dev auth has no security
Bug #634349 reported by
Mike Barton
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Object Storage (swift) |
Fix Released
|
High
|
gholt | ||
Bug Description
The dev auth server currently has no security. It should require a username and password to make changes.
Possibly this could use basic auth, but that may depend on what's possible in the server and utility clients.
Probably admin users should be able to create/modify users on their account, and some sort of super-admin should be required to create new accounts.
Related branches
lp:~gholt/swift/authlock
- Chuck Thier (community): Approve
-
Diff: 1818 lines (+810/-240)16 files modifiedbin/swift-auth-add-user (+15/-1)
bin/swift-auth-recreate-accounts (+20/-8)
doc/source/development_auth.rst (+7/-4)
doc/source/development_saio.rst (+8/-4)
doc/source/howto_cyberduck.rst (+27/-10)
etc/auth-server.conf-sample (+2/-0)
swift/auth/server.py (+127/-81)
swift/common/constraints.py (+2/-0)
swift/common/middleware/auth.py (+8/-3)
swift/proxy/server.py (+56/-4)
test/functional/swift.py (+1/-1)
test/functional/tests.py (+1/-1)
test/probe/common.py (+14/-2)
test/unit/auth/test_server.py (+403/-79)
test/unit/common/middleware/test_auth.py (+31/-0)
test/unit/proxy/test_server.py (+88/-42)
| Changed in swift: | |
| assignee: | nobody → gholt (gholt) |
| Changed in swift: | |
| status: | New → In Progress |
| Changed in swift: | |
| status: | In Progress → Fix Committed |
| Changed in swift: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
