Fix DummyHandlers to authorize and send/validate correct XMLs (#7223)

cmd/dummy-handlers.go

@@ -1,5 +1,5 @@
 /*
- * Minio Cloud Storage, (C) 2018 Minio, Inc.
+ * Minio Cloud Storage, (C) 2018, 2019 Minio, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+	"github.com/minio/minio/pkg/policy"
 )
 
 // Data types used for returning dummy tagging XML.
@@ -95,25 +96,29 @@ func (api objectAPIHandlers) DeleteBucketWebsiteHandler(w http.ResponseWriter, r
 	w.(http.Flusher).Flush()
 }
 
+type allowedMethod string
+
+// Define strings
+const (
+	GET    allowedMethod = http.MethodGet
+	PUT    allowedMethod = http.MethodPut
+	HEAD   allowedMethod = http.MethodHead
+	POST   allowedMethod = http.MethodPost
+	DELETE allowedMethod = http.MethodDelete
+)
+
 // GetBucketCorsHandler - GET bucket cors, a dummy api
 func (api objectAPIHandlers) GetBucketCorsHandler(w http.ResponseWriter, r *http.Request) {
 	ctx := newContext(r, w, "GetBucketCorsHandler")
 
-	type allowedMethod int
-	const (
-		GET allowedMethod = iota
-		PUT
-		HEAD
-		POST
-		DELETE
-	)
 	type corsRule struct {
-		AllowedMethod allowedMethod `xml:"AllowedMethod"`
+		AllowedHeaders []string        `xml:"AllowedHeaders"`
-		AllowedOrigin string        `xml:"AllowedOrigin"`
+		AllowedMethods []allowedMethod `xml:"AllowedMethod"`
-		ExposeHeader  string        `xml:"ExposeHeader"`
+		AllowedOrigins []string        `xml:"AllowedOrigin"`
-		ID            string        `xml:"ID"`
+		ExposeHeaders  []string        `xml:"ExposeHeader"`
-		MaxAgeSeconds int64         `xml:"MaxAgeSeconds"`
+		MaxAgeSeconds  int64           `xml:"MaxAgeSeconds"`
 	}
+
 	type corsConfiguration struct {
 		XMLName  xml.Name   `xml:"CORSConfiguration"`
 		CorsRule []corsRule `xml:"CORSRule"`
@@ -128,6 +133,13 @@ func (api objectAPIHandlers) GetBucketCorsHandler(w http.ResponseWriter, r *http
 		return
 	}
 
+	// Allow getBucketCors if policy action is set, since this is a dummy call
+	// we are simply re-purposing the bucketPolicyAction.
+	if s3Error := checkRequestAuthType(ctx, r, policy.GetBucketPolicyAction, bucket, ""); s3Error != ErrNone {
+		writeErrorResponse(w, s3Error, r.URL, guessIsBrowserReq(r))
+		return
+	}
+
 	// Validate if bucket exists, before proceeding further...
 	_, err := objAPI.GetBucketInfo(ctx, bucket)
 	if err != nil {
@@ -135,10 +147,8 @@ func (api objectAPIHandlers) GetBucketCorsHandler(w http.ResponseWriter, r *http
 		return
 	}
 
-	tags := &tagging{}
+	cors := &corsConfiguration{}
-	tags.TagSet.Tag = append(tags.TagSet.Tag, tagElem{})
+	if err := xml.NewEncoder(w).Encode(cors); err != nil {
-
-	if err := xml.NewEncoder(w).Encode(tags); err != nil {
 		writeErrorResponse(w, toAPIErrorCode(ctx, err), r.URL, guessIsBrowserReq(r))
 		return
 	}
@@ -159,6 +169,13 @@ func (api objectAPIHandlers) GetBucketTaggingHandler(w http.ResponseWriter, r *h
 		return
 	}
 
+	// Allow getBucketTagging if policy action is set, since this is a dummy call
+	// we are simply re-purposing the bucketPolicyAction.
+	if s3Error := checkRequestAuthType(ctx, r, policy.GetBucketPolicyAction, bucket, ""); s3Error != ErrNone {
+		writeErrorResponse(w, s3Error, r.URL, guessIsBrowserReq(r))
+		return
+	}
+
 	// Validate if bucket exists, before proceeding further...
 	_, err := objAPI.GetBucketInfo(ctx, bucket)
 	if err != nil {
@@ -191,6 +208,13 @@ func (api objectAPIHandlers) GetObjectTaggingHandler(w http.ResponseWriter, r *h
 		return
 	}
 
+	// Allow getObjectTagging if policy action is set, since this is a dummy call
+	// we are simply re-purposing the bucketPolicyAction.
+	if s3Error := checkRequestAuthType(ctx, r, policy.GetBucketPolicyAction, bucket, ""); s3Error != ErrNone {
+		writeErrorResponse(w, s3Error, r.URL, guessIsBrowserReq(r))
+		return
+	}
+
 	// Validate if object exists, before proceeding further...
 	_, err := objAPI.GetObjectInfo(ctx, bucket, object, ObjectOptions{})
 	if err != nil {