diff options
| -rw-r--r-- | nova/api/openstack/auth.py | 6 | ||||
| -rw-r--r-- | nova/tests/api/openstack/fakes.py | 8 | ||||
| -rw-r--r-- | nova/tests/api/openstack/test_auth.py | 44 |
3 files changed, 53 insertions, 5 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 6754fea27..d435f8318 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -16,6 +16,7 @@ # under the License. import hashlib +import os import time import webob.exc @@ -42,12 +43,9 @@ class NoAuthMiddleware(wsgi.Middleware): @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): if 'X-Auth-Token' not in req.headers: - os_url = req.url - version = common.get_version_from_href(os_url) user_id = req.headers.get('X-Auth-User', 'admin') project_id = req.headers.get('X-Auth-Project-Id', 'admin') - if version == '1.1': - os_url += '/' + project_id + os_url = os.path.join(req.url, project_id) res = webob.Response() # NOTE(vish): This is expecting and returning Auth(1.1), whereas # keystone uses 2.0 auth. We should probably allow diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py index b07fe03a5..352949d71 100644 --- a/nova/tests/api/openstack/fakes.py +++ b/nova/tests/api/openstack/fakes.py @@ -68,7 +68,8 @@ def fake_wsgi(self, req): def wsgi_app(inner_app11=None, fake_auth=True, fake_auth_context=None, - serialization=os_wsgi.LazySerializationMiddleware): + serialization=os_wsgi.LazySerializationMiddleware, + use_no_auth=False): if not inner_app11: inner_app11 = openstack.APIRouter() @@ -81,6 +82,11 @@ def wsgi_app(inner_app11=None, fake_auth=True, fake_auth_context=None, limits.RateLimitingMiddleware( serialization( extensions.ExtensionMiddleware(inner_app11))))) + elif use_no_auth: + api11 = openstack.FaultWrapper(auth.NoAuthMiddleware( + limits.RateLimitingMiddleware( + serialization( + extensions.ExtensionMiddleware(inner_app11))))) else: api11 = openstack.FaultWrapper(auth.AuthMiddleware( limits.RateLimitingMiddleware( diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py index db0a5ce85..d6a52d4f0 100644 --- a/nova/tests/api/openstack/test_auth.py +++ b/nova/tests/api/openstack/test_auth.py @@ -269,3 +269,47 @@ class TestLimiter(test.TestCase): result = req.get_response(fakes.wsgi_app(fake_auth=False)) self.assertEqual(result.status, '200 OK') self.assertEqual(result.headers['X-Test-Success'], 'True') + + +class TestNoAuthMiddleware(test.TestCase): + + def setUp(self): + super(TestNoAuthMiddleware, self).setUp() + self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext) + fakes.FakeAuthManager.clear_fakes() + fakes.FakeAuthDatabase.data = {} + fakes.stub_out_rate_limiting(self.stubs) + fakes.stub_out_networking(self.stubs) + + def tearDown(self): + fakes.fake_data_store = {} + super(TestNoAuthMiddleware, self).tearDown() + + def test_authorize_user(self): + req = webob.Request.blank('/v1.1') + req.headers['X-Auth-User'] = 'user1' + req.headers['X-Auth-Key'] = 'user1_key' + req.headers['X-Auth-Project-Id'] = 'user1_project' + result = req.get_response(fakes.wsgi_app(fake_auth=False, + use_no_auth=True)) + self.assertEqual(result.status, '204 No Content') + self.assertEqual(result.headers['X-CDN-Management-Url'], + "") + self.assertEqual(result.headers['X-Storage-Url'], "") + self.assertEqual(result.headers['X-Server-Management-Url'], + "http://localhost/v1.1/user1_project") + + def test_authorize_user_trailing_slash(self): + #make sure it works with trailing slash on the request + req = webob.Request.blank('/v1.1/') + req.headers['X-Auth-User'] = 'user1' + req.headers['X-Auth-Key'] = 'user1_key' + req.headers['X-Auth-Project-Id'] = 'user1_project' + result = req.get_response(fakes.wsgi_app(fake_auth=False, + use_no_auth=True)) + self.assertEqual(result.status, '204 No Content') + self.assertEqual(result.headers['X-CDN-Management-Url'], + "") + self.assertEqual(result.headers['X-Storage-Url'], "") + self.assertEqual(result.headers['X-Server-Management-Url'], + "http://localhost/v1.1/user1_project") |