Make swift-auth-to-swauth work with really old devauth dbs.
Update swauth to accept non-alnum chars in account and user names.
This commit is contained in:
commit
24a624345d
@ -23,16 +23,18 @@ import sqlite3
|
||||
|
||||
if __name__ == '__main__':
|
||||
gettext.install('swift', unicode=1)
|
||||
if len(argv) != 4 or argv[1] != '-K':
|
||||
exit('Syntax: %s -K <super_admin_key> <path to auth.db>' % argv[0])
|
||||
_junk, _junk, super_admin_key, auth_db = argv
|
||||
# This version will not attempt to prep swauth
|
||||
# call(['swauth-prep', '-K', super_admin_key])
|
||||
if len(argv) != 2:
|
||||
exit('Syntax: %s <path_to_auth.db>' % argv[0])
|
||||
_junk, auth_db = argv
|
||||
conn = sqlite3.connect(auth_db)
|
||||
for account, cfaccount, user, password, admin, reseller_admin in \
|
||||
conn.execute('SELECT account, cfaccount, user, password, admin, '
|
||||
'reseller_admin FROM account'):
|
||||
cmd = ['swauth-add-user', '-K', super_admin_key, '-s',
|
||||
try:
|
||||
listing = conn.execute('SELECT account, cfaccount, user, password, '
|
||||
'admin, reseller_admin FROM account')
|
||||
except sqlite3.OperationalError, err:
|
||||
listing = conn.execute('SELECT account, cfaccount, user, password, '
|
||||
'"f", "f" FROM account')
|
||||
for account, cfaccount, user, password, admin, reseller_admin in listing:
|
||||
cmd = ['swauth-add-user', '-K', '<your_swauth_key>', '-s',
|
||||
cfaccount.split('_', 1)[1]]
|
||||
if admin == 't':
|
||||
cmd.append('-a')
|
||||
@ -40,9 +42,3 @@ if __name__ == '__main__':
|
||||
cmd.append('-r')
|
||||
cmd.extend([account, user, password])
|
||||
print ' '.join(cmd)
|
||||
# For this version, the script will only print out the commands
|
||||
# call(cmd)
|
||||
print '----------------------------------------------------------------'
|
||||
print ' Assuming the above worked perfectly, you should copy and paste '
|
||||
print ' those lines into your ~/bin/recreateaccounts script.'
|
||||
print '----------------------------------------------------------------'
|
||||
|
@ -268,7 +268,7 @@ class Swauth(object):
|
||||
user_groups = (req.remote_user or '').split(',')
|
||||
if '.reseller_admin' in user_groups and \
|
||||
account != self.reseller_prefix and \
|
||||
account[len(self.reseller_prefix)].isalnum():
|
||||
account[len(self.reseller_prefix)] != '.':
|
||||
return None
|
||||
if account in user_groups and \
|
||||
(req.method not in ('DELETE', 'PUT') or container):
|
||||
@ -474,7 +474,7 @@ class Swauth(object):
|
||||
explained above.
