From 9a9a9c79e53cafa2feb9acdec3e90383c6eac41d Mon Sep 17 00:00:00 2001 From: Garret Alfert Date: Thu, 2 Jun 2016 13:07:19 +0200 Subject: [PATCH 1/4] Send "Unauthorized" message body with 401 responses (refs #42) --- lib/remote_storage/swift.rb | 6 +++-- spec/swift/app_spec.rb | 46 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/lib/remote_storage/swift.rb b/lib/remote_storage/swift.rb index 66f269a..aa6c3a3 100644 --- a/lib/remote_storage/swift.rb +++ b/lib/remote_storage/swift.rb @@ -24,12 +24,14 @@ module RemoteStorage return true if ["GET", "HEAD"].include?(request_method) && !listing end + server.halt 401, "Unauthorized" if token.empty? + authorizations = redis.smembers("authorizations:#{user}:#{token}") permission = directory_permission(authorizations, directory) - server.halt 401 unless permission + server.halt 401, "Unauthorized" unless permission if ["PUT", "DELETE"].include? request_method - server.halt 401 unless permission == "rw" + server.halt 401, "Unauthorized" unless permission == "rw" end end diff --git a/spec/swift/app_spec.rb b/spec/swift/app_spec.rb index 29e5e4f..fd70aa4 100644 --- a/spec/swift/app_spec.rb +++ b/spec/swift/app_spec.rb @@ -173,6 +173,29 @@ describe "App" do purge_redis end + context "not authorized" do + + describe "with no token" do + it "says it's not authorized" do + delete "/phil/food/aguacate" + + last_response.status.must_equal 401 + last_response.body.must_equal "Unauthorized" + end + end + + describe "with wrong token" do + it "says it's not authorized" do + header "Authorization", "Bearer wrongtoken" + delete "/phil/food/aguacate" + + last_response.status.must_equal 401 + last_response.body.must_equal "Unauthorized" + end + end + + end + context "authorized" do before do redis.sadd "authorizations:phil:amarillo", [":rw"] @@ -248,6 +271,29 @@ describe "App" do purge_redis end + context "not authorized" do + + describe "without token" do + it "says it's not authorized" do + get "/phil/food/" + + last_response.status.must_equal 401 + last_response.body.must_equal "Unauthorized" + end + end + + describe "with wrong token" do + it "says it's not authorized" do + header "Authorization", "Bearer wrongtoken" + get "/phil/food/" + + last_response.status.must_equal 401 + last_response.body.must_equal "Unauthorized" + end + end + + end + context "authorized" do before do From 83d8f29a0404b96010173dc9dc5ad8fac31fbce9 Mon Sep 17 00:00:00 2001 From: Garret Alfert Date: Thu, 2 Jun 2016 13:09:05 +0200 Subject: [PATCH 2/4] Send "Conflict" message body with 409 responses (closes #409) --- lib/remote_storage/swift.rb | 2 +- spec/swift/app_spec.rb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/remote_storage/swift.rb b/lib/remote_storage/swift.rb index aa6c3a3..f1fad41 100644 --- a/lib/remote_storage/swift.rb +++ b/lib/remote_storage/swift.rb @@ -133,7 +133,7 @@ module RemoteStorage def put_data(user, directory, key, data, content_type) server.halt 400 if server.env["HTTP_CONTENT_RANGE"] - server.halt 409 if has_name_collision?(user, directory, key) + server.halt 409, "Conflict" if has_name_collision?(user, directory, key) existing_metadata = redis.hgetall redis_metadata_object_key(user, directory, key) url = url_for_key(user, directory, key) diff --git a/spec/swift/app_spec.rb b/spec/swift/app_spec.rb index fd70aa4..0206d43 100644 --- a/spec/swift/app_spec.rb +++ b/spec/swift/app_spec.rb @@ -134,6 +134,7 @@ describe "App" do end last_response.status.must_equal 409 + last_response.body.must_equal "Conflict" metadata = redis.hgetall "rs:m:phil:food" metadata.must_be_empty From cc91b5c4cdfd6a26214776f39526caede37b143f Mon Sep 17 00:00:00 2001 From: Garret Alfert Date: Thu, 2 Jun 2016 13:18:16 +0200 Subject: [PATCH 3/4] Send "Not Found" message body with 404 responses (refs #42) --- lib/remote_storage/swift.rb | 4 +- spec/swift/app_spec.rb | 77 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 2 deletions(-) diff --git a/lib/remote_storage/swift.rb b/lib/remote_storage/swift.rb index f1fad41..fbab446 100644 --- a/lib/remote_storage/swift.rb +++ b/lib/remote_storage/swift.rb @@ -57,7 +57,7 @@ module RemoteStorage return res.body rescue RestClient::ResourceNotFound - server.halt 404 + server.halt 404, "Not Found" end def get_head_directory_listing(user, directory) @@ -187,7 +187,7 @@ module RemoteStorage server.halt 200 rescue RestClient::ResourceNotFound - server.halt 404 + server.halt 404, "Not Found" end private diff --git a/spec/swift/app_spec.rb b/spec/swift/app_spec.rb index 0206d43..ecb0e4f 100644 --- a/spec/swift/app_spec.rb +++ b/spec/swift/app_spec.rb @@ -263,6 +263,16 @@ describe "App" do redis.smembers("rs:m:phil:/:items").must_be_empty end + + it "returns a 404 when item doesn't exist" do + raises_exception = ->(url, headers) { raise RestClient::ResourceNotFound.new } + RestClient.stub :delete, raises_exception do + delete "/phil/food/steak" + end + + last_response.status.must_equal 404 + last_response.body.must_equal "Not Found" + end end end @@ -313,6 +323,20 @@ describe "App" do end end + describe "data" do + + it "returns a 404 when data doesn't exist" do + raises_exception = ->(url, headers) { raise RestClient::ResourceNotFound.new } + RestClient.stub :get, raises_exception do + get "/phil/food/steak" + end + + last_response.status.must_equal 404 + last_response.body.must_equal "Not Found" + end + + end + describe "directory listings" do it "has an ETag in the header" do @@ -364,5 +388,58 @@ describe "App" do end end + + describe "HEAD requests" do + + before do + purge_redis + end + + context "not authorized" do + + describe "without token" do + it "says it's not authorized" do + head "/phil/food/camarones" + + last_response.status.must_equal 401 + last_response.body.must_be_empty + end + end + + describe "with wrong token" do + it "says it's not authorized" do + header "Authorization", "Bearer wrongtoken" + head "/phil/food/camarones" + + last_response.status.must_equal 401 + last_response.body.must_be_empty + end + end + + end + + context "authorized" do + + before do + redis.sadd "authorizations:phil:amarillo", [":rw"] + header "Authorization", "Bearer amarillo" + end + + describe "data" do + it "returns a 404 when data doesn't exist" do + raises_exception = ->(url, headers) { raise RestClient::ResourceNotFound.new } + RestClient.stub :head, raises_exception do + head "/phil/food/steak" + end + + last_response.status.must_equal 404 + last_response.body.must_be_empty + end + end + + end + + end + end From c897959029047409de2d8fea0e8c87eabb64d94a Mon Sep 17 00:00:00 2001 From: Garret Alfert Date: Thu, 2 Jun 2016 18:49:20 +0200 Subject: [PATCH 4/4] Send "Precondition Failed" message body with 412 responses --- lib/remote_storage/swift.rb | 6 +-- spec/swift/app_spec.rb | 96 +++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 3 deletions(-) diff --git a/lib/remote_storage/swift.rb b/lib/remote_storage/swift.rb index fbab446..2593fde 100644 --- a/lib/remote_storage/swift.rb +++ b/lib/remote_storage/swift.rb @@ -139,10 +139,10 @@ module RemoteStorage url = url_for_key(user, directory, key) if required_match = server.env["HTTP_IF_MATCH"] - server.halt 412 unless required_match == %Q("#{existing_metadata["e"]}") + server.halt 412, "Precondition Failed" unless required_match == %Q("#{existing_metadata["e"]}") end if server.env["HTTP_IF_NONE_MATCH"] == "*" - server.halt 412 unless existing_metadata.empty? + server.halt 412, "Precondition Failed" unless existing_metadata.empty? end res = do_put_request(url, data, content_type) @@ -178,7 +178,7 @@ module RemoteStorage existing_metadata = redis.hgetall "rs:m:#{user}:#{directory}/#{key}" if required_match = server.env["HTTP_IF_MATCH"] - server.halt 412 unless required_match == %Q("#{existing_metadata["e"]}") + server.halt 412, "Precondition Failed" unless required_match == %Q("#{existing_metadata["e"]}") end do_delete_request(url) diff --git a/spec/swift/app_spec.rb b/spec/swift/app_spec.rb index ecb0e4f..298ab29 100644 --- a/spec/swift/app_spec.rb +++ b/spec/swift/app_spec.rb @@ -165,7 +165,82 @@ describe "App" do last_response.status.must_equal 400 end end + + describe "If-Match header" do + before do + put_stub = OpenStruct.new(headers: { + etag: "oldetag", + last_modified: "Fri, 04 Mar 2016 12:20:18 GMT" + }) + + RestClient.stub :put, put_stub do + put "/phil/food/aguacate", "si" + end + end + + it "allows the request if the header matches the current ETag" do + header "If-Match", "\"oldetag\"" + + put_stub = OpenStruct.new(headers: { + etag: "newetag", + last_modified: "Fri, 04 Mar 2016 12:20:18 GMT" + }) + + RestClient.stub :put, put_stub do + put "/phil/food/aguacate", "aye" + end + + last_response.status.must_equal 200 + last_response.headers["Etag"].must_equal "\"newetag\"" + end + + it "fails the request if the header does not match the current ETag" do + header "If-Match", "someotheretag" + + put "/phil/food/aguacate", "aye" + + last_response.status.must_equal 412 + last_response.body.must_equal "Precondition Failed" + end + end + + describe "If-None-Match header set to '*'" do + it "succeeds when the document doesn't exist yet" do + put_stub = OpenStruct.new(headers: { + etag: "someetag", + last_modified: "Fri, 04 Mar 2016 12:20:18 GMT" + }) + + header "If-None-Match", "*" + + RestClient.stub :put, put_stub do + put "/phil/food/aguacate", "si" + end + + last_response.status.must_equal 200 + end + + it "fails the request if the document already exsits" do + put_stub = OpenStruct.new(headers: { + etag: "someetag", + last_modified: "Fri, 04 Mar 2016 12:20:18 GMT" + }) + + RestClient.stub :put, put_stub do + put "/phil/food/aguacate", "si" + end + + header "If-None-Match", "*" + RestClient.stub :put, put_stub do + put "/phil/food/aguacate", "si" + end + + last_response.status.must_equal 412 + last_response.body.must_equal "Precondition Failed" + end + end end + end describe "DELETE requests" do @@ -273,6 +348,27 @@ describe "App" do last_response.status.must_equal 404 last_response.body.must_equal "Not Found" end + + describe "If-Match header" do + it "succeeds when the header matches the current ETag" do + header "If-Match", "\"bla\"" + + RestClient.stub :delete, "" do + delete "/phil/food/aguacate" + end + + last_response.status.must_equal 200 + end + + it "fails the request if it does not match the current ETag" do + header "If-Match", "someotheretag" + + delete "/phil/food/aguacate" + + last_response.status.must_equal 412 + last_response.body.must_equal "Precondition Failed" + end + end end end