Merge "s3api: Make UNSIGNED-PAYLOAD requests work again"

2021-01-11 17:38:43 +00:00 · 2021-01-11 17:38:43 +00:00 · 9c20ef1bd1
parent 73cc68f55b 09a2f93933
commit 9c20ef1bd1
2 changed files with 7 additions and 4 deletions
--- a/swift/common/middleware/s3api/s3request.py
+++ b/swift/common/middleware/s3api/s3request.py
@ -448,10 +448,10 @@ class SigV4Mixin(object):
                  'x-amz-content-sha256'
            raise InvalidRequest(msg)
        else:
-            hashed_payload = self.headers['X-Amz-Content-SHA256'].lower()
-            if hashed_payload != 'unsigned-payload':
+            hashed_payload = self.headers['X-Amz-Content-SHA256']
+            if hashed_payload != 'UNSIGNED-PAYLOAD':
                if self.content_length == 0:
-                    if hashed_payload != sha256().hexdigest():
+                    if hashed_payload.lower() != sha256().hexdigest():
                        raise BadDigest(
                            'The X-Amz-Content-SHA56 you specified did not '
                            'match what we received.')
@ -460,7 +460,7 @@ class SigV4Mixin(object):
                        self.environ['wsgi.input'],
                        self.content_length,
                        sha256,
-                        hashed_payload)
+                        hashed_payload.lower())
                # else, length not provided -- Swift will kick out a
                # 411 Length Required which will get translated back
                # to a S3-style response in S3Request._swift_error_codes
--- a/test/unit/common/middleware/s3api/test_obj.py
+++ b/test/unit/common/middleware/s3api/test_obj.py
@ -30,6 +30,7 @@ from swift.common.middleware.proxy_logging import ProxyLoggingMiddleware

 from test.unit.common.middleware.s3api import S3ApiTestCase
 from test.unit.common.middleware.s3api.test_s3_acl import s3acl
+from swift.common.middleware.s3api.s3request import SigV4Request
 from swift.common.middleware.s3api.subresource import ACL, User, encode_acl, \
    Owner, Grant
 from swift.common.middleware.s3api.etree import fromstring
@ -723,6 +724,8 @@ class TestS3ApiObj(S3ApiTestCase):
        _, _, headers = self.swift.calls_with_headers[-1]
        # No way to determine ETag to send
        self.assertNotIn('etag', headers)
+        self.assertIn(b'UNSIGNED-PAYLOAD', SigV4Request(
+            req.environ, self.s3api.conf)._canonical_request())

    def test_object_PUT_headers(self):
        content_md5 = binascii.b2a_base64(binascii.a2b_hex(self.etag)).strip()