|
||||
"""
|
||||
account = req.path_info_pop()
|
||||
if req.path_info or not account.isalnum():
|
||||
if req.path_info or not account or account[0] == '.':
|
||||
return HTTPBadRequest(request=req)
|
||||
if not self.is_account_admin(req, account):
|
||||
return HTTPForbidden(request=req)
|
||||
@ -550,7 +550,7 @@ class Swauth(object):
|
||||
if not self.is_reseller_admin(req):
|
||||
return HTTPForbidden(request=req)
|
||||
account = req.path_info_pop()
|
||||
if req.path_info != '/.services' or not account.isalnum():
|
||||
if req.path_info != '/.services' or not account or account[0] == '.':
|
||||
return HTTPBadRequest(request=req)
|
||||
try:
|
||||
new_services = json.loads(req.body)
|
||||
@ -596,7 +596,7 @@ class Swauth(object):
|
||||
if not self.is_reseller_admin(req):
|
||||
return HTTPForbidden(request=req)
|
||||
account = req.path_info_pop()
|
||||
if req.path_info or not account.isalnum():
|
||||
if req.path_info or not account or account[0] == '.':
|
||||
return HTTPBadRequest(request=req)
|
||||
# Ensure the container in the main auth account exists (this
|
||||
# container represents the new account)
|
||||
@ -678,7 +678,7 @@ class Swauth(object):
|
||||
if not self.is_reseller_admin(req):
|
||||
return HTTPForbidden(request=req)
|
||||
account = req.path_info_pop()
|
||||
if req.path_info or not account.isalnum():
|
||||
if req.path_info or not account or account[0] == '.':
|
||||
return HTTPBadRequest(request=req)
|
||||
# Make sure the account has no users and get the account_id
|
||||
marker = ''
|
||||
@ -798,8 +798,8 @@ class Swauth(object):
|
||||
"""
|
||||
account = req.path_info_pop()
|
||||
user = req.path_info_pop()
|
||||
if req.path_info or not account.isalnum() or \
|
||||
(not user.isalnum() and user != '.groups'):
|
||||
if req.path_info or not account or account[0] == '.' or not user or \
|
||||
(user[0] == '.' and user != '.groups'):
|
||||
return HTTPBadRequest(request=req)
|
||||
if not self.is_account_admin(req, account):
|
||||
return HTTPForbidden(request=req)
|
||||
@ -873,8 +873,8 @@ class Swauth(object):
|
||||
req.headers.get('x-auth-user-reseller-admin') == 'true'
|
||||
if reseller_admin:
|
||||
admin = True
|
||||
if req.path_info or not account.isalnum() or not user.isalnum() or \
|
||||
not key:
|
||||
if req.path_info or not account or account[0] == '.' or not user or \
|
||||
user[0] == '.' or not key:
|
||||
return HTTPBadRequest(request=req)
|
||||
if reseller_admin:
|
||||
if not self.is_super_admin(req):
|
||||
@ -922,7 +922,8 @@ class Swauth(object):
|
||||
# Validate path info
|
||||
account = req.path_info_pop()
|
||||
user = req.path_info_pop()
|
||||
if req.path_info or not account.isalnum() or not user.isalnum():
|
||||
if req.path_info or not account or account[0] == '.' or not user or \
|
||||
user[0] == '.':
|
||||
return HTTPBadRequest(request=req)
|
||||
if not self.is_account_admin(req, account):
|
||||
return HTTPForbidden(request=req)
|
||||
|
@ -2576,6 +2576,23 @@ class TestAuth(unittest.TestCase):
|
||||
{"groups": [{"name": "act:usr"}, {"name": "act"}],
|
||||
"auth": "plaintext:key"})
|
||||
|
||||
def test_put_user_special_chars_success(self):
|
||||
self.test_auth.app = FakeApp(iter([
|
||||
('200 Ok', {'X-Container-Meta-Account-Id': 'AUTH_cfa'}, ''),
|
||||
# PUT of user object
|
||||
('201 Created', {}, '')]))
|
||||
resp = Request.blank('/auth/v2/act/u_s-r',
|
||||
environ={'REQUEST_METHOD': 'PUT'},
|
||||
headers={'X-Auth-Admin-User': '.super_admin',
|
||||
'X-Auth-Admin-Key': 'supertest',
|
||||
'X-Auth-User-Key': 'key'}
|
||||
).get_response(self.test_auth)
|
||||
self.assertEquals(resp.status_int, 201)
|
||||
self.assertEquals(self.test_auth.app.calls, 2)
|
||||
self.assertEquals(json.loads(self.test_auth.app.request.body),
|
||||
{"groups": [{"name": "act:u_s-r"}, {"name": "act"}],
|
||||
"auth": "plaintext:key"})
|
||||
|
||||
def test_put_user_account_admin_success(self):
|
||||
self.test_auth.app = FakeApp(iter([
|
||||
('200 Ok', {'X-Container-Meta-Account-Id': 'AUTH_cfa'}, ''),
|
||||
|
Loading…
x
Reference in New Issue
Block a user