forked from TrueCloudLab/s3-tests
Merge pull request #115 from jmunhoz/fix-20160602
rgw: aws4: add test cases with missing signed headers Reviewed-by: Yehuda Sadeh <yehuda@redhat.com>
This commit is contained in:
commit
456a534136
1 changed files with 47 additions and 12 deletions
|
@ -12,6 +12,9 @@ import string
|
||||||
import socket
|
import socket
|
||||||
import ssl
|
import ssl
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
|
|
||||||
|
from urlparse import urlparse
|
||||||
|
|
||||||
from boto.s3.connection import S3Connection
|
from boto.s3.connection import S3Connection
|
||||||
|
|
||||||
|
@ -25,6 +28,7 @@ import AnonymousAuth
|
||||||
from email.header import decode_header
|
from email.header import decode_header
|
||||||
|
|
||||||
from . import (
|
from . import (
|
||||||
|
_make_raw_request,
|
||||||
nuke_prefixed_buckets,
|
nuke_prefixed_buckets,
|
||||||
get_new_bucket,
|
get_new_bucket,
|
||||||
s3,
|
s3,
|
||||||
|
@ -1381,12 +1385,27 @@ def test_object_create_bad_amz_date_after_end_aws4():
|
||||||
@nose.with_setup(teardown=_clear_custom_headers)
|
@nose.with_setup(teardown=_clear_custom_headers)
|
||||||
def test_object_create_missing_signed_custom_header_aws4():
|
def test_object_create_missing_signed_custom_header_aws4():
|
||||||
check_aws4_support()
|
check_aws4_support()
|
||||||
key = _setup_bad_object({'x-zoo': 'zoo'})
|
method='PUT'
|
||||||
_add_custom_non_auth_headers(remove=('x-zoo',))
|
expires_in='100000'
|
||||||
e = assert_raises(boto.exception.S3ResponseError, key.set_contents_from_string, 'bar')
|
bucket = get_new_bucket()
|
||||||
eq(e.status, 403)
|
key = bucket.new_key('foo')
|
||||||
eq(e.reason, 'Forbidden')
|
body='zoo'
|
||||||
eq(e.error_code, 'SignatureDoesNotMatch')
|
|
||||||
|
# compute the signature with 'x-amz-foo=bar' in the headers...
|
||||||
|
request_headers = {'x-amz-foo':'bar'}
|
||||||
|
url = key.generate_url(expires_in, method=method, headers=request_headers)
|
||||||
|
|
||||||
|
o = urlparse(url)
|
||||||
|
path = o.path + '?' + o.query
|
||||||
|
|
||||||
|
# avoid sending 'x-amz-foo=bar' in the headers
|
||||||
|
request_headers.pop('x-amz-foo')
|
||||||
|
|
||||||
|
res =_make_raw_request(host=s3.main.host, port=s3.main.port, method=method, path=path,
|
||||||
|
body=body, request_headers=request_headers, secure=s3.main.is_secure)
|
||||||
|
|
||||||
|
eq(res.status, 403)
|
||||||
|
eq(res.reason, 'Forbidden')
|
||||||
|
|
||||||
|
|
||||||
@tag('auth_aws4')
|
@tag('auth_aws4')
|
||||||
|
@ -1397,12 +1416,28 @@ def test_object_create_missing_signed_custom_header_aws4():
|
||||||
@nose.with_setup(teardown=_clear_custom_headers)
|
@nose.with_setup(teardown=_clear_custom_headers)
|
||||||
def test_object_create_missing_signed_header_aws4():
|
def test_object_create_missing_signed_header_aws4():
|
||||||
check_aws4_support()
|
check_aws4_support()
|
||||||
key = _setup_bad_object()
|
method='PUT'
|
||||||
_add_custom_non_auth_headers(remove=('Content-MD5',))
|
expires_in='100000'
|
||||||
e = assert_raises(boto.exception.S3ResponseError, key.set_contents_from_string, 'bar')
|
bucket = get_new_bucket()
|
||||||
eq(e.status, 403)
|
key = bucket.new_key('foo')
|
||||||
eq(e.reason, 'Forbidden')
|
body='zoo'
|
||||||
eq(e.error_code, 'SignatureDoesNotMatch')
|
|
||||||
|
# compute the signature...
|
||||||
|
request_headers = {}
|
||||||
|
url = key.generate_url(expires_in, method=method, headers=request_headers)
|
||||||
|
|
||||||
|
o = urlparse(url)
|
||||||
|
path = o.path + '?' + o.query
|
||||||
|
|
||||||
|
# 'X-Amz-Expires' is missing
|
||||||
|
target = r'&X-Amz-Expires=' + expires_in
|
||||||
|
path = re.sub(target, '', path)
|
||||||
|
|
||||||
|
res =_make_raw_request(host=s3.main.host, port=s3.main.port, method=method, path=path,
|
||||||
|
body=body, request_headers=request_headers, secure=s3.main.is_secure)
|
||||||
|
|
||||||
|
eq(res.status, 403)
|
||||||
|
eq(res.reason, 'Forbidden')
|
||||||
|
|
||||||
|
|
||||||
@tag('auth_aws4')
|
@tag('auth_aws4')
|
||||||
|
|
Loading…
Reference in a new issue