openstack/swift
Code Issues Proposed changes

Merge "Unquote URL before using splited parts."

Browse Source
This commit is contained in:
Zuul
2018-09-28 22:55:46 +00:00
committed by Gerrit Code Review
parent 07e25b8698 8c7ca01ea7
commit 16fe18ae3b
2 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/common/middleware/s3api/s3token.py
View File

@@ -199,7 +199,7 @@ class S3Token(object):
req.headers.update({h: None for h in KEYSTONE_AUTH_HEADERS}) req.headers.update({h: None for h in KEYSTONE_AUTH_HEADERS})
try: try:
parts = split_path(req.path, 1, 4, True) parts = split_path(urllib.parse.unquote(req.path), 1, 4, True)
version, account, container, obj = parts version, account, container, obj = parts
except ValueError: except ValueError:
msg = 'Not a path query: %s, skipping.' % req.path msg = 'Not a path query: %s, skipping.' % req.path

44
test/unit/common/middleware/s3api/test_s3token.py
View File

@@ -482,6 +482,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
req.get_response(self.middleware) req.get_response(self.middleware)
self._assert_authorized(req) self._assert_authorized(req)
def test_authorize_with_access_key(self):
req = Request.blank('/v1/accesskey/c/o')
req.environ['s3api.auth_details'] = {
'access_key': u'access',
'signature': u'signature',
'string_to_sign': u'token',
}
req.get_response(self.middleware)
self._assert_authorized(req, account_path='/v1/')
self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_TENANT_ID/c/o')
def test_authorize_with_access_key_and_unquote_chars(self):
req = Request.blank('/v1/access%key=/c/o')
req.environ['s3api.auth_details'] = {
'access_key': u'access',
'signature': u'signature',
'string_to_sign': u'token',
}
req.get_response(self.middleware)
self._assert_authorized(req, account_path='/v1/')
self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_TENANT_ID/c/o')
class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase): class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
def test_unauthorized_token(self): def test_unauthorized_token(self):
@@ -819,3 +841,25 @@ class S3TokenMiddlewareTestV3(S3TokenMiddlewareTestBase):
self._test_bad_reply_missing_parts('token', 'project', 'domain') self._test_bad_reply_missing_parts('token', 'project', 'domain')
self._test_bad_reply_missing_parts('token', 'project') self._test_bad_reply_missing_parts('token', 'project')
self._test_bad_reply_missing_parts('token', 'roles') self._test_bad_reply_missing_parts('token', 'roles')
def test_authorize_with_access_key(self):
req = Request.blank('/v1/accesskey/c/o')
req.environ['s3api.auth_details'] = {
'access_key': u'access',
'signature': u'signature',
'string_to_sign': u'token',
}
req.get_response(self.middleware)
self._assert_authorized(req, account_path='/v1/')
self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')
def test_authorize_with_access_key_and_unquote_chars(self):
req = Request.blank('/v1/ab%c=/c/o')
req.environ['s3api.auth_details'] = {
'access_key': u'access',
'signature': u'signature',
'string_to_sign': u'token',
}
req.get_response(self.middleware)
self._assert_authorized(req, account_path='/v1/')
self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')