Merge "Tolerate absolute-form request targets"
This commit is contained in:
commit
8715622893
@ -132,6 +132,12 @@ class SwiftHttpProtocol(wsgi.HttpProtocol):
|
||||
400,
|
||||
"Bad HTTP/0.9 request type (%r)" % command)
|
||||
return False
|
||||
|
||||
if path.startswith(('http://', 'https://')):
|
||||
host, sep, rest = path.partition('//')[2].partition('/')
|
||||
if sep:
|
||||
path = '/' + rest
|
||||
|
||||
self.command, self.path = command, path
|
||||
|
||||
# Examine the headers and look for a Connection directive.
|
||||
|
@ -17,6 +17,7 @@ import os
|
||||
|
||||
import requests
|
||||
|
||||
from swift.common.bufferedhttp import http_connect_raw
|
||||
from swift.common.middleware.s3api.etree import fromstring
|
||||
|
||||
import test.functional as tf
|
||||
@ -223,6 +224,35 @@ class TestS3ApiPresignedUrls(S3ApiBase):
|
||||
status, _junk, _junk = self.conn.make_request('DELETE', bucket)
|
||||
self.assertEqual(status, 204)
|
||||
|
||||
def test_absolute_form_request(self):
|
||||
bucket = 'test-bucket'
|
||||
|
||||
put_url, headers = self.conn.generate_url_and_headers(
|
||||
'PUT', bucket)
|
||||
resp = http_connect_raw(
|
||||
self.conn.host,
|
||||
self.conn.port,
|
||||
'PUT',
|
||||
put_url, # whole URL, not just the path/query!
|
||||
headers=headers,
|
||||
ssl=put_url.startswith('https:'),
|
||||
).getresponse()
|
||||
self.assertEqual(resp.status, 200,
|
||||
'Got %d %s' % (resp.status, resp.read()))
|
||||
|
||||
delete_url, headers = self.conn.generate_url_and_headers(
|
||||
'DELETE', bucket)
|
||||
resp = http_connect_raw(
|
||||
self.conn.host,
|
||||
self.conn.port,
|
||||
'DELETE',
|
||||
delete_url, # whole URL, not just the path/query!
|
||||
headers=headers,
|
||||
ssl=delete_url.startswith('https:'),
|
||||
).getresponse()
|
||||
self.assertEqual(resp.status, 204,
|
||||
'Got %d %s' % (resp.status, resp.read()))
|
||||
|
||||
|
||||
class TestS3ApiPresignedUrlsSigV4(TestS3ApiPresignedUrls):
|
||||
@classmethod
|
||||
|
56
test/s3api/test_request_target_style.py
Normal file
56
test/s3api/test_request_target_style.py
Normal file
@ -0,0 +1,56 @@
|
||||
# Copyright (c) 2022 Nvidia
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from unittest import SkipTest
|
||||
|
||||
from test.s3api import BaseS3TestCase
|
||||
|
||||
|
||||
class AlwaysAbsoluteURLProxyConfig(object):
|
||||
|
||||
def __init__(self):
|
||||
self.settings = {'proxy_use_forwarding_for_https': True}
|
||||
|
||||
def proxy_url_for(self, request_url):
|
||||
return request_url
|
||||
|
||||
def proxy_headers_for(self, proxy_url):
|
||||
return {}
|
||||
|
||||
|
||||
class TestRequestTargetStyle(BaseS3TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.client = self.get_s3_client(1)
|
||||
if not self.client._endpoint.host.startswith('https:'):
|
||||
raise SkipTest('Absolute URL test requires https')
|
||||
|
||||
self.bucket_name = self.create_name('test-address-style')
|
||||
resp = self.client.create_bucket(Bucket=self.bucket_name)
|
||||
self.assertEqual(200, resp['ResponseMetadata']['HTTPStatusCode'])
|
||||
|
||||
def tearDown(self):
|
||||
self.clear_bucket(self.client, self.bucket_name)
|
||||
super(TestRequestTargetStyle, self).tearDown()
|
||||
|
||||
