From 4962b88f8bf40d839863ca39ede6de7aef3a4992 Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Thu, 12 Jan 2023 17:13:03 +0000 Subject: tests/s3/website.rs: Added website hosting authorization check tests. --- src/garage/tests/s3/website.rs | 136 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) (limited to 'src/garage/tests/s3') diff --git a/src/garage/tests/s3/website.rs b/src/garage/tests/s3/website.rs index 244a2fa0..f57e31ee 100644 --- a/src/garage/tests/s3/website.rs +++ b/src/garage/tests/s3/website.rs @@ -1,5 +1,8 @@ use crate::common; use crate::common::ext::*; +use crate::k2v::json_body; + +use assert_json_diff::assert_json_eq; use aws_sdk_s3::{ model::{CorsConfiguration, CorsRule, ErrorDocument, IndexDocument, WebsiteConfiguration}, types::ByteStream, @@ -9,6 +12,7 @@ use hyper::{ body::{to_bytes, Body}, Client, }; +use serde_json::json; const BODY: &[u8; 16] = b"

bonjour

"; const BODY_ERR: &[u8; 6] = b"erreur"; @@ -49,6 +53,28 @@ async fn test_website() { BODY.as_ref() ); /* check that we do not leak body */ + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .header("domain", format!("{}", BCKT_NAME)) + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "InvalidRequest", + "message": "Bad request: Bucket is not authorized for website hosting", + "region": "garage-integ-test", + "path": "/check", + }) + ); + ctx.garage .command() .args(["bucket", "website", "--allow", BCKT_NAME]) @@ -62,6 +88,22 @@ async fn test_website() { BODY.as_ref() ); + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .header("domain", format!("{}", BCKT_NAME)) + .body(Body::empty()) + .unwrap() + }; + + let mut admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::OK); + assert_eq!( + to_bytes(admin_resp.body_mut()).await.unwrap().as_ref(), + b"Bucket authorized for website hosting" + ); + ctx.garage .command() .args(["bucket", "website", "--deny", BCKT_NAME]) @@ -74,6 +116,28 @@ async fn test_website() { to_bytes(resp.body_mut()).await.unwrap().as_ref(), BODY.as_ref() ); /* check that we do not leak body */ + + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .header("domain", format!("{}", BCKT_NAME)) + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "InvalidRequest", + "message": "Bad request: Bucket is not authorized for website hosting", + "region": "garage-integ-test", + "path": "/check", + }) + ); } #[tokio::test] @@ -322,3 +386,75 @@ async fn test_website_s3_api() { ); } } + +#[tokio::test] +async fn test_website_check_website_enabled() { + let ctx = common::context(); + + let client = Client::new(); + + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "InvalidRequest", + "message": "Bad request: No domain header found", + "region": "garage-integ-test", + "path": "/check", + }) + ); + + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .header("domain", "foobar") + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "NoSuchBucket", + "message": "Bucket not found: foobar", + "region": "garage-integ-test", + "path": "/check", + }) + ); + + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) + .header("domain", "☹") + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "InvalidRequest", + "message": "Bad request: Invalid characters found in domain header: failed to convert header to a str", + "region": "garage-integ-test", + "path": "/check", + }) + ); +} -- cgit v1.2.3 From 3113f6b5f2a688a3f7c4f933774866f48618f7d1 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Thu, 26 Jan 2023 17:14:17 +0100 Subject: more fixes --- src/garage/tests/s3/website.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/garage/tests/s3') diff --git a/src/garage/tests/s3/website.rs b/src/garage/tests/s3/website.rs index f57e31ee..4e136e1b 100644 --- a/src/garage/tests/s3/website.rs +++ b/src/garage/tests/s3/website.rs @@ -57,7 +57,7 @@ async fn test_website() { Request::builder() .method("GET") .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", format!("{}", BCKT_NAME)) + .header("domain", BCKT_NAME.to_string()) .body(Body::empty()) .unwrap() }; @@ -92,7 +92,7 @@ async fn test_website() { Request::builder() .method("GET") .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", format!("{}", BCKT_NAME)) + .header("domain", BCKT_NAME.to_string()) .body(Body::empty()) .unwrap() }; @@ -121,7 +121,7 @@ async fn test_website() { Request::builder() .method("GET") .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", format!("{}", BCKT_NAME)) + .header("domain", BCKT_NAME.to_string()) .body(Body::empty()) .unwrap() }; -- cgit v1.2.3 From 004bb5b4f1b2086914376265425fd46df5059db3 Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Sun, 29 Jan 2023 01:16:04 +0000 Subject: api_server.rs: Adapted to use query string per Caddy upstream change. --- src/garage/tests/s3/website.rs | 65 +++++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 14 deletions(-) (limited to 'src/garage/tests/s3') diff --git a/src/garage/tests/s3/website.rs b/src/garage/tests/s3/website.rs index 4e136e1b..7579058d 100644 --- a/src/garage/tests/s3/website.rs +++ b/src/garage/tests/s3/website.rs @@ -56,8 +56,11 @@ async fn test_website() { let admin_req = || { Request::builder() .method("GET") - .