swift 2.23.3__py3-none-any.whl → 2.35.0__py3-none-any.whl

swift/common/middleware/tempurl.py

@@ -64,7 +64,7 @@ signature is generated using the HTTP method to allow (``GET``, ``PUT``,
 the full path to the object, and the key set on the account.
 
 The digest algorithm to be used may be configured by the operator. By default,
-HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512 are supported. Check the
+HMAC-SHA256 and HMAC-SHA512 are supported. Check the
 ``tempurl.allowed_digests`` entry in the cluster's capabilities response to
 see which algorithms are supported by your deployment; see
 :doc:`api/discoverability` for more information. On older clusters,
@@ -75,24 +75,25 @@ For example, here is code generating the signature for a ``GET`` for 60
 seconds on ``/v1/AUTH_account/container/object``::
 
     import hmac
-    from hashlib import sha1
+    from hashlib import sha256
     from time import time
     method = 'GET'
     expires = int(time() + 60)
     path = '/v1/AUTH_account/container/object'
     key = 'mykey'
     hmac_body = '%s\n%s\n%s' % (method, expires, path)
-    sig = hmac.new(key, hmac_body, sha1).hexdigest()
+    sig = hmac.new(key, hmac_body, sha256).hexdigest()
 
 Be certain to use the full path, from the ``/v1/`` onward.
 
 Let's say ``sig`` ends up equaling
-``da39a3ee5e6b4b0d3255bfef95601890afd80709`` and ``expires`` ends up
-``1323479485``. Then, for example, the website could provide a link to::
+``732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b`` and
+``expires`` ends up ``1512508563``. Then, for example, the website could
+provide a link to::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563
 
 For longer hashes, a hex encoding becomes unwieldy. Base64 encoding is also
 supported, and indicated by prefixing the signature with ``"<digest name>:"``.
@@ -124,11 +125,11 @@ Supposing that ``sig`` ends up equaling
 You may also use ISO 8601 UTC timestamps with the format
 ``"%Y-%m-%dT%H:%M:%SZ"`` instead of UNIX timestamps in the URL
 (but NOT in the code above for generating the signature!).
-So, the above HMAC-SHA1 URL could also be formulated as::
+So, the above HMAC-SHA246 URL could also be formulated as::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=2011-12-10T01:11:25Z
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=2017-12-05T21:16:03Z
 
 If a prefix-based signature with the prefix ``pre`` is desired, set path to::
 
@@ -140,31 +141,31 @@ a query parameter called ``temp_url_prefix``. So, if ``sig`` and ``expires``
 would end up like above, following URL would be valid::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/pre/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563&
     temp_url_prefix=pre
 
 Another valid URL::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/pre/
     subfolder/another_object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563&
     temp_url_prefix=pre
 
 If you wish to lock down the ip ranges from where the resource can be accessed
 to the ip ``1.2.3.4``::
 
     import hmac
-    from hashlib import sha1
+    from hashlib import sha256
     from time import time
     method = 'GET'
     expires = int(time() + 60)
     path = '/v1/AUTH_account/container/object'
     ip_range = '1.2.3.4'
-    key = 'mykey'
+    key = b'mykey'
     hmac_body = 'ip=%s\n%s\n%s\n%s' % (ip_range, method, expires, path)
-    sig = hmac.new(key, hmac_body, sha1).hexdigest()
+    sig = hmac.new(key, hmac_body.encode('ascii'), sha256).hexdigest()
 
 The generated signature would only be valid from the ip ``1.2.3.4``. The
 middleware detects an ip-based temporary URL by a query parameter called
@@ -172,29 +173,29 @@ middleware detects an ip-based temporary URL by a query parameter called
 above, following URL would be valid::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&
+    temp_url_sig=3f48476acaf5ec272acd8e99f7b5bad96c52ddba53ed27c60613711774a06f0c&
+    temp_url_expires=1648082711&
     temp_url_ip_range=1.2.3.4
 
