diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py index aef3e6de2c..5b0d10ed64 100644 --- a/swift/common/middleware/tempurl.py +++ b/swift/common/middleware/tempurl.py @@ -340,7 +340,7 @@ DEFAULT_OUTGOING_REMOVE_HEADERS = 'x-object-meta-*' #: '*' to indicate a prefix match. DEFAULT_OUTGOING_ALLOW_HEADERS = 'x-object-meta-public-*' -DEFAULT_ALLOWED_DIGESTS = 'sha256 sha512' +DEFAULT_ALLOWED_DIGESTS = 'sha1 sha256 sha512' DEPRECATED_DIGESTS = {'sha1'} SUPPORTED_DIGESTS = set(DEFAULT_ALLOWED_DIGESTS.split()) | DEPRECATED_DIGESTS @@ -855,9 +855,15 @@ def filter_factory(global_conf, **local_conf): deprecated = allowed_digests & DEPRECATED_DIGESTS if deprecated: - logger.warning('The following digest algorithms are configured but ' - 'deprecated: %s. Support will be removed in a future ' - 'release.', ', '.join(deprecated)) + if not conf.get('allowed_digests'): + logger.warning('The following digest algorithms are allowed by ' + 'default but deprecated: %s. Support will be ' + 'disabled by default in a future release, and ' + 'later removed entirely.', ', '.join(deprecated)) + else: + logger.warning('The following digest algorithms are configured ' + 'but deprecated: %s. Support will be removed in a ' + 'future release.', ', '.join(deprecated)) if not allowed_digests: raise ValueError('No valid digest algorithms are configured ' diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index 4c6a31bc1b..7e984ca274 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -131,11 +131,9 @@ class TestTempURL(unittest.TestCase): self.assertEqual(resp.status_int, 200) def assert_valid_sig(self, expires, path, keys, sig, environ=None, - prefix=None, tempurl=None): + prefix=None): if not environ: environ = {} - if tempurl is None: - tempurl = self.tempurl if six.PY3 and isinstance(sig, six.binary_type): sig = sig.decode('utf-8') environ['QUERY_STRING'] = 'temp_url_sig=%s&temp_url_expires=%s' % ( @@ -143,8 +141,8 @@ class TestTempURL(unittest.TestCase): if prefix is not None: environ['QUERY_STRING'] += '&temp_url_prefix=%s' % prefix req = self._make_request(path, keys=keys, environ=environ) - tempurl.app = FakeApp(iter([('200 Ok', (), '123')])) - resp = req.get_response(tempurl) + self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')])) + resp = req.get_response(self.tempurl) self.assertEqual(resp.status_int, 200) self.assertEqual(resp.headers['content-disposition'], 'attachment; filename="o"; ' + "filename*=UTF-8''o") @@ -161,11 +159,8 @@ class TestTempURL(unittest.TestCase): key = b'abc' hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8') - tempurl1 = tempurl.filter_factory({ - 'allowed_digests': 'sha1'})(self.auth) - tempurl1.logger = self.logger sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest() - self.assert_valid_sig(expires, path, [key], sig, tempurl=tempurl1) + self.assert_valid_sig(expires, path, [key], sig) sig = hmac.new(key, hmac_body, hashlib.sha256).hexdigest() self.assert_valid_sig(expires, path, [key], sig) @@ -1629,7 +1624,7 @@ class TestSwiftInfo(unittest.TestCase): set(('x-object-meta-*',))) self.assertEqual(set(info['outgoing_allow_headers']), set(('x-object-meta-public-*',))) - self.assertEqual(info['allowed_digests'], ['sha256', 'sha512']) + self.assertEqual(info['allowed_digests'], ['sha1', 'sha256', 'sha512']) def test_non_default_methods(self): tempurl.filter_factory({