Commit b79d9e32 authored by Jérome Perrin's avatar Jérome Perrin

software/dufs: version up dufs 0.34.1

Also switch to basic authentication, this is generally more supported
than digest; keeweb for example only supports basic authentication. It
seems less secure though ( https://github.com/sigoden/dufs/issues/228 )
parent 9b02b5f0
......@@ -15,4 +15,4 @@
[instance.cfg.in]
filename = instance.cfg.in
md5sum = 0cb3cbac5479581985e5446078217686
md5sum = 9ed5d03f4f0cdc022f28b39e8ff1323e
......@@ -143,8 +143,9 @@ command-line =
--bind ${:ip}
--port ${:port}
--allow-all
--auth /@${admin-password:user}:${admin-password:passwd}
--auth /pub@${admin-password:user}:${admin-password:passwd}@*
--auth-method basic
--auth ${admin-password:user}:${admin-password:passwd}@/:rw
--auth @/pub
--tls-cert ${dufs-certificate:cert-file}
--tls-key ${dufs-certificate:key-file}
${directory:dufs-data-dir}
......
......@@ -14,8 +14,8 @@ parts =
[dufs]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.31.0.tar.gz
md5sum = 4340e59915605e30dcdb70aa9eb06acb
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.34.1.tar.gz
md5sum = 77cbb2523aca8dad90fd77ee0277704f
configure-command = :
make-binary = cargo install --root=%(location)s --path .
make-targets =
......
......@@ -67,38 +67,50 @@ class TestFileServer(SlapOSInstanceTestCase):
)
self.assertEqual(resp.status_code, requests.codes.ok)
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '..'),
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
with open(os.path.join(self.computer_partition_root_path, 'srv', 'www', 'secret.txt'), 'w'):
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '../secret.txt'),
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '../not-exist.txt'),
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
def test_upload_file_refused_without_digest_auth(self):
# index is allowed on / but it only shows /pub/
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '..'),
verify=self.ca_cert,
)
self.assertIn('pub', resp.text)
self.assertNotIn('secret', resp.text)
self.assertEqual(resp.status_code, requests.codes.ok)
def test_upload_file_refused_without_auth(self):
parsed_upload_url = urllib.parse.urlparse(self.connection_parameters['upload-url'])
# upload-url has username:password, remove it
self.assertTrue(parsed_upload_url.password)
upload_url = parsed_upload_url._replace(
netloc=f'[{parsed_upload_url.hostname}]:{parsed_upload_url.port}').geturl()
resp = requests.put(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'),
urllib.parse.urljoin(upload_url, 'hello.txt'),
data=io.BytesIO(b'hello'),
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
def test_upload_file(self):
parsed_url = urllib.parse.urlparse(self.connection_parameters['upload-url'])
auth = requests.auth.HTTPDigestAuth(
parsed_url.username,
parsed_url.password,
)
resp = requests.put(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'),
data=io.BytesIO(b'hello'),
auth=auth,
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.created)
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'),
auth=auth,
verify=self.ca_cert,
)
self.assertEqual(resp.text, 'hello')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment