diff --git a/nova/console/websocketproxy.py b/nova/console/websocketproxy.py index de4f09f3ca1..57fb20a4133 100644 --- a/nova/console/websocketproxy.py +++ b/nova/console/websocketproxy.py @@ -86,7 +86,7 @@ def new_websocket_client(self): # NoVNC uses it's own convention that forward token # from the request to a cookie header, we should check # also for this behavior - hcookie = self.headers.getheader('cookie') + hcookie = self.headers.get('cookie') if hcookie: cookie = Cookie.SimpleCookie() for hcookie_part in hcookie.split(';'): @@ -109,7 +109,7 @@ def new_websocket_client(self): raise exception.InvalidToken(token=token) # Verify Origin - expected_origin_hostname = self.headers.getheader('Host') + expected_origin_hostname = self.headers.get('Host') if ':' in expected_origin_hostname: e = expected_origin_hostname if '[' in e and ']' in e: @@ -118,7 +118,7 @@ def new_websocket_client(self): expected_origin_hostname = e.split(':')[0] expected_origin_hostnames = CONF.console.allowed_origins expected_origin_hostnames.append(expected_origin_hostname) - origin_url = self.headers.getheader('Origin') + origin_url = self.headers.get('Origin') # missing origin header indicates non-browser client which is OK if origin_url is not None: origin = urlparse.urlparse(origin_url) diff --git a/nova/tests/unit/console/test_websocketproxy.py b/nova/tests/unit/console/test_websocketproxy.py index ad96fe89921..f978cc3f0ed 100644 --- a/nova/tests/unit/console/test_websocketproxy.py +++ b/nova/tests/unit/console/test_websocketproxy.py @@ -36,95 +36,58 @@ def setUp(self): self.wh.do_proxy = mock.MagicMock() self.wh.headers = mock.MagicMock() - def _fake_getheader(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return 'https://example.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_ipv6(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return 'https://[2001:db8::1]:6080' - elif header == 'Host': - return '[2001:db8::1]:6080' - else: - return - - def _fake_getheader_bad_token(self, header): - if header == 'cookie': - return 'token="XXX"' - elif header == 'Origin': - return 'https://example.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_bad_origin(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return 'https://bad-origin-example.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_allowed_origin(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return 'https://allowed-origin-example-2.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_blank_origin(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return '' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_no_origin(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return None - elif header == 'Host': - return 'any-example.net:6080' - else: - return - - def _fake_getheader_http(self, header): - if header == 'cookie': - return 'token="123-456-789"' - elif header == 'Origin': - return 'http://example.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return - - def _fake_getheader_malformed_cookie(self, header): - if header == 'cookie': - return '?=!; token="123-456-789"' - elif header == 'Origin': - return 'https://example.net:6080' - elif header == 'Host': - return 'example.net:6080' - else: - return + fake_header = { + 'cookie': 'token="123-456-789"', + 'Origin': 'https://example.net:6080', + 'Host': 'example.net:6080', + } + + fake_header_ipv6 = { + 'cookie': 'token="123-456-789"', + 'Origin': 'https://[2001:db8::1]:6080', + 'Host': '[2001:db8::1]:6080', + } + + fake_header_bad_token = { + 'cookie': 'token="XXX"', + 'Origin': 'https://example.net:6080', + 'Host': 'example.net:6080', + } + + fake_header_bad_origin = { + 'cookie': 'token="123-456-789"', + 'Origin': 'https://bad-origin-example.net:6080', + 'Host': 'example.net:6080', + } + + fake_header_allowed_origin = { + 'cookie': 'token="123-456-789"', + 'Origin': 'https://allowed-origin-example-2.net:6080', + 'Host': 'example.net:6080', + } + + fake_header_blank_origin = { + 'cookie': 'token="123-456-789"', + 'Origin': '', + 'Host': 'example.net:6080', + } + + fake_header_no_origin = { + 'cookie': 'token="123-456-789"', + 'Host': 'example.net:6080', + } + + fake_header_http = { + 'cookie': 'token="123-456-789"', + 'Origin': 'http://example.net:6080', + 'Host': 'example.net:6080', + } + + fake_header_malformed_cookie = { + 'cookie': '?