 Similarly to lock down the ip to a range of ``1.2.3.X`` so starting
 from the ip ``1.2.3.0`` to ``1.2.3.255``::
 
     import hmac
-    from hashlib import sha1
+    from hashlib import sha256
     from time import time
     method = 'GET'
     expires = int(time() + 60)
     path = '/v1/AUTH_account/container/object'
     ip_range = '1.2.3.0/24'
-    key = 'mykey'
+    key = b'mykey'
     hmac_body = 'ip=%s\n%s\n%s\n%s' % (ip_range, method, expires, path)
-    sig = hmac.new(key, hmac_body, sha1).hexdigest()
+    sig = hmac.new(key, hmac_body.encode('ascii'), sha256).hexdigest()
 
 Then the following url would be valid::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&
+    temp_url_sig=6ff81256b8a3ba11d239da51a703b9c06a56ffddeb8caab74ca83af8f73c9c83&
+    temp_url_expires=1648082711&
     temp_url_ip_range=1.2.3.0/24
 
 
@@ -222,16 +223,16 @@ can override this with a filename query parameter. Modifying the
 above example::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&filename=My+Test+File.pdf
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563&filename=My+Test+File.pdf
 
 If you do not want the object to be downloaded, you can cause
 ``Content-Disposition: inline`` to be set on the response by adding the
 ``inline`` parameter to the query string, like so::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&inline
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563&inline
 
 In some cases, the client might not able to present the content of the object,
 but you still want the content able to save to local with the specific
@@ -240,8 +241,8 @@ set on the response by adding the ``inline&filename=...`` parameter to the
 query string, like so::
 
     https://swift-cluster.example.com/v1/AUTH_account/container/object?
-    temp_url_sig=da39a3ee5e6b4b0d3255bfef95601890afd80709&
-    temp_url_expires=1323479485&inline&filename=My+Test+File.pdf
+    temp_url_sig=732fcac368abb10c78a4cbe95c3fab7f311584532bf779abd5074e13cbe8b88b&
+    temp_url_expires=1512508563&inline&filename=My+Test+File.pdf
 
 ---------------------
 Cluster Configuration
@@ -254,7 +255,7 @@ This middleware understands the following configuration settings:
     incoming requests. Names may optionally end with ``*`` to
     indicate a prefix match. ``incoming_allow_headers`` is a
     list of exceptions to these removals.
-    Default: ``x-timestamp``
+    Default: ``x-timestamp x-open-expired``
 
 ``incoming_allow_headers``
     A whitespace-delimited list of the headers allowed as
@@ -288,7 +289,7 @@ This middleware understands the following configuration settings:
     A whitespace delimited list of digest algorithms that are allowed
     to be used when calculating the signature for a temporary URL.
 
-    Default: ``sha1 sha256 sha512``
+    Default: ``sha256 sha512``
 """
 
 __all__ = ['TempURL', 'filter_factory',
@@ -297,25 +298,24 @@ __all__ = ['TempURL', 'filter_factory',
            'DEFAULT_OUTGOING_REMOVE_HEADERS',
            'DEFAULT_OUTGOING_ALLOW_HEADERS']
 
-import binascii
 from calendar import timegm
-import functools
-import hashlib
-import six
 from os.path import basename
 from time import time, strftime, strptime, gmtime
 from ipaddress import ip_address, ip_network
 
-from six.moves.urllib.parse import parse_qs
-from six.moves.urllib.parse import urlencode
+from urllib.parse import parse_qs, urlencode
 
 from swift.proxy.controllers.base import get_account_info, get_container_info
 from swift.common.header_key_dict import HeaderKeyDict
+from swift.common.http import is_success
+from swift.common.digest import get_allowed_digests, \
+    extract_digest_and_algorithm, DEFAULT_ALLOWED_DIGESTS, get_hmac
 from swift.common.swob import header_to_environ_key, HTTPUnauthorized, \
     HTTPBadRequest, wsgi_to_str
-from swift.common.utils import split_path, get_valid_utf8_str, \
-    register_swift_info, get_hmac, streq_const_time, quote, get_logger, \
-    strict_b64decode
+from swift.common.utils import split_path, \
+    streq_const_time, quote, get_logger, close_if_possible
+from swift.common.registry import register_swift_info, register_sensitive_param
+from swift.common.wsgi import WSGIContext
 
