author | Brian Reitz <Brian.Reitz@Oracle.COM> |
Mon, 20 Apr 2015 14:56:11 -0700 | |
changeset 4152 | b514ec655325 |
permissions | -rw-r--r-- |
4152
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
1 |
This upstream patch addresses CVE-2015-1856 in Swift. It should be able |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
2 |
to be removed when Swift 2.3.0 or later is integrated. |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
3 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
4 |
From 85afe9316570855c87ea731d0627f6f8f2b73264 Mon Sep 17 00:00:00 2001 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
5 |
From: Alistair Coles <[email protected]> |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
6 |
Date: Fri, 3 Apr 2015 17:05:36 +0100 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
7 |
Subject: Prevent unauthorized delete in versioned container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
8 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
9 |
An authenticated user can delete the most recent version of any |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
10 |
versioned object who's name is known if the user has listing access |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
11 |
to the x-versions-location container. Only Swift setups with |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
12 |
allow_version setting are affected. |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
13 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
14 |
This patch closes this bug, tracked as CVE-2015-1856. |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
15 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
16 |
Co-Authored-By: Clay Gerrard <[email protected]> |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
17 |
Co-Authored-By: Christian Schwede <[email protected]> |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
18 |
Co-Authored-By: Alistair Coles <[email protected]> |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
19 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
20 |
Closes-Bug: 1430645 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
21 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
22 |
Change-Id: I74448c12bc4d4cd07d4300f452cf3dd6f66ca70a |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
23 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
24 |
--- swift-2.2.2/swift/proxy/controllers/obj.py.~1~ 2015-02-01 23:44:14.000000000 -0800 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
25 |
+++ swift-2.2.2/swift/proxy/controllers/obj.py 2015-04-14 13:55:21.015697631 -0700 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
26 |
@@ -772,6 +772,10 @@ class ObjectController(Controller): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
27 |
req.acl = container_info['write_acl'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
28 |
req.environ['swift_sync_key'] = container_info['sync_key'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
29 |
object_versions = container_info['versions'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
30 |
+ if 'swift.authorize' in req.environ: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
31 |
+ aresp = req.environ['swift.authorize'](req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
32 |
+ if aresp: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
33 |
+ return aresp |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
34 |
if object_versions: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
35 |
# this is a version manifest and needs to be handled differently |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
36 |
object_versions = unquote(object_versions) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
37 |
@@ -842,11 +846,11 @@ class ObjectController(Controller): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
38 |
# remove 'X-If-Delete-At', since it is not for the older copy |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
39 |
if 'X-If-Delete-At' in req.headers: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
40 |
del req.headers['X-If-Delete-At'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
41 |
+ if 'swift.authorize' in req.environ: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
42 |
+ aresp = req.environ['swift.authorize'](req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
43 |
+ if aresp: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
44 |
+ return aresp |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
45 |
break |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
46 |
- if 'swift.authorize' in req.environ: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
47 |
- aresp = req.environ['swift.authorize'](req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
48 |
- if aresp: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
49 |
- return aresp |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
50 |
if not containers: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
51 |
return HTTPNotFound(request=req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
52 |
partition, nodes = obj_ring.get_nodes( |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
53 |
--- swift-2.2.2/test/functional/tests.py.~1~ 2015-02-01 23:44:11.000000000 -0800 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
54 |
+++ swift-2.2.2/test/functional/tests.py 2015-04-14 13:55:21.017140281 -0700 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
55 |
@@ -2407,6 +2407,14 @@ class TestObjectVersioningEnv(object): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
56 |
cls.account = Account(cls.conn, tf.config.get('account', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
57 |
tf.config['username'])) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
58 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
59 |
+ # Second connection for ACL tests |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
60 |
+ config2 = deepcopy(tf.config) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
61 |
+ config2['account'] = tf.config['account2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
62 |
+ config2['username'] = tf.config['username2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
63 |
+ config2['password'] = tf.config['password2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
64 |
+ cls.conn2 = Connection(config2) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
65 |
+ cls.conn2.authenticate() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
66 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
67 |
# avoid getting a prefix that stops halfway through an encoded |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
68 |
# character |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
69 |
prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8") |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
70 |
@@ -2460,6 +2468,14 @@ class TestCrossPolicyObjectVersioningEnv |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
71 |
cls.account = Account(cls.conn, tf.config.get('account', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
72 |
tf.config['username'])) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
73 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
74 |
+ # Second connection for ACL tests |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
75 |
+ config2 = deepcopy(tf.config) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
76 |
+ config2['account'] = tf.config['account2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
77 |
+ config2['username'] = tf.config['username2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
78 |