def test_absolute_url(self):
|
||||
sess = self.client._endpoint.http_session
|
||||
sess._proxy_config = AlwaysAbsoluteURLProxyConfig()
|
||||
self.assertEqual({'use_forwarding_for_https': True},
|
||||
sess._proxies_kwargs())
|
||||
resp = self.client.list_buckets()
|
||||
self.assertEqual(200, resp['ResponseMetadata']['HTTPStatusCode'])
|
||||
self.assertIn(self.bucket_name, {
|
||||
info['Name'] for info in resp['Buckets']})
|
@ -180,6 +180,48 @@ class TestSwiftHttpProtocolSomeMore(ProtocolTest):
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'/oh\xffboy%what$now%E2%80%bd')
|
||||
|
||||
def test_absolute_target(self):
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"GET https://cluster.domain/bucket/key HTTP/1.0\r\n"
|
||||
b"\r\n"
|
||||
))
|
||||
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'/bucket/key')
|
||||
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"GET http://cluster.domain/v1/acct/cont/obj HTTP/1.0\r\n"
|
||||
b"\r\n"
|
||||
))
|
||||
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'/v1/acct/cont/obj')
|
||||
|
||||
# clients talking nonsense
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"GET ftp://cluster.domain/bucket/key HTTP/1.0\r\n"
|
||||
b"\r\n"
|
||||
))
|
||||
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'ftp://cluster.domain/bucket/key')
|
||||
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"GET https://cluster.domain HTTP/1.0\r\n"
|
||||
b"\r\n"
|
||||
))
|
||||
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'https://cluster.domain')
|
||||
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"GET http:omg//wtf/bbq HTTP/1.0\r\n"
|
||||
b"\r\n"
|
||||
))
|
||||
|
||||
lines = [l for l in bytes_out.split(b"\r\n") if l]
|
||||
self.assertEqual(lines[-1], b'http:omg//wtf/bbq')
|
||||
|
||||
def test_bad_request(self):
|
||||
bytes_out = self._run_bytes_through_protocol((
|
||||
b"ONLY-METHOD\r\n"
|
||||
|
@ -2851,6 +2851,36 @@ class TestReplicatedObjectController(
|
||||
self.assertIn(b'X-Object-Meta-\xf0\x9f\x8c\xb4: \xf0\x9f\x91\x8d',
|
||||
headers.split(b'\r\n'))
|
||||
|
||||
@unpatch_policies
|
||||
def test_HEAD_absolute_uri(self):
|
||||
prolis = _test_sockets[0]
|
||||
sock = connect_tcp(('localhost', prolis.getsockname()[1]))
|
||||
fd = sock.makefile('rwb')
|
||||
|
||||
# sanity, this resource is created in setup
|
||||
path = b'/v1/a'
|
||||
fd.write(b'HEAD %s HTTP/1.1\r\n'
|
||||
b'Host: localhost\r\n'
|
||||
b'Connection: keep-alive\r\n'
|
||||
b'X-Storage-Token: t\r\n'
|
||||
b'\r\n' % (path,))
|
||||
fd.flush()
|
||||
headers = readuntil2crlfs(fd)
|
||||
exp = b'HTTP/1.1 204'
|
||||
self.assertEqual(headers[:len(exp)], exp)
|
||||
|
||||
# RFC says we should accept this, too
|
||||
abs_path = b'http://saio.example.com:8080/v1/a'
|
||||
fd.write(b'HEAD %s HTTP/1.1\r\n'
|
||||
b'Host: localhost\r\n'
|
||||
b'Connection: keep-alive\r\n'
|
||||
b'X-Storage-Token: t\r\n'
|
||||
b'\r\n' % (abs_path,))
|
||||
fd.flush()
|
||||
headers = readuntil2crlfs(fd)
|
||||
exp = b'HTTP/1.1 204'
|
||||
self.assertEqual(headers[:len(exp)], exp)
|
||||
|
||||
@unpatch_policies
|
||||
def test_GET_short_read(self):
|
||||
prolis = _test_sockets[0]
|
||||
|
Loading…
Reference in New Issue
Block a user