Commit b79d9e32 authored by Jérome Perrin's avatar Jérome Perrin

software/dufs: version up dufs 0.34.1

Also switch to basic authentication, this is generally more supported
than digest; keeweb for example only supports basic authentication. It
seems less secure though ( https://github.com/sigoden/dufs/issues/228 )
parent 9b02b5f0
Pipeline #28427 failed with stage
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[instance.cfg.in] [instance.cfg.in]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 0cb3cbac5479581985e5446078217686 md5sum = 9ed5d03f4f0cdc022f28b39e8ff1323e
...@@ -143,8 +143,9 @@ command-line = ...@@ -143,8 +143,9 @@ command-line =
--bind ${:ip} --bind ${:ip}
--port ${:port} --port ${:port}
--allow-all --allow-all
--auth /@${admin-password:user}:${admin-password:passwd} --auth-method basic
--auth /pub@${admin-password:user}:${admin-password:passwd}@* --auth ${admin-password:user}:${admin-password:passwd}@/:rw
--auth @/pub
--tls-cert ${dufs-certificate:cert-file} --tls-cert ${dufs-certificate:cert-file}
--tls-key ${dufs-certificate:key-file} --tls-key ${dufs-certificate:key-file}
${directory:dufs-data-dir} ${directory:dufs-data-dir}
......
...@@ -14,8 +14,8 @@ parts = ...@@ -14,8 +14,8 @@ parts =
[dufs] [dufs]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.31.0.tar.gz url = https://github.com/sigoden/dufs/archive/refs/tags/v0.34.1.tar.gz
md5sum = 4340e59915605e30dcdb70aa9eb06acb md5sum = 77cbb2523aca8dad90fd77ee0277704f
configure-command = : configure-command = :
make-binary = cargo install --root=%(location)s --path . make-binary = cargo install --root=%(location)s --path .
make-targets = make-targets =
......
...@@ -67,38 +67,50 @@ class TestFileServer(SlapOSInstanceTestCase): ...@@ -67,38 +67,50 @@ class TestFileServer(SlapOSInstanceTestCase):
) )
self.assertEqual(resp.status_code, requests.codes.ok) self.assertEqual(resp.status_code, requests.codes.ok)
resp = requests.get( with open(os.path.join(self.computer_partition_root_path, 'srv', 'www', 'secret.txt'), 'w'):
urllib.parse.urljoin(self.connection_parameters['public-url'], '..'), resp = requests.get(
verify=self.ca_cert, urllib.parse.urljoin(self.connection_parameters['public-url'], '../secret.txt'),
) verify=self.ca_cert,
self.assertEqual(resp.status_code, requests.codes.unauthorized) )
self.assertEqual(resp.status_code, requests.codes.unauthorized)
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '../not-exist.txt'),
verify=self.ca_cert,
)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
def test_upload_file_refused_without_digest_auth(self): # index is allowed on / but it only shows /pub/
resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['public-url'], '..'),
verify=self.ca_cert,
)
self.assertIn('pub', resp.text)
self.assertNotIn('secret', resp.text)
self.assertEqual(resp.status_code, requests.codes.ok)
def test_upload_file_refused_without_auth(self):
parsed_upload_url = urllib.parse.urlparse(self.connection_parameters['upload-url'])
# upload-url has username:password, remove it
self.assertTrue(parsed_upload_url.password)
upload_url = parsed_upload_url._replace(
netloc=f'[{parsed_upload_url.hostname}]:{parsed_upload_url.port}').geturl()
resp = requests.put( resp = requests.put(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'), urllib.parse.urljoin(upload_url, 'hello.txt'),
data=io.BytesIO(b'hello'), data=io.BytesIO(b'hello'),
verify=self.ca_cert, verify=self.ca_cert,
) )
self.assertEqual(resp.status_code, requests.codes.unauthorized) self.assertEqual(resp.status_code, requests.codes.unauthorized)
def test_upload_file(self): def test_upload_file(self):
parsed_url = urllib.parse.urlparse(self.connection_parameters['upload-url'])
auth = requests.auth.HTTPDigestAuth(
parsed_url.username,
parsed_url.password,
)
resp = requests.put( resp = requests.put(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'), urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'),
data=io.BytesIO(b'hello'), data=io.BytesIO(b'hello'),
auth=auth,
verify=self.ca_cert, verify=self.ca_cert,
) )
self.assertEqual(resp.status_code, requests.codes.created) self.assertEqual(resp.status_code, requests.codes.created)
resp = requests.get( resp = requests.get(
urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'), urllib.parse.urljoin(self.connection_parameters['upload-url'], 'hello.txt'),
auth=auth,
verify=self.ca_cert, verify=self.ca_cert,
) )
self.assertEqual(resp.text, 'hello') self.assertEqual(resp.text, 'hello')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment