diff --git a/swift3/middleware.py b/swift3/middleware.py index 7650e187..c236277c 100644 --- a/swift3/middleware.py +++ b/swift3/middleware.py @@ -69,7 +69,8 @@ from swift3.request import Request from swift3.response import HTTPNoContent, HTTPOk, ErrorResponse, \ AccessDenied, BucketAlreadyExists, BucketNotEmpty, EntityTooLarge, \ InternalError, InvalidArgument, InvalidDigest, MalformedACLError, \ - MethodNotAllowed, NoSuchBucket, NoSuchKey, S3NotImplemented + MethodNotAllowed, NoSuchBucket, NoSuchKey, S3NotImplemented, \ + SignatureDoesNotMatch XMLNS_XSI = 'http://www.w3.org/2001/XMLSchema-instance' @@ -231,7 +232,9 @@ class ServiceController(Controller): status = resp.status_int if status != HTTP_OK: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + if status == HTTP_FORBIDDEN: raise AccessDenied() else: raise InternalError() @@ -292,7 +295,9 @@ class BucketController(Controller): status = resp.status_int if status != HTTP_OK: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + if status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -358,7 +363,9 @@ class BucketController(Controller): status = resp.status_int if status != HTTP_CREATED and status != HTTP_NO_CONTENT: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + if status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_ACCEPTED: raise BucketAlreadyExists(req.container_name) @@ -375,7 +382,9 @@ class BucketController(Controller): status = resp.status_int if status != HTTP_NO_CONTENT: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + if status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -406,7 +415,9 @@ class ObjectController(Controller): if is_success(status): return resp - elif status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + elif status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchKey(req.object_name) @@ -433,7 +444,9 @@ class ObjectController(Controller): status = resp.status_int if status != HTTP_CREATED: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -467,7 +480,9 @@ class ObjectController(Controller): status = resp.status_int if status != HTTP_NO_CONTENT: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchKey(req.object_name) @@ -508,7 +523,9 @@ class AclController(Controller): # Method must be GET or the body wont be returned to the caller req.environ['REQUEST_METHOD'] = 'GET' return get_acl(req.access_key, headers) - elif status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + elif status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchKey(req.object_name) @@ -524,7 +541,9 @@ class AclController(Controller): if is_success(status): return get_acl(req.access_key, headers) - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -555,7 +574,9 @@ class AclController(Controller): status = resp.status_int if status != HTTP_ACCEPTED: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() else: raise InternalError() @@ -576,7 +597,9 @@ class LocationController(Controller): status = resp.status_int if status != HTTP_OK: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -608,7 +631,9 @@ class LoggingStatusController(Controller): status = resp.status_int if status != HTTP_OK: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) @@ -770,7 +795,9 @@ class VersioningController(Controller): status = resp.status_int if status != HTTP_OK: - if status in (HTTP_UNAUTHORIZED, HTTP_FORBIDDEN): + if status == HTTP_UNAUTHORIZED: + raise SignatureDoesNotMatch() + elif status == HTTP_FORBIDDEN: raise AccessDenied() elif status == HTTP_NOT_FOUND: raise NoSuchBucket(req.container_name) diff --git a/swift3/test/unit/test_swift3.py b/swift3/test/unit/test_swift3.py index c63af8dc..793b8fba 100644 --- a/swift3/test/unit/test_swift3.py +++ b/swift3/test/unit/test_swift3.py @@ -204,7 +204,7 @@ class TestSwift3(unittest.TestCase): def test_service_GET_error(self): code = self._test_method_error('GET', '', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('GET', '', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') code = self._test_method_error('GET', '', swob.HTTPServerError) @@ -235,7 +235,7 @@ class TestSwift3(unittest.TestCase): def test_bucket_GET_error(self): code = self._test_method_error('GET', '/bucket', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('GET', '/bucket', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') code = self._test_method_error('GET', '/bucket', swob.HTTPNotFound) @@ -339,7 +339,7 @@ class TestSwift3(unittest.TestCase): headers={'Content-Length': '-1'}) self.assertEqual(code, 'InvalidArgument') code = self._test_method_error('PUT', '/bucket', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('PUT', '/bucket', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') code = self._test_method_error('PUT', '/bucket', swob.HTTPAccepted) @@ -357,7 +357,7 @@ class TestSwift3(unittest.TestCase): def test_bucket_DELETE_error(self): code = self._test_method_error('DELETE', '/bucket', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('DELETE', '/bucket', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') code = self._test_method_error('DELETE', '/bucket', swob.HTTPNotFound) @@ -446,7 +446,7 @@ class TestSwift3(unittest.TestCase): def test_object_GET_error(self): code = self._test_method_error('GET', '/bucket/object', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('GET', '/bucket/object', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') @@ -474,7 +474,7 @@ class TestSwift3(unittest.TestCase): def test_object_PUT_error(self): code = self._test_method_error('PUT', '/bucket/object', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('PUT', '/bucket/object', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied') @@ -524,7 +524,7 @@ class TestSwift3(unittest.TestCase): def test_object_DELETE_error(self): code = self._test_method_error('DELETE', '/bucket/object', swob.HTTPUnauthorized) - self.assertEquals(code, 'AccessDenied') + self.assertEquals(code, 'SignatureDoesNotMatch') code = self._test_method_error('DELETE', '/bucket/object', swob.HTTPForbidden) self.assertEquals(code, 'AccessDenied')