deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfoj...@redhat.com
Subject [PATCH core] CIMI: Added checking for CIMI version request header
Date Tue, 28 Aug 2012 08:41:17 GMT
From: Michal Fojtik <mfojtik@redhat.com>

* If the CIMI-Specification-Version header is present in request
  headers and does not match the CIMI version server is running
  return an 403 error. Note this check is ignored when no such
  request header is specified.

Signed-off-by: Michal fojtik <mfojtik@redhat.com>
---
 server/lib/cimi/helpers.rb                              |    4 ++++
 server/tests/cimi/collections/cloud_entry_point_test.rb |    9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/server/lib/cimi/helpers.rb b/server/lib/cimi/helpers.rb
index 2dba3be..8547eaa 100644
--- a/server/lib/cimi/helpers.rb
+++ b/server/lib/cimi/helpers.rb
@@ -83,6 +83,10 @@ module CIMI::Collections
     before do
       # Respond with 400, If we don't get a http Host header,
       halt 400, "Unable to find HTTP Host header" if @env['HTTP_HOST'] == nil
+      if !request.env['HTTP_CIMI_SPECIFICATION_VERSION'].nil? and
+        request.env['HTTP_CIMI_SPECIFICATION_VERSION'] != Deltacloud[:cimi].version
+        halt 403, "Unknown CIMI version requested."
+      end
     end
 
     after do
diff --git a/server/tests/cimi/collections/cloud_entry_point_test.rb b/server/tests/cimi/collections/cloud_entry_point_test.rb
index ba9764b..f28f323 100644
--- a/server/tests/cimi/collections/cloud_entry_point_test.rb
+++ b/server/tests/cimi/collections/cloud_entry_point_test.rb
@@ -21,6 +21,15 @@ describe CIMI::Collections::CloudEntryPoint do
     headers['CIMI-Specification-Version'].must_equal '1.0.0'
   end
 
+  it 'refuse unknown CIMI version in request header' do
+    header 'CIMI-Specification-Version', '0.0.0'
+    get root_url + '/cloudEntryPoint'
+    status.must_equal 403
+    header 'CIMI-Specification-Version', '1.0.0'
+    get root_url + '/cloudEntryPoint'
+    status.must_equal 200
+  end
+
   it 'advertise CIMI collections in XML format' do
     get root_url + '/cloudEntryPoint'
     xml.root.name.must_equal 'CloudEntryPoint'
-- 
1.7.10.2


Mime
View raw message