1 files changed, 34 insertions, 5 deletions

diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index e8c2001..608dba4 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -4836,15 +4836,41 @@ class TestAuth(unittest.TestCase):
             resp.body,
             'Token exceeds maximum length.')
 
-    def test_crazy_authorization(self):
+    def test_s3_authorization_default_off(self):
+        self.assertFalse(self.test_auth.s3_support)
         req = self._make_request('/v1/AUTH_account', headers={
-            'authorization': 'somebody elses header value'})
+            'authorization': 's3_header'})
         resp = req.get_response(self.test_auth)
-        self.assertEquals(resp.status_int, 401)
-        self.assertEquals(resp.environ['swift.authorize'],
-                          self.test_auth.denied_response)
+        self.assertEqual(resp.status_int, 400)  # HTTPBadRequest
+        self.assertTrue(resp.environ.get('swift.authorize') is None)
+
+    def test_s3_turned_off_get_groups(self):
+        env = \
+            {'HTTP_AUTHORIZATION': 's3 header'}
+        token = 'whatever'
+        self.test_auth.logger = mock.Mock()
+        self.assertEqual(self.test_auth.get_groups(env, token), None)
+
+    def test_s3_enabled_when_conditions_are_met(self):
+        # auth_type_salt needs to be set
+        for atype in ('Sha1', 'Sha512'):
+            test_auth = \
+                auth.filter_factory({
+                    'super_admin_key': 'supertest',
+                    's3_support': 'on',
+                    'auth_type_salt': 'blah',
+                    'auth_type': atype})(FakeApp())
+            self.assertTrue(test_auth.s3_support)
+        # auth_type_salt need not be set for Plaintext
+        test_auth = \
+            auth.filter_factory({
+                'super_admin_key': 'supertest',
+                's3_support': 'on',
+                'auth_type': 'Plaintext'})(FakeApp())
+        self.assertTrue(test_auth.s3_support)
 
     def test_s3_creds_unicode(self):
+        self.test_auth.s3_support = True
         self.test_auth.app = FakeApp(iter([
             ('200 Ok', {},
              json.dumps({"auth": unicode("plaintext:key)"),
@@ -4857,8 +4883,10 @@ class TestAuth(unittest.TestCase):
         token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\
                 'ozNCArMDAwMAovY29udGFpbmVyMw=='
         self.assertEqual(self.test_auth.get_groups(env, token), None)
+        self.test_auth.s3_support = False
 
     def test_s3_only_hash_passed_to_hmac(self):
+        self.test_auth.s3_support = True
         key = 'dadada'
         salt = 'zuck'
         key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest()
@@ -4880,6 +4908,7 @@ class TestAuth(unittest.TestCase):
         self.assertTrue(mock_hmac_new.called)
         # Assert that string passed to hmac.new is only the hash
         self.assertEqual(mock_hmac_new.call_args[0][0], key_hash)
+        self.test_auth.s3_support = False