+ config2['password'] = tf.config['password2'] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
79 |
+ cls.conn2 = Connection(config2) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
80 |
+ cls.conn2.authenticate() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
81 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
82 |
# avoid getting a prefix that stops halfway through an encoded |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
83 |
# character |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
84 |
prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8") |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
85 |
@@ -2494,6 +2510,15 @@ class TestObjectVersioning(Base): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
86 |
"Expected versioning_enabled to be True/False, got %r" % |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
87 |
(self.env.versioning_enabled,)) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
88 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
89 |
+ def tearDown(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
90 |
+ super(TestObjectVersioning, self).tearDown() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
91 |
+ try: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
92 |
+ # delete versions first! |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
93 |
+ self.env.versions_container.delete_files() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
94 |
+ self.env.container.delete_files() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
95 |
+ except ResponseError: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
96 |
+ pass |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
97 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
98 |
def test_overwriting(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
99 |
container = self.env.container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
100 |
versions_container = self.env.versions_container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
101 |
@@ -2553,6 +2578,33 @@ class TestObjectVersioning(Base): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
102 |
self.assertEqual(3, versions_container.info()['object_count']) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
103 |
self.assertEqual("112233", man_file.read()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
104 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
105 |
+ def test_versioning_check_acl(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
106 |
+ container = self.env.container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
107 |
+ versions_container = self.env.versions_container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
108 |
+ versions_container.create(hdrs={'X-Container-Read': '.r:*,.rlistings'}) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
109 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
110 |
+ obj_name = Utils.create_name() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
111 |
+ versioned_obj = container.file(obj_name) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
112 |
+ versioned_obj.write("aaaaa") |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
113 |
+ self.assertEqual("aaaaa", versioned_obj.read()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
114 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
115 |
+ versioned_obj.write("bbbbb") |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
116 |
+ self.assertEqual("bbbbb", versioned_obj.read()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
117 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
118 |
+ # Use token from second account and try to delete the object |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
119 |
+ org_token = self.env.account.conn.storage_token |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
120 |
+ self.env.account.conn.storage_token = self.env.conn2.storage_token |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
121 |
+ try: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
122 |
+ self.assertRaises(ResponseError, versioned_obj.delete) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
123 |
+ finally: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
124 |
+ self.env.account.conn.storage_token = org_token |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
125 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
126 |
+ # Verify with token from first account |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
127 |
+ self.assertEqual("bbbbb", versioned_obj.read()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
128 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
129 |
+ versioned_obj.delete() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
130 |
+ self.assertEqual("aaaaa", versioned_obj.read()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
131 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
132 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
133 |
class TestObjectVersioningUTF8(Base2, TestObjectVersioning): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
134 |
set_up = False |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
135 |
--- swift-2.2.2/test/unit/proxy/test_server.py.~1~ 2015-02-01 23:44:11.000000000 -0800 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
136 |
+++ swift-2.2.2/test/unit/proxy/test_server.py 2015-04-14 13:55:21.019825997 -0700 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
137 |
@@ -56,7 +56,7 @@ from swift.proxy.controllers.base import |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
138 |
get_account_memcache_key, cors_validation |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
139 |
import swift.proxy.controllers |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
140 |
from swift.common.swob import Request, Response, HTTPUnauthorized, \ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
141 |
- HTTPException |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
142 |
+ HTTPException, HTTPForbidden |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
143 |
from swift.common import storage_policy |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
144 |
from swift.common.storage_policy import StoragePolicy, \ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
145 |
StoragePolicyCollection, POLICIES |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
146 |
@@ -1609,6 +1609,7 @@ class TestObjectController(unittest.Test |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
147 |
]) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
148 |
def test_DELETE_on_expired_versioned_object(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
149 |
methods = set() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
150 |
+ authorize_call_count = [0] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
151 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
152 |
def test_connect(ipaddr, port, device, partition, method, path, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
153 |
headers=None, query_string=None): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
154 |
@@ -1634,6 +1635,10 @@ class TestObjectController(unittest.Test |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
155 |
for obj in object_list: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
156 |
yield obj |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
157 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
158 |
+ def fake_authorize(req): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
159 |
+ authorize_call_count[0] += 1 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
160 |
+ return None # allow the request |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
