diff options
author | Jon Snitow <otherjon@swiftstack.com> | 2013-07-24 15:58:55 -0700 |
---|---|---|
committer | Jon Snitow <otherjon@swiftstack.com> | 2013-07-24 16:11:03 -0700 |
commit | eb0629fc8210cc8bb4275d70408dddab67f667f7 (patch) | |
tree | 3eb7b2c95af0144d25d6f169ef0508459776c973 | |
parent | d1eeab9560f23b2b8c080f182b0e0c104f31d877 (diff) | |
download | swift-eb0629fc8210cc8bb4275d70408dddab67f667f7.tar.gz |
Make sure users can't remove their account quotas
Protect X-Remove-Account-Meta-Quota-Bytes same as X-Account-Meta-Quota-Bytes
Fixes bug 1204110
Change-Id: Ibac5b555f50b1fe41b2999c0d5776d90f9c9f3d1
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | swift/common/middleware/account_quotas.py | 3 | ||||
-rw-r--r-- | test/unit/common/middleware/test_account_quotas.py | 23 |
3 files changed, 27 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore index a41fb9d6d..7b2c5d450 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ *.py[co] *.sw? +*~ doc/build/* dist build diff --git a/swift/common/middleware/account_quotas.py b/swift/common/middleware/account_quotas.py index ced16d27d..06b0d9aa6 100644 --- a/swift/common/middleware/account_quotas.py +++ b/swift/common/middleware/account_quotas.py @@ -73,6 +73,9 @@ class AccountQuotaMiddleware(object): return self.app new_quota = request.headers.get('X-Account-Meta-Quota-Bytes') + remove_quota = request.headers.get('X-Remove-Account-Meta-Quota-Bytes') + if remove_quota: + new_quota = 0 # X-Remove dominates if both are present if request.environ.get('reseller_request') is True: if new_quota and not new_quota.isdigit(): diff --git a/test/unit/common/middleware/test_account_quotas.py b/test/unit/common/middleware/test_account_quotas.py index 0112a0fc2..c1587d042 100644 --- a/test/unit/common/middleware/test_account_quotas.py +++ b/test/unit/common/middleware/test_account_quotas.py @@ -180,6 +180,17 @@ class TestAccountQuota(unittest.TestCase): res = req.get_response(app) self.assertEquals(res.status_int, 403) + def test_delete_quotas_with_remove_header(self): + headers = [('x-account-bytes-used', '0'), ] + app = account_quotas.AccountQuotaMiddleware(FakeApp(headers)) + cache = FakeCache(None) + req = Request.blank('/v1/a/c', environ={ + 'REQUEST_METHOD': 'POST', + 'swift.cache': cache, + 'HTTP_X_REMOVE_ACCOUNT_META_QUOTA_BYTES': 'True'}) + res = req.get_response(app) + self.assertEquals(res.status_int, 403) + def test_delete_quotas_reseller(self): headers = [('x-account-bytes-used', '0'), ] app = account_quotas.AccountQuotaMiddleware(FakeApp(headers)) @@ -190,6 +201,18 @@ class TestAccountQuota(unittest.TestCase): res = req.get_response(app) self.assertEquals(res.status_int, 200) + def test_delete_quotas_with_remove_header_reseller(self): + headers = [('x-account-bytes-used', '0'), ] + app = account_quotas.AccountQuotaMiddleware(FakeApp(headers)) + cache = FakeCache(None) + req = Request.blank('/v1/a/c', environ={ + 'REQUEST_METHOD': 'POST', + 'swift.cache': cache, + 'HTTP_X_REMOVE_ACCOUNT_META_QUOTA_BYTES': 'True', + 'reseller_request': True}) + res = req.get_response(app) + self.assertEquals(res.status_int, 200) + def test_invalid_request_exception(self): headers = [('x-account-bytes-used', '1000'), ] app = account_quotas.AccountQuotaMiddleware(FakeApp(headers)) |