 
 DISALLOWED_INCOMING_HEADERS = 'x-object-manifest x-symlink-target'
@@ -324,7 +324,7 @@ DISALLOWED_INCOMING_HEADERS = 'x-object-manifest x-symlink-target'
 #: delimited list of header names and names can optionally end with '*' to
 #: indicate a prefix match. DEFAULT_INCOMING_ALLOW_HEADERS is a list of
 #: exceptions to these removals.
-DEFAULT_INCOMING_REMOVE_HEADERS = 'x-timestamp'
+DEFAULT_INCOMING_REMOVE_HEADERS = 'x-timestamp x-open-expired'
 
 #: Default headers as exceptions to DEFAULT_INCOMING_REMOVE_HEADERS. Simply a
 #: whitespace delimited list of header names and names can optionally end with
@@ -342,9 +342,6 @@ DEFAULT_OUTGOING_REMOVE_HEADERS = 'x-object-meta-*'
 #: '*' to indicate a prefix match.
 DEFAULT_OUTGOING_ALLOW_HEADERS = 'x-object-meta-public-*'
 
-DEFAULT_ALLOWED_DIGESTS = 'sha1 sha256 sha512'
-SUPPORTED_DIGESTS = set(DEFAULT_ALLOWED_DIGESTS.split())
-
 CONTAINER_SCOPE = 'container'
 ACCOUNT_SCOPE = 'account'
 
@@ -362,11 +359,59 @@ def get_tempurl_keys_from_metadata(meta):
       meta = get_account_info(...)['meta']
       keys = get_tempurl_keys_from_metadata(meta)
     """
-    return [(get_valid_utf8_str(value) if six.PY2 else value)
-            for key, value in meta.items()
+    return [value for key, value in meta.items()
             if key.lower() in ('temp-url-key', 'temp-url-key-2')]
 
 
+def normalize_temp_url_expires(value):
+    """
+    Returns the normalized expiration value as an int
+
+    If not None, the value is converted to an int if possible or 0
+    if not, and checked for expiration (returns 0 if expired).
+    """
+    if value is None:
+        return value
+    try:
+        temp_url_expires = int(value)
+    except ValueError:
+        try:
+            temp_url_expires = timegm(strptime(
+                value, EXPIRES_ISO8601_FORMAT))
+        except ValueError:
+            temp_url_expires = 0
+    if temp_url_expires < time():
+        temp_url_expires = 0
+    return temp_url_expires
+
+
+def get_temp_url_info(env):
+    """
+    Returns the provided temporary URL parameters (sig, expires, prefix,
+    temp_url_ip_range), if given and syntactically valid.
+    Either sig, expires or prefix could be None if not provided.
+
+    :param env: The WSGI environment for the request.
+    :returns: (sig, expires, prefix, filename, inline,
+        temp_url_ip_range) as described above.
+    """
+    sig = expires = prefix = ip_range = filename = inline = None
+    qs = parse_qs(env.get('QUERY_STRING', ''), keep_blank_values=True)
+    if 'temp_url_ip_range' in qs:
+        ip_range = qs['temp_url_ip_range'][0]
+    if 'temp_url_sig' in qs:
+        sig = qs['temp_url_sig'][0]
+    if 'temp_url_expires' in qs:
+        expires = qs['temp_url_expires'][0]
+    if 'temp_url_prefix' in qs:
+        prefix = qs['temp_url_prefix'][0]
+    if 'filename' in qs:
+        filename = qs['filename'][0]
+    if 'inline' in qs:
+        inline = True
+    return (sig, expires, prefix, filename, inline, ip_range)
+
+
 def disposition_format(disposition_type, filename):
     # Content-Disposition in HTTP is defined in
     # https://tools.ietf.org/html/rfc6266 and references
@@ -424,11 +469,12 @@ class TempURL(object):
     :param conf: The configuration dict for the middleware.
     """
 
