summaryrefslogtreecommitdiffstats
path: root/test/unit/common/middleware/gswauth
Commit message (Collapse)AuthorAgeFilesLines
* s3: Make s3 support configurablePrashanth Pai2016-09-181-5/+34
| | | | | | | | | | | | | | | Amazon S3 compatibility: This change makes S3 support tunable using a config option and is turned off by default. This is a manual backport of this upstream swauth change: https://review.openstack.org/#/c/326336/ Change-Id: I106e3274c6d68f4575c1bf1a9013f066e969cb17 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15098 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't include salt in HMAC computationPrashanth Pai2016-09-131-0/+25
| | | | | | | | | | | | | | | Currently, the input to HMAC function is the entire stored credential in the format '<salt>$<hash>` but it should rather be only the hashed key/password. This is a minimal manual backport of this upstream swauth change: https://review.openstack.org/#/c/292529/ Change-Id: Ib119522d36359f87579ff8e4ada7331643695634 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/15097 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix changing of auth_type in existing deploymentsPrashanth Pai2016-03-181-1/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes does two things: * Adds Sha512 as a supported auth_type. * Fixes breakage when auth_type is changed in existing deployments. If an existing gswauth deployment changes `auth_type` in conf file to a different one (for example: sha1 to sha512), all attempts to authorize existing/old users will fail because of change in encoder type. With this change, the credentials match is done using an encoder with which the password was initially encoded. This allows gswauth deployments to change auth_type and old users will still be able to authorize. A note on auth_type_salt: There's still a distinction between how salt is managed in gswauth and swauth: swauth will use a random salt if a salt is not set in conf file where as gswauth will default to 'gswauthsalt' if a salt is not set in conf file. This distinction is to ensure backward compatibility. This change is derived from following upstream changes in swauth repo: e14a7b3df86969d478090b314d9660b6d835afa7 https://review.openstack.org/#/c/285195/ https://review.openstack.org/#/c/285292/ Change-Id: I9a43adc4964d8e9f9f1faf73063a6dc1cd8ff354 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13654 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Don't pass unicode to hmac.new()Prashanth Pai2016-03-151-0/+14
| | | | | | | | | | | | | This issue can be hit when swift3 middleware is in the pipeline. This change is a backport of the following swauth change: https://review.openstack.org/#/c/282191/ Change-Id: I323d3eeaf39e2019f8f8910bc53904ac94208ed2 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13641 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Use correct content type on JSON responsesPrashanth Pai2016-03-111-0/+23
| | | | | | | | | | | | | | | | | Currently, in cases where swauth returns a JSON document as its body, it does not specify a content type, and swob defaults it to text/html. This change uses a standard content type of 'application/json' in each of these instances, and adjusts the tests accordingly. This is ported from following commit in swauth repo: 556aa156979741292bde78425f413f9dee639b4f Change-Id: Ib61370ba10b5e0364c2aed6321388715a6710355 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/13521 Reviewed-by: Thiago da Silva <thiago@redhat.com> Tested-by: Thiago da Silva <thiago@redhat.com>
* Fix bug where admin is able to delete reseller_adminThiago da Silva2014-01-101-8/+152
| | | | | | | | | | | | | | | | | Changed the code to only allow the super_admin to delete a reseller_admin. This follows the same logic of user creation, where only the super_admin can create a reseller_admin. Also, took the opportunity to refactor some code and implemented get_user_detail method to remove duplicated code Bug 1260239: https://bugs.launchpad.net/gluster-swift/+bug/1260239 Change-Id: I9e4866cd7ad08698f427846be566ab2364ad4850 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6516 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Fix users not able to change their own password/keyPrashanth Pai2014-01-071-9/+162
| | | | | | | | | | | | | | | | | | | | | | | Users were not able to update their own password/key with the update operation resulting in 403 (HTTPForbidden). EXAMPLES: Command to update password/key of regular user: gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass Command to update password/key of account admin: gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass Command to update password/key of reseller_admin: gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227 Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6650 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* gswauth: Fix 403 being returned instead of 401Prashanth Pai2013-12-181-14/+14
| | | | | | | | | | | | | | | | | | | | - 401(Unauthorized) is to be returned when user credentials are wrong where as 403(Forbidden) is to be returned when user credentials are correct but the user doesn't have the priveleges to carry out the operation. - Also error messages displayed when using swauth-* command line utilities have been updated. Change-Id: I485786896ad14d3263f4325d1857cacc93adab96 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6336 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6447 Reviewed-by: Thiago Da Silva <thiago@redhat.com> Tested-by: Thiago Da Silva <thiago@redhat.com>
* fix issue with swauth-clean-token returning 403 errorsThiago da Silva2013-12-051-2/+6
| | | | | | | | | | | | | | | The issue was due to missing a necessary change that was made when changing the auth account name from .auth to metadata volume. the auth account has a group of the same name, so the .auth account also had a .auth group, so we needed to change that too to the metadata volume (e.g., gsmetadata) Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6416 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* fix error with swauth-clean-tokensThiago da Silva2013-11-191-0/+34
| | | | | | | | | | | | Error is caused by left-over code from swauth. It had hard-coded the auth account to .auth. Changed code to use volume specified in the config file Change-Id: Id00eb3964b6b26a84511e4753ab80b2dea5654da Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6280 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* make gluster volume name configurableThiago da Silva2013-11-051-0/+14
| | | | | | | | | | | | changed code to look at configuration file for the metadata gluster volume name. The default is still gsmetadata Change-Id: I9bf74b9566ea1c9716c42f7ced0f999e02824868 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6225 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* first gswauth functional testsThiago da Silva2013-10-301-13/+13
| | | | | | | | | | | | | | | | commiting first gswauth functional tests. Currently there are two tests, to create account and to create an user. Each test is self contained in that it goes through the process of creating and deleting accounts and users as needed. More tests will be added shortly. Change-Id: I26d577790aed8c79c9de11f224516423e9769962 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6188 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* applied changes made by Luis Pabon to support gluster-swiftThiago da Silva2013-10-241-104/+8
| | | | | | | | | | | | | The current changes support only one account per volume The next changes will be made to add support for multiple accounts Also modified unit tests that were failing after code changes. Original changes were made here: https://github.com/lpabon/swauth/tree/gluster-swift Change-Id: I5577d7dc042fc22de8625c8bdf30329cc3338cb9 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6107 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* moving existing swauth unit testsThiago da Silva2013-10-174-0/+4583
moving existing swauth unit tests to gluster-swift unit tests location Change-Id: I3445b7ef1a1abe584854f2b04ffc9949b3346814 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6106 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-15 02:18:38 +0000