=!; token="123-456-789"', + 'Origin': 'https://example.net:6080', + 'Host': 'example.net:6080', + } @mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token') def test_new_websocket_client(self, check_token): @@ -136,7 +99,7 @@ def test_new_websocket_client(self, check_token): } self.wh.socket.return_value = '' self.wh.path = "http://127.0.0.1/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.wh.new_websocket_client() @@ -154,7 +117,7 @@ def test_new_websocket_client_ipv6_url(self, check_token): } self.wh.socket.return_value = '' self.wh.path = "http://[2001:db8::1]/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader_ipv6 + self.wh.headers = self.fake_header_ipv6 self.wh.new_websocket_client() @@ -167,7 +130,7 @@ def test_new_websocket_client_token_invalid(self, check_token): check_token.return_value = False self.wh.path = "http://127.0.0.1/?token=XXX" - self.wh.headers.getheader = self._fake_getheader_bad_token + self.wh.headers = self.fake_header_bad_token self.assertRaises(exception.InvalidToken, self.wh.new_websocket_client) @@ -188,7 +151,7 @@ def test_new_websocket_client_internal_access_path(self, check_token): self.wh.socket.return_value = tsock self.wh.path = "http://127.0.0.1/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.wh.new_websocket_client() @@ -211,7 +174,7 @@ def test_new_websocket_client_internal_access_path_err(self, check_token): self.wh.socket.return_value = tsock self.wh.path = "http://127.0.0.1/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.assertRaises(exception.InvalidConnectionInfo, self.wh.new_websocket_client) @@ -230,7 +193,7 @@ def test_new_websocket_client_py273_good_scheme( } self.wh.socket.return_value = '' self.wh.path = "http://127.0.0.1/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.wh.new_websocket_client() @@ -250,7 +213,7 @@ def test_new_websocket_client_py273_special_scheme( } self.wh.socket.return_value = '' self.wh.path = "ws://127.0.0.1/?token=123-456-789" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.assertRaises(exception.NovaException, self.wh.new_websocket_client) @@ -281,7 +244,7 @@ def test_new_websocket_client_novnc_bad_origin_header(self, check_token): } self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader_bad_origin + self.wh.headers = self.fake_header_bad_origin self.assertRaises(exception.ValidationError, self.wh.new_websocket_client) @@ -297,7 +260,7 @@ def test_new_websocket_client_novnc_allowed_origin_header(self, } self.wh.socket.return_value = '' self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader_allowed_origin + self.wh.headers = self.fake_header_allowed_origin self.wh.new_websocket_client() @@ -314,7 +277,7 @@ def test_new_websocket_client_novnc_blank_origin_header(self, check_token): } self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader_blank_origin + self.wh.headers = self.fake_header_blank_origin self.assertRaises(exception.ValidationError, self.wh.new_websocket_client) @@ -328,7 +291,7 @@ def test_new_websocket_client_novnc_no_origin_header(self, check_token): } self.wh.socket.return_value = '' self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader_no_origin + self.wh.headers = self.fake_header_no_origin self.wh.new_websocket_client() @@ -347,7 +310,7 @@ def test_new_websocket_client_novnc_https_origin_proto_http(self, } self.wh.path = "https://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.assertRaises(exception.ValidationError, self.wh.new_websocket_client) @@ -363,7 +326,7 @@ def test_new_websocket_client_novnc_https_origin_proto_ws(self, } self.wh.path = "https://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.assertRaises(exception.ValidationError, self.wh.new_websocket_client) @@ -377,7 +340,7 @@ def test_new_websocket_client_novnc_bad_console_type(self, check_token): } self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader + self.wh.headers = self.fake_header self.assertRaises(exception.ValidationError, self.wh.new_websocket_client) @@ -392,7 +355,7 @@ def test_malformed_cookie(self, check_token): } self.wh.socket.return_value = '' self.wh.path = "http://127.0.0.1/" - self.wh.headers.getheader = self._fake_getheader_malformed_cookie + self.wh.headers = self.fake_header_malformed_cookie self.wh.new_websocket_client()