlewareTestBase):
        self._test_bad_reply_missing_parts('token', 'project', 'domain')
        self._test_bad_reply_missing_parts('token', 'project')
        self._test_bad_reply_missing_parts('token', 'roles')
+
+    def test_authorize_with_access_key(self):
+        req = Request.blank('/v1/accesskey/c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')
+
+    def test_authorize_with_access_key_and_unquote_chars(self):
+        req = Request.blank('/v1/ab%c=/c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')