diff --git a/swift/common/middleware/formpost.py b/swift/common/middleware/formpost.py index ba61c64797..cf24a40c60 100644 --- a/swift/common/middleware/formpost.py +++ b/swift/common/middleware/formpost.py @@ -444,6 +444,7 @@ class FormPost(object): return '401 Unauthorized', 'invalid signature' subenv['swift.authorize'] = lambda req: None subenv['swift.authorize_override'] = True + subenv['REMOTE_USER'] = '.wsgi.formpost' substatus = [None] def _start_response(status, headers, exc_info=None): @@ -482,6 +483,7 @@ class FormPost(object): newenv[name] = env[name] newenv['swift.authorize'] = lambda req: None newenv['swift.authorize_override'] = True + newenv['REMOTE_USER'] = '.wsgi.formpost' key = [None] def _start_response(status, response_headers, exc_info=None): diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py index 46d6d52abf..d143879e72 100644 --- a/swift/common/middleware/tempurl.py +++ b/swift/common/middleware/tempurl.py @@ -243,6 +243,7 @@ class TempURL(object): self._clean_incoming_headers(env) env['swift.authorize'] = lambda req: None env['swift.authorize_override'] = True + env['REMOTE_USER'] = '.wsgi.tempurl' def _start_response(status, headers, exc_info=None): headers = self._clean_outgoing_headers(headers) @@ -329,6 +330,7 @@ class TempURL(object): newenv[name] = env[name] newenv['swift.authorize'] = lambda req: None newenv['swift.authorize_override'] = True + newenv['REMOTE_USER'] = '.wsgi.tempurl' key = [None] def _start_response(status, response_headers, exc_info=None): diff --git a/test/unit/common/middleware/test_formpost.py b/test/unit/common/middleware/test_formpost.py index 63cfbdbf4f..f94fc9c60b 100644 --- a/test/unit/common/middleware/test_formpost.py +++ b/test/unit/common/middleware/test_formpost.py @@ -73,6 +73,10 @@ class FakeApp(object): body += chunk env['wsgi.input'] = StringIO(body) self.requests.append(Request.blank('', environ=env)) + if env.get('swift.authorize_override') and \ + env.get('REMOTE_USER') != '.wsgi.formpost': + raise Exception('Invalid REMOTE_USER %r with ' + 'swift.authorize_override' % (env.get('REMOTE_USER'),)) if 'swift.authorize' in env: resp = env['swift.authorize'](self.requests[-1]) if resp: diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index 7a898d4878..eb91c65bbe 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -108,6 +108,8 @@ class TestTempURL(unittest.TestCase): self.assertEquals(resp.status_int, 404) self.assertEquals(resp.headers['content-disposition'], 'attachment; filename=o') + self.assertEquals(resp.environ['swift.authorize_override'], True) + self.assertEquals(resp.environ['REMOTE_USER'], '.wsgi.tempurl') def test_put_not_allowed_by_get(self): method = 'GET' @@ -139,6 +141,8 @@ class TestTempURL(unittest.TestCase): req.environ['swift.cache'].set('temp-url-key/a', key) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) + self.assertEquals(resp.environ['swift.authorize_override'], True) + self.assertEquals(resp.environ['REMOTE_USER'], '.wsgi.tempurl') def test_get_not_allowed_by_put(self): method = 'PUT' @@ -226,6 +230,8 @@ class TestTempURL(unittest.TestCase): req.environ['swift.cache'].set('temp-url-key/a', key) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) + self.assertEquals(resp.environ['swift.authorize_override'], True) + self.assertEquals(resp.environ['REMOTE_USER'], '.wsgi.tempurl') def test_head_allowed_by_put(self): method = 'PUT' @@ -241,6 +247,8 @@ class TestTempURL(unittest.TestCase): req.environ['swift.cache'].set('temp-url-key/a', key) resp = req.get_response(self.tempurl) self.assertEquals(resp.status_int, 404) + self.assertEquals(resp.environ['swift.authorize_override'], True) + self.assertEquals(resp.environ['REMOTE_USER'], '.wsgi.tempurl') def test_head_otherwise_not_allowed(self): method = 'PUT'