Bug #10669
closedRGW swift API: temp url generated using x-account-meta-temp-url key is working even after the expiry time if a valid auth token is passed.
0%
Description
In swift if temp url has expired it wont allow accessing the object even if a valid auth token is passed. But ceph is allowing it.
Steps to reproduce:
1. swift post -H "x-account-meta-temp-url-key: secret"
2. generate temp url using python script https://gist.github.com/theanalyst/c9a81e33d27f8a9bafbc. Use 30s expiry time.
3. curl -i "https://10.20.20.15:80/swift/v1/container/file1?temp_url_sig=085e9b07fa067350b66003f6913798b1ba48b9a2&temp_url_expires=1422448176"
HTTP/1.1 200 OK
Date: Wed, 28 Jan 2015 12:29:15 GMT
Server: Apache/2.4.7 (Ubuntu)
Accept-Ranges: bytes
Last-Modified: Wed, 28 Jan 2015 12:14:54 GMT
etag: 49f68a5c8493ec2c0bf489821c21fc3b
Content-Length: 2
Access-Control-Allow-Origin: *
Content-Type: application/octet-stream
Connection: close
4. wait for temp url to get expired. check time with #date +%s and compare it with temp_url_expires value appended in temp-url.
5. curl -i "https://10.20.20.15:80/swift/v1/container/file1?temp_url_sig=085e9b07fa067350b66003f6913798b1ba48b9a2&temp_url_expires=1422448176" -H "X-Auth-Token: 265f853c5adb4f04bceecc29771d71d1"
HTTP/1.1 200 OK
Date: Wed, 28 Jan 2015 12:41:46 GMT
Server: Apache/2.4.7 (Ubuntu)
Accept-Ranges: bytes
Last-Modified: Wed, 28 Jan 2015 12:14:54 GMT
etag: 49f68a5c8493ec2c0bf489821c21fc3b
Content-Length: 2
Access-Control-Allow-Origin: *
Content-Type: application/octet-stream
Connection: close
In swift the last step will throw error "HTTP/1.1 401 Unauthorized"
curl -i "http://10.0.2.15:8080/v1/AUTH_b2419ea9588d49ddbd8c006b5eb199ff/container/file1?temp_url_sig=da84de9504608cee2217f96e3fab4c5e40922660&temp_url_expires=$expires" -H "x-auth-token: 395ba1f54f98488390c068230dd7a292"
HTTP/1.1 401 Unauthorized
Content-Length: 35
Content-Type: text/html; charset=UTF-8
Www-Authenticate: Swift realm="unknown"
X-Trans-Id: tx0bc56658087f48d483d6c-0054c84d37
Date: Wed, 28 Jan 2015 02:45:11 GMT
401 Unauthorized: Temp URL invalid