-    def __init__(self, app, conf):
+    def __init__(self, app, conf, logger=None):
         #: The next WSGI application/filter in the paste.deploy pipeline.
         self.app = app
         #: The filter configuration dict.
         self.conf = conf
+        self.logger = logger or get_logger(conf, log_route='tempurl')
 
         self.allowed_digests = conf.get(
             'allowed_digests', DEFAULT_ALLOWED_DIGESTS.split())
@@ -497,36 +543,27 @@ class TempURL(object):
         """
         if env['REQUEST_METHOD'] == 'OPTIONS':
             return self.app(env, start_response)
-        info = self._get_temp_url_info(env)
-        temp_url_sig, temp_url_expires, temp_url_prefix, filename,\
+        info = get_temp_url_info(env)
+        temp_url_sig, client_temp_url_expires, temp_url_prefix, filename, \
             inline_disposition, temp_url_ip_range = info
+        temp_url_expires = normalize_temp_url_expires(client_temp_url_expires)
         if temp_url_sig is None and temp_url_expires is None:
             return self.app(env, start_response)
         if not temp_url_sig or not temp_url_expires:
             return self._invalid(env, start_response)
 
-        if ':' in temp_url_sig:
-            hash_algorithm, temp_url_sig = temp_url_sig.split(':', 1)
-            if ('-' in temp_url_sig or '_' in temp_url_sig) and not (
-                    '+' in temp_url_sig or '/' in temp_url_sig):
-                temp_url_sig = temp_url_sig.replace('-', '+').replace('_', '/')
-            try:
-                temp_url_sig = binascii.hexlify(strict_b64decode(
-                    temp_url_sig + '=='))
-                if not six.PY2:
-                    temp_url_sig = temp_url_sig.decode('ascii')
-            except ValueError:
-                return self._invalid(env, start_response)
-        elif len(temp_url_sig) == 40:
-            hash_algorithm = 'sha1'
-        elif len(temp_url_sig) == 64:
-            hash_algorithm = 'sha256'
-        else:
+        try:
+            hash_algorithm, temp_url_sig = extract_digest_and_algorithm(
+                temp_url_sig)
+        except ValueError:
             return self._invalid(env, start_response)
         if hash_algorithm not in self.allowed_digests:
             return self._invalid(env, start_response)
 
-        account, container, obj = self._get_path_parts(env)
+        account, container, obj = self._get_path_parts(
+            env, allow_container_root=(
+                env['REQUEST_METHOD'] in ('GET', 'HEAD') and
+                temp_url_prefix == ""))
         if not account:
             return self._invalid(env, start_response)
 
@@ -535,8 +572,8 @@ class TempURL(object):
             if client_address is None:
                 return self._invalid(env, start_response)
             try:
-                allowed_ip_ranges = ip_network(six.u(temp_url_ip_range))
-                if ip_address(six.u(client_address)) not in allowed_ip_ranges:
+                allowed_ip_ranges = ip_network(str(temp_url_ip_range))
+                if ip_address(str(client_address)) not in allowed_ip_ranges:
                     return self._invalid(env, start_response)
             except ValueError:
                 return self._invalid(env, start_response)
@@ -574,6 +611,7 @@ class TempURL(object):
                 break
         if not is_valid_hmac:
             return self._invalid(env, start_response)
+        self.logger.increment('tempurl.digests.%s' % hash_algorithm)
         # disallowed headers prevent accidentally allowing upload of a pointer
         # to data that the PUT tempurl would not otherwise allow access for.
         # It should be safe to provide a GET tempurl for data that an
@@ -591,116 +629,102 @@ class TempURL(object):
         env['swift.authorize_override'] = True
         env['REMOTE_USER'] = '.wsgi.tempurl'
         qs = {'temp_url_sig': temp_url_sig,
-              'temp_url_expires': temp_url_expires}
+              'temp_url_expires': client_temp_url_expires}
         if temp_url_prefix is not None:
             qs['temp_url_prefix'] = temp_url_prefix
         if filename:
             qs['filename'] = filename
         env['QUERY_STRING'] = urlencode(qs)
 
-        def _start_response(status, headers, exc_info=None):
-            headers = self._clean_outgoing_headers(headers)
-            if env['REQUEST_METHOD'] in ('GET', 'HEAD') and status[0] == '2':
-                # figure out the right value for content-disposition
-                # 1) use the value from the query string
-                # 2) use the value from the object metadata
-                # 3) use the object name (default)
-                out_headers = []
-                existing_disposition = None
-                for h, v in headers:
-                    if h.lower() != 'content-disposition':
-                        out_headers.append((h, v))
-                    else:
-                        existing_disposition = v
-                if inline_disposition:
-                    if filename:
-                        disposition_value = disposition_format('inline',
-                                                               filename)
-                    else:
-                        disposition_value = 'inline'
-                elif filename:
-                    disposition_value = disposition_format('attachment',
+        ctx = WSGIContext(self.app)
+        app_iter = ctx._app_call(env)
+        ctx._response_headers = self._clean_outgoing_headers(
+            ctx._response_headers)
+        if env['REQUEST_METHOD'] in ('GET', 'HEAD') and \
+                is_success(ctx._get_status_int()):
+            # figure out the right value for content-disposition
+            # 1) use the value from the query string
+            # 2) use the value from the object metadata
+            # 3) use the object name (default)
+            out_headers = []
+            existing_disposition = None
+            content_generator = None
+            for h, v in ctx._response_headers:
+                if h.lower() == 'x-backend-content-generator':
+                    content_generator = v
+
+                if h.lower() != 'content-disposition':
+                    out_headers.append((h, v))
+                else:
+                    existing_disposition = v
+            if content_generator == 'staticweb':
+                inline_disposition = True
+            elif obj == "":
+                # Generally, tempurl requires an object. We carved out an
+                # exception to allow GETs at the container root for the sake
+                # of staticweb, but we can't tell whether we'll have a
+                # staticweb response or not until after we call the app
+                close_if_possible(app_iter)
+                return self._invalid(env, start_response)
+
+            if inline_disposition:
+                if filename:
+                    disposition_value = disposition_format('inline',
                                                            filename)
-                elif existing_disposition:
-                    disposition_value = existing_disposition
                 else:
-                    name = basename(wsgi_to_str(env['PATH_INFO']).rstrip('/'))
-                    disposition_value = disposition_format('attachment',
-                                                           name)
-                # this is probably just paranoia, I couldn't actually get a
-                # newline into existing_disposition
-                value = disposition_value.replace('\n', '%0A')
-                out_headers.append(('Content-Disposition', value))
-
-                # include Expires header for better cache-control
-                out_headers.append(('Expires', strftime(
-                    "%a, %d %b %Y %H:%M:%S GMT",
-                    gmtime(temp_url_expires))))
-                headers = out_headers
-            return start_response(status, headers, exc_info)
-
-        return self.app(env, _start_response)
-
-    def _get_path_parts(self, env):
+                    disposition_value = 'inline'
+            elif filename:
+                disposition_value = disposition_format('attachment',
+                                                       filename)
+            elif existing_disposition:
+                disposition_value = existing_disposition
+            else:
+                name = basename(wsgi_to_str(env['PATH_INFO']).rstrip('/'))
+                disposition_value = disposition_format('attachment',
+                                                       name)
+            # this is probably just paranoia, I couldn't actually get a
+            # newline into existing_disposition
+            value = disposition_value.replace('\n', '%0A')
+            out_headers.append(('Content-Disposition', value))
+
+            # include Expires header for better cache-control
+            out_headers.append(('Expires', strftime(
+                "%a, %d %b %Y %H:%M:%S GMT",
+                gmtime(temp_url_expires))))
+            ctx._response_headers = out_headers
+        start_response(
+            ctx._response_status,
+            ctx._response_headers,
+            ctx._response_exc_info)
+        return app_iter
+
+    def _get_path_parts(self, env, allow_container_root=False):
         """
         Return the account, container and object name for the request,
         if it's an object request and one of the configured methods;
         otherwise, None is returned.
 
