From 208d7b8e0040db6ad2a428f5a3345e2e0ba9cbd1 Mon Sep 17 00:00:00 2001 From: Clay Gerrard Date: Thu, 4 Nov 2010 14:39:29 -0500 Subject: [PATCH] fixed auth_copy bug, and early denial for proxy.server.ObjectController.COPY method; added tests --- swift/proxy/server.py | 8 ++++--- test/functionalnosetests/test_object.py | 29 +++++++++++++++++-------- test/unit/proxy/test_server.py | 17 +++++++++++++++ 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/swift/proxy/server.py b/swift/proxy/server.py index ac9beafa52..62b1835271 100644 --- a/swift/proxy/server.py +++ b/swift/proxy/server.py @@ -629,7 +629,8 @@ class ObjectController(Controller): return HTTPPreconditionFailed(request=req, body='X-Copy-From header must be of the form' '/') - source_req = Request.blank(source_header, environ=req.environ) + source_req = req.copy_get() + source_req.path_info = source_header orig_obj_name = self.object_name orig_container_name = self.container_name self.object_name = src_obj_name @@ -820,6 +821,7 @@ class ObjectController(Controller): 'Object DELETE') @public + @delay_denial def COPY(self, req): """HTTP COPY request handler.""" dest = req.headers.get('Destination') @@ -845,8 +847,8 @@ class ObjectController(Controller): new_headers['Content-Length'] = 0 del new_headers['Destination'] new_path = '/' + self.account_name + dest - new_req = Request.blank(new_path, - environ={'REQUEST_METHOD': 'PUT'}, headers=new_headers) + new_req = Request.blank(new_path, environ=req.environ, + headers=new_headers) return self.PUT(new_req) diff --git a/test/functionalnosetests/test_object.py b/test/functionalnosetests/test_object.py index 0ceaee8fc1..e4b2fc48c5 100644 --- a/test/functionalnosetests/test_object.py +++ b/test/functionalnosetests/test_object.py @@ -131,17 +131,28 @@ class TestObject(unittest.TestCase): resp = retry(put, use_account=3) resp.read() self.assertEquals(resp.status, 201) - # verify third account STILL can not copy from private container - def copy(url, token, parsed, conn): - conn.request('PUT', '%s/%s/%s' % (parsed.path, - shared_container, - 'private_object'), + # verify third account can copy "obj1" to shared container + def copy2(url, token, parsed, conn): + conn.request('COPY', '%s/%s/%s' % (parsed.path, + shared_container, + 'obj1'), '', {'X-Auth-Token': token, - 'Content-Length': '0', - 'X-Copy-From': '%s/%s' % (self.container, - self.obj)}) + 'Destination': '%s/%s' % (shared_container, + 'obj1')}) return check_response(conn) - resp = retry(copy, use_account=3) + resp = retry(copy2, use_account=3) + resp.read() + self.assertEquals(resp.status, 201) + # verify third account STILL can not copy from private container + def copy3(url, token, parsed, conn): + conn.request('COPY', '%s/%s/%s' % (parsed.path, + self.container, + self.obj), + '', {'X-Auth-Token': token, + 'Destination': '%s/%s' % (shared_container, + 'private_object')}) + return check_response(conn) + resp = retry(copy3, use_account=3) resp.read() self.assertEquals(resp.status, 403) # clean up "obj1" diff --git a/test/unit/proxy/test_server.py b/test/unit/proxy/test_server.py index 72aac0eb5e..2ae1803b79 100644 --- a/test/unit/proxy/test_server.py +++ b/test/unit/proxy/test_server.py @@ -1904,6 +1904,23 @@ class TestObjectController(unittest.TestCase): res = controller.PUT(req) self.assert_(called[0]) + def test_COPY_calls_authorize(self): + called = [False] + + def authorize(req): + called[0] = True + return HTTPUnauthorized(request=req) + with save_globals(): + proxy_server.http_connect = \ + fake_http_connect(200, 200, 200, 200, 200, 201, 201, 201) + controller = proxy_server.ObjectController(self.app, 'account', + 'container', 'object') + req = Request.blank('/a/c/o', environ={'REQUEST_METHOD': 'COPY'}, + headers={'Destination': 'c/o'}) + req.environ['swift.authorize'] = authorize + self.app.update_request(req) + res = controller.COPY(req) + self.assert_(called[0]) class TestContainerController(unittest.TestCase): "Test swift.proxy_server.ContainerController"