Merge "Implemented the fix to handle the HTTP request methods other than GET."

2019-03-20 03:13:08 +00:00 · 2019-03-20 03:13:08 +00:00 · d20befafd4
parent 43b22a30aa a563ba26fa
commit d20befafd4
2 changed files with 34 additions and 1 deletions
--- a/swift/common/middleware/tempauth.py
+++ b/swift/common/middleware/tempauth.py
@ -184,7 +184,7 @@ from eventlet import Timeout
 import six
 from swift.common.swob import Response, Request, wsgi_to_str
 from swift.common.swob import HTTPBadRequest, HTTPForbidden, HTTPNotFound, \
-    HTTPUnauthorized
+    HTTPUnauthorized, HTTPMethodNotAllowed

 from swift.common.request_helpers import get_sys_meta_prefix
 from swift.common.middleware.acl import (
@ -688,6 +688,9 @@ class TempAuth(object):
        """
        req.start_time = time()
        handler = None
+        if req.method != 'GET':
+            req.response = HTTPMethodNotAllowed(request=req)
+            return req.response
        try:
            version, account, user, _junk = split_path(req.path_info,
                                                       1, 4, True)
--- a/test/unit/common/middleware/test_tempauth.py
+++ b/test/unit/common/middleware/test_tempauth.py
@ -1024,6 +1024,36 @@ class TestAuth(unittest.TestCase):
        resp = req.get_response(ath)
        self.assertEqual(204, resp.status_int)

+    def test_request_method_not_allowed(self):
+        test_auth = auth.filter_factory({'user_ac_user': 'testing'})(FakeApp())
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'PUT'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'HEAD'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'POST'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'DELETE'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+

 class TestAuthWithMultiplePrefixes(TestAuth):
    """