Implemented the fix to handle the HTTP request methods other than GET.

Change-Id: I8db01a5a59f72c562aa8039b459a965283b1b3ad Closes-Bug: #1695855
2018-05-14 23:23:57 -07:00 · 2018-05-14 23:23:57 -07:00 · a563ba26fa
commit a563ba26fa
parent de9cee090b
2 changed files with 34 additions and 1 deletions
--- a/swift/common/middleware/tempauth.py
+++ b/swift/common/middleware/tempauth.py
@ -183,7 +183,7 @@ from eventlet import Timeout
 import six
 from swift.common.swob import Response, Request
 from swift.common.swob import HTTPBadRequest, HTTPForbidden, HTTPNotFound, \
-    HTTPUnauthorized
+    HTTPUnauthorized, HTTPMethodNotAllowed

 from swift.common.request_helpers import get_sys_meta_prefix
 from swift.common.middleware.acl import (
@ -677,6 +677,9 @@ class TempAuth(object):
        """
        req.start_time = time()
        handler = None
+        if req.method != 'GET':
+            req.response = HTTPMethodNotAllowed(request=req)
+            return req.response
        try:
            version, account, user, _junk = split_path(req.path_info,
                                                       1, 4, True)
--- a/test/unit/common/middleware/test_tempauth.py
+++ b/test/unit/common/middleware/test_tempauth.py
@ -947,6 +947,36 @@ class TestAuth(unittest.TestCase):
        resp = req.get_response(ath)
        self.assertEqual(204, resp.status_int)

+    def test_request_method_not_allowed(self):
+        test_auth = auth.filter_factory({'user_ac_user': 'testing'})(FakeApp())
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'PUT'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'HEAD'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'POST'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'DELETE'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+

 class TestAuthWithMultiplePrefixes(TestAuth):
    """