diff options
| author | Prashanth Pai <ppai@redhat.com> | 2016-08-05 11:25:42 +0530 |
|---|---|---|
| committer | Thiago da Silva <thiago@redhat.com> | 2016-09-13 07:00:49 -0700 |
| commit | 83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 (patch) | |
| tree | 468bbedb80a48f3c52dc52487b030a4e9b318b1e /test/unit/common | |
| parent | a324c6e5cdfad77e8f91ec9869deb6b78425807e (diff) | |
Don't include salt in HMAC computation
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.
This is a minimal manual backport of this upstream swauth change:
https://review.openstack.org/#/c/292529/
Change-Id: Ib119522d36359f87579ff8e4ada7331643695634
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/15097
Reviewed-by: Thiago da Silva <thiago@redhat.com>
Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'test/unit/common')
| -rw-r--r-- | test/unit/common/middleware/gswauth/swauth/test_middleware.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py index 2d30082..e8c2001 100644 --- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py +++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py @@ -17,6 +17,7 @@ try: import simplejson as json except ImportError: import json +import hashlib import unittest from contextlib import contextmanager import mock @@ -4857,6 +4858,30 @@ class TestAuth(unittest.TestCase): 'ozNCArMDAwMAovY29udGFpbmVyMw==' self.assertEqual(self.test_auth.get_groups(env, token), None) + def test_s3_only_hash_passed_to_hmac(self): + key = 'dadada' + salt = 'zuck' + key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest() + auth_stored = "sha1:%s$%s" % (salt, key_hash) + self.test_auth.app = FakeApp(iter([ + ('200 Ok', {}, + json.dumps({"auth": auth_stored, + "groups": [{'name': "act:usr"}, {'name': "act"}, + {'name': ".admin"}]})), + ('204 Ok', {'X-Container-Meta-Account-Id': 'AUTH_act'}, '')])) + env = \ + {'HTTP_AUTHORIZATION': 'AWS act:user:whatever', + 'PATH_INFO': '/v1/AUTH_act/c1'} + token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\ + 'ozNCArMDAwMAovY29udGFpbmVyMw==' + mock_hmac_new = mock.MagicMock() + with mock.patch('hmac.new', mock_hmac_new): + self.test_auth.get_groups(env, token) + self.assertTrue(mock_hmac_new.called) + # Assert that string passed to hmac.new is only the hash + self.assertEqual(mock_hmac_new.call_args[0][0], key_hash) + + if __name__ == '__main__': unittest.main() |