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", BCKT_NAME.to_string()) + .uri(format!( + "http://127.0.0.1:{0}/check?domain={1}", + ctx.garage.admin_port, + BCKT_NAME.to_string() + )) .body(Body::empty()) .unwrap() }; @@ -91,8 +94,11 @@ async fn test_website() { let admin_req = || { Request::builder() .method("GET") - .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", BCKT_NAME.to_string()) + .uri(format!( + "http://127.0.0.1:{0}/check?domain={1}", + ctx.garage.admin_port, + BCKT_NAME.to_string() + )) .body(Body::empty()) .unwrap() }; @@ -120,8 +126,11 @@ async fn test_website() { let admin_req = || { Request::builder() .method("GET") - .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", BCKT_NAME.to_string()) + .uri(format!( + "http://127.0.0.1:{0}/check?domain={1}", + ctx.garage.admin_port, + BCKT_NAME.to_string() + )) .body(Body::empty()) .unwrap() }; @@ -408,7 +417,7 @@ async fn test_website_check_website_enabled() { res_body, json!({ "code": "InvalidRequest", - "message": "Bad request: No domain header found", + "message": "Bad request: No domain query string found", "region": "garage-integ-test", "path": "/check", }) @@ -417,8 +426,34 @@ async fn test_website_check_website_enabled() { let admin_req = || { Request::builder() .method("GET") - .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", "foobar") + .uri(format!( + "http://127.0.0.1:{}/check?domain=", + ctx.garage.admin_port + )) + .body(Body::empty()) + .unwrap() + }; + + let admin_resp = client.request(admin_req()).await.unwrap(); + assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND); + let res_body = json_body(admin_resp).await; + assert_json_eq!( + res_body, + json!({ + "code": "NoSuchBucket", + "message": "Bucket not found: ", + "region": "garage-integ-test", + "path": "/check", + }) + ); + + let admin_req = || { + Request::builder() + .method("GET") + .uri(format!( + "http://127.0.0.1:{}/check?domain=foobar", + ctx.garage.admin_port + )) .body(Body::empty()) .unwrap() }; @@ -439,20 +474,22 @@ async fn test_website_check_website_enabled() { let admin_req = || { Request::builder() .method("GET") - .uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port)) - .header("domain", "☹") + .uri(format!( + "http://127.0.0.1:{}/check?domain=%E2%98%B9", + ctx.garage.admin_port + )) .body(Body::empty()) .unwrap() }; let admin_resp = client.request(admin_req()).await.unwrap(); - assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST); + assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND); let res_body = json_body(admin_resp).await; assert_json_eq!( res_body, json!({ - "code": "InvalidRequest", - "message": "Bad request: Invalid characters found in domain header: failed to convert header to a str", + "code": "NoSuchBucket", + "message": "Bucket not found: ☹", "region": "garage-integ-test", "path": "/check", }) -- cgit v1.2.3 From 9c354f0a8ff258872aa3a4b7c116e1d66815afd1 Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Sun, 29 Jan 2023 20:27:15 +0000 Subject: Improved bucket authorization response strings. --- src/garage/tests/s3/website.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/garage/tests/s3') diff --git a/src/garage/tests/s3/website.rs b/src/garage/tests/s3/website.rs index 7579058d..f61838e4 100644 --- a/src/garage/tests/s3/website.rs +++ b/src/garage/tests/s3/website.rs @@ -72,7 +72,7 @@ async fn test_website() { res_body, json!({ "code": "InvalidRequest", - "message": "Bad request: Bucket is not authorized for website hosting", + "message": "Bad request: Bucket 'my-website' is not authorized for website hosting", "region": "garage-integ-test", "path": "/check", }) @@ -107,7 +107,7 @@ async fn test_website() { assert_eq!(admin_resp.status(), StatusCode::OK); assert_eq!( to_bytes(admin_resp.body_mut()).await.unwrap().as_ref(), - b"Bucket authorized for website hosting" + format!("Bucket '{BCKT_NAME}' is authorized for website hosting").as_bytes() ); ctx.garage @@ -142,7 +142,7 @@ async fn test_website() { res_body, json!({ "code": "InvalidRequest", - "message": "Bad request: Bucket is not authorized for website hosting", + "message": "Bad request: Bucket 'my-website' is not authorized for website hosting", "region": "garage-integ-test", "path": "/check", }) -- cgit v1.2.3 From 70b5424b9987ca348a1da97cc1827e2286bbfe4b Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 13 Mar 2023 15:03:54 +0100 Subject: use one key per context to isolate tests --- src/garage/tests/s3/streaming_signature.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/garage/tests/s3') diff --git a/src/garage/tests/s3/streaming_signature.rs b/src/garage/tests/s3/streaming_signature.rs index 48da7607..b7a1acae 100644 --- a/src/garage/tests/s3/streaming_signature.rs +++ b/src/garage/tests/s3/streaming_signature.rs @@ -109,7 +109,7 @@ async fn test_create_bucket_streaming() { ctx.garage .command() .args(["key", "allow"]) - .args(["--create-bucket", &ctx.garage.key.id]) + .args(["--create-bucket", &ctx.key.id]) .quiet() .expect_success_output("Could not allow key to create buckets"); -- cgit v1.2.3