+        If it's a container request and allow_root_container is true,
+        the object name returned will be the empty string.
+
         :param env: The WSGI environment for the request.
+        :param allow_container_root: Whether requests to the root of a
+            container should be allowed.
         :returns: (Account str, container str, object str) or
             (None, None, None).
         """
         if env['REQUEST_METHOD'] in self.conf['methods']:
             try:
-                ver, acc, cont, obj = split_path(env['PATH_INFO'], 4, 4, True)
+                ver, acc, cont, obj = split_path(
+                    env['PATH_INFO'], 3 if allow_container_root else 4,
+                    4, True)
             except ValueError:
                 return (None, None, None)
-            if ver == 'v1' and obj.strip('/'):
-                return (wsgi_to_str(acc), wsgi_to_str(cont), wsgi_to_str(obj))
+            if ver == 'v1' and (allow_container_root or obj.strip('/')):
+                return (wsgi_to_str(acc), wsgi_to_str(cont),
+                        wsgi_to_str(obj) if obj else '')
         return (None, None, None)
 
-    def _get_temp_url_info(self, env):
-        """
-        Returns the provided temporary URL parameters (sig, expires, prefix,
-        temp_url_ip_range), if given and syntactically valid.
-        Either sig, expires or prefix could be None if not provided.
-        If provided, expires is also converted to an int if possible or 0
-        if not, and checked for expiration (returns 0 if expired).
-
-        :param env: The WSGI environment for the request.
-        :returns: (sig, expires, prefix, filename, inline,
-            temp_url_ip_range) as described above.
-        """
-        temp_url_sig = temp_url_expires = temp_url_prefix = filename =\
-            inline = None
-        temp_url_ip_range = None
-        qs = parse_qs(env.get('QUERY_STRING', ''), keep_blank_values=True)
-        if 'temp_url_ip_range' in qs:
-            temp_url_ip_range = qs['temp_url_ip_range'][0]
-        if 'temp_url_sig' in qs:
-            temp_url_sig = qs['temp_url_sig'][0]
-        if 'temp_url_expires' in qs:
-            try:
-                temp_url_expires = int(qs['temp_url_expires'][0])
-            except ValueError:
-                try:
-                    temp_url_expires = timegm(strptime(
-                        qs['temp_url_expires'][0],
-                        EXPIRES_ISO8601_FORMAT))
-                except ValueError:
-                    temp_url_expires = 0
-            if temp_url_expires < time():
-                temp_url_expires = 0
-        if 'temp_url_prefix' in qs:
-            temp_url_prefix = qs['temp_url_prefix'][0]
-        if 'filename' in qs:
-            filename = qs['filename'][0]
-        if 'inline' in qs:
-            inline = True
-        return (temp_url_sig, temp_url_expires, temp_url_prefix, filename,
-                inline, temp_url_ip_range)
-
     def _get_keys(self, env):
         """
         Returns the X-[Account|Container]-Meta-Temp-URL-Key[-2] header values
@@ -750,12 +774,10 @@ class TempURL(object):
         if not request_method:
             request_method = env['REQUEST_METHOD']
 
