summaryrefslogtreecommitdiffstats
path: root/test/unit
diff options
context:
space:
mode:
authorPrashanth Pai <ppai@redhat.com>2016-08-05 11:25:42 +0530
committerThiago da Silva <thiago@redhat.com>2016-09-13 07:00:49 -0700
commit83c50ae4ebd4d72988a781ec4183f1c62f6a63a4 (patch)
tree468bbedb80a48f3c52dc52487b030a4e9b318b1e /test/unit
parenta324c6e5cdfad77e8f91ec9869deb6b78425807e (diff)
Don't include salt in HMAC computation
Currently, the input to HMAC function is the entire stored credential in the format '<salt>$<hash>` but it should rather be only the hashed key/password. This is a minimal manual backport of this upstream swauth change: https://review.openstack.org/#/c/292529/ Change-Id: Ib119522d36359f87579ff8e4ada7331643695634 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15097 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
Diffstat (limited to 'test/unit')
-rw-r--r--test/unit/common/middleware/gswauth/swauth/test_middleware.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index 2d30082..e8c2001 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -17,6 +17,7 @@ try:
import simplejson as json
except ImportError:
import json
+import hashlib
import unittest
from contextlib import contextmanager
import mock
@@ -4857,6 +4858,30 @@ class TestAuth(unittest.TestCase):
'ozNCArMDAwMAovY29udGFpbmVyMw=='
self.assertEqual(self.test_auth.get_groups(env, token), None)
+ def test_s3_only_hash_passed_to_hmac(self):
+ key = 'dadada'
+ salt = 'zuck'
+ key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest()
+ auth_stored = "sha1:%s$%s" % (salt, key_hash)
+ self.test_auth.app = FakeApp(iter([
+ ('200 Ok', {},
+ json.dumps({"auth": auth_stored,
+ "groups": [{'name': "act:usr"}, {'name': "act"},
+ {'name': ".admin"}]})),
+ ('204 Ok', {'X-Container-Meta-Account-Id': 'AUTH_act'}, '')]))
+ env = \
+ {'HTTP_AUTHORIZATION': 'AWS act:user:whatever',
+ 'PATH_INFO': '/v1/AUTH_act/c1'}
+ token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\
+ 'ozNCArMDAwMAovY29udGFpbmVyMw=='
+ mock_hmac_new = mock.MagicMock()
+ with mock.patch('hmac.new', mock_hmac_new):
+ self.test_auth.get_groups(env, token)
+ self.assertTrue(mock_hmac_new.called)
+ # Assert that string passed to hmac.new is only the hash
+ self.assertEqual(mock_hmac_new.call_args[0][0], key_hash)
+
+
if __name__ == '__main__':
unittest.main()