161 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
162 |
with save_globals(): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
163 |
controller = proxy_server.ObjectController(self.app, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
164 |
'a', 'c', 'o') |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
165 |
@@ -1645,7 +1650,8 @@ class TestObjectController(unittest.Test |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
166 |
204, 204, 204, # delete for the pre-previous |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
167 |
give_connect=test_connect) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
168 |
req = Request.blank('/v1/a/c/o', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
169 |
- environ={'REQUEST_METHOD': 'DELETE'}) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
170 |
+ environ={'REQUEST_METHOD': 'DELETE', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
171 |
+ 'swift.authorize': fake_authorize}) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
172 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
173 |
self.app.memcache.store = {} |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
174 |
self.app.update_request(req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
175 |
@@ -1655,6 +1661,67 @@ class TestObjectController(unittest.Test |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
176 |
('PUT', '/a/c/o'), |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
177 |
('DELETE', '/a/foo/2')] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
178 |
self.assertEquals(set(exp_methods), (methods)) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
179 |
+ self.assertEquals(authorize_call_count[0], 2) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
180 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
181 |
+ @patch_policies([ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
182 |
+ StoragePolicy(0, 'zero', False, object_ring=FakeRing()), |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
183 |
+ StoragePolicy(1, 'one', True, object_ring=FakeRing()) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
184 |
+ ]) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
185 |
+ def test_denied_DELETE_of_versioned_object(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
186 |
+ """ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
187 |
+ Verify that a request with read access to a versions container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
188 |
+ is unable to cause any write operations on the versioned container. |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
189 |
+ """ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
190 |
+ methods = set() |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
191 |
+ authorize_call_count = [0] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
192 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
193 |
+ def test_connect(ipaddr, port, device, partition, method, path, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
194 |
+ headers=None, query_string=None): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
195 |
+ methods.add((method, path)) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
196 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
197 |
+ def fake_container_info(account, container, req): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
198 |
+ return {'status': 200, 'sync_key': None, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
199 |
+ 'meta': {}, 'cors': {'allow_origin': None, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
200 |
+ 'expose_headers': None, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
201 |
+ 'max_age': None}, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
202 |
+ 'sysmeta': {}, 'read_acl': None, 'object_count': None, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
203 |
+ 'write_acl': None, 'versions': 'foo', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
204 |
+ 'partition': 1, 'bytes': None, 'storage_policy': '1', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
205 |
+ 'nodes': [{'zone': 0, 'ip': '10.0.0.0', 'region': 0, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
206 |
+ 'id': 0, 'device': 'sda', 'port': 1000}, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
207 |
+ {'zone': 1, 'ip': '10.0.0.1', 'region': 1, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
208 |
+ 'id': 1, 'device': 'sdb', 'port': 1001}, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
209 |
+ {'zone': 2, 'ip': '10.0.0.2', 'region': 0, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
210 |
+ 'id': 2, 'device': 'sdc', 'port': 1002}]} |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
211 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
212 |
+ def fake_list_iter(container, prefix, env): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
213 |
+ object_list = [{'name': '1'}, {'name': '2'}, {'name': '3'}] |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
214 |
+ for obj in object_list: |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
215 |
+ yield obj |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
216 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
217 |
+ def fake_authorize(req): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
218 |
+ # deny write access |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
219 |
+ authorize_call_count[0] += 1 |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
220 |
+ return HTTPForbidden(req) # allow the request |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
221 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
222 |
+ with save_globals(): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
223 |
+ controller = proxy_server.ObjectController(self.app, |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
224 |
+ 'a', 'c', 'o') |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
225 |
+ controller.container_info = fake_container_info |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
226 |
+ # patching _listing_iter simulates request being authorized |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
227 |
+ # to list versions container |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
228 |
+ controller._listing_iter = fake_list_iter |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
229 |
+ set_http_connect(give_connect=test_connect) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
230 |
+ req = Request.blank('/v1/a/c/o', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
231 |
+ environ={'REQUEST_METHOD': 'DELETE', |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
232 |
+ 'swift.authorize': fake_authorize}) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
233 |
+ |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
234 |
+ self.app.memcache.store = {} |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
235 |
+ self.app.update_request(req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
236 |
+ resp = controller.DELETE(req) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
237 |
+ self.assertEqual(403, resp.status_int) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
238 |
+ self.assertFalse(methods, methods) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
239 |
+ self.assertEquals(authorize_call_count[0], 1) |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
240 |
|
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
241 |
def test_PUT_auto_content_type(self): |
b514ec655325
20884919 problem in SERVICE/SWIFT
Brian Reitz <Brian.Reitz@Oracle.COM>
parents:
diff
changeset
|
242 |
with save_globals(): |