-        digest = functools.partial(hashlib.new, hash_algorithm)
-
         return [
             (get_hmac(
                 request_method, path, expires, key,
-                digest=digest, ip_range=ip_range
+                digest=hash_algorithm, ip_range=ip_range
             ), scope)
             for (key, scope) in scoped_keys]
 
@@ -847,30 +869,26 @@ def filter_factory(global_conf, **local_conf):
     conf = global_conf.copy()
     conf.update(local_conf)
 
+    logger = get_logger(conf, log_route='tempurl')
+
     defaults = {
         'methods': 'GET HEAD PUT POST DELETE',
         'incoming_remove_headers': DEFAULT_INCOMING_REMOVE_HEADERS,
         'incoming_allow_headers': DEFAULT_INCOMING_ALLOW_HEADERS,
         'outgoing_remove_headers': DEFAULT_OUTGOING_REMOVE_HEADERS,
         'outgoing_allow_headers': DEFAULT_OUTGOING_ALLOW_HEADERS,
-        'allowed_digests': DEFAULT_ALLOWED_DIGESTS,
     }
     info_conf = {k: conf.get(k, v).split() for k, v in defaults.items()}
 
-    allowed_digests = set(digest.lower()
-                          for digest in info_conf['allowed_digests'])
-    not_supported = allowed_digests - SUPPORTED_DIGESTS
-    if not_supported:
-        logger = get_logger(conf, log_route='tempurl')
-        logger.warning('The following digest algorithms are configured but '
-                       'not supported: %s', ', '.join(not_supported))
-        allowed_digests -= not_supported
-    if not allowed_digests:
-        raise ValueError('No valid digest algorithms are configured '
-                         'for tempurls')
+    allowed_digests, deprecated_digests = get_allowed_digests(
+        conf.get('allowed_digests', '').split(), logger)
     info_conf['allowed_digests'] = sorted(allowed_digests)
+    if deprecated_digests:
+        info_conf['deprecated_digests'] = sorted(deprecated_digests)
 
     register_swift_info('tempurl', **info_conf)
     conf.update(info_conf)
 
-    return lambda app: TempURL(app, conf)
+    register_sensitive_param('temp_url_sig')
+
+    return lambda app: TempURL(app, conf, logger)

swift/common/middleware/versioned_writes/__init__.py

@@ -0,0 +1,51 @@
+# Copyright (c) 2019 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+Implements middleware for object versioning which comprises an instance of a
+:class:`~swift.common.middleware.versioned_writes.legacy.
+VersionedWritesMiddleware` combined with an instance of an
+:class:`~swift.common.middleware.versioned_writes.object_versioning.
+ObjectVersioningMiddleware`.
+"""
+from swift.common.middleware.versioned_writes. \
+    legacy import CLIENT_VERSIONS_LOC, CLIENT_HISTORY_LOC, \
+    VersionedWritesMiddleware
+from swift.common.middleware.versioned_writes. \
+    object_versioning import ObjectVersioningMiddleware
+
+from swift.common.utils import config_true_value
+from swift.common.registry import register_swift_info, get_swift_info
+
+
+def filter_factory(global_conf, **local_conf):
+    """Provides a factory function for loading versioning middleware."""
+    conf = global_conf.copy()
+    conf.update(local_conf)
+    if config_true_value(conf.get('allow_versioned_writes')):
+        register_swift_info('versioned_writes', allowed_flags=(
+            CLIENT_VERSIONS_LOC, CLIENT_HISTORY_LOC))
+
+    allow_object_versioning = config_true_value(conf.get(
+        'allow_object_versioning'))
+    if allow_object_versioning:
+        register_swift_info('object_versioning')
+
+    def versioning_filter(app):
+        if allow_object_versioning:
+            if 'symlink' not in get_swift_info():
+                raise ValueError('object versioning requires symlinks')
+            app = ObjectVersioningMiddleware(app, conf)
+        return VersionedWritesMiddleware(app, conf)
+    return versioning_filter