S3 - HeadObject should authenticate requests (#4240)

2021-08-29 14:49:05 +01:00 · 2021-08-29 14:49:05 +01:00 · dc49232734
commit dc49232734
parent 7f57271773
2 changed files with 30 additions and 0 deletions
--- a/moto/s3/responses.py
+++ b/moto/s3/responses.py
@ -122,6 +122,7 @@ ACTION_MAP = {
        },
    },
    "KEY": {
+        "HEAD": {"DEFAULT": "HeadObject",},
        "GET": {
            "uploadId": "ListMultipartUploadParts",
            "acl": "GetObjectAcl",
@ -1517,6 +1518,9 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
        return 200, response_headers, ""

    def _key_response_head(self, bucket_name, query, key_name, headers):
+        self._set_action("KEY", "HEAD", query)
+        self._authenticate_and_authorize_s3_action()
+
        response_headers = {}
        version_id = query.get("versionId", [None])[0]
        part_number = query.get("partNumber", [None])[0]
--- a/tests/test_s3/test_s3_auth.py
+++ b/tests/test_s3/test_s3_auth.py
@ -0,0 +1,26 @@
+import boto3
+import pytest
+
+from botocore.exceptions import ClientError
+from moto import mock_s3, settings
+from moto.core import set_initial_no_auth_action_count
+from unittest import SkipTest
+
+
+@mock_s3
+@set_initial_no_auth_action_count(0)
+def test_load_unexisting_object_without_auth_should_return_403():
+    if settings.TEST_SERVER_MODE:
+        raise SkipTest("Auth decorator does not work in server mode")
+
+    """Head an S3 object we should have no access to."""
+    resource = boto3.resource("s3", region_name="us-east-1")
+
+    obj = resource.Object("myfakebucket", "myfakekey")
+    with pytest.raises(ClientError) as ex:
+        obj.load()
+    err = ex.value.response["Error"]
+    err["Code"].should.equal("InvalidAccessKeyId")
+    err["Message"].should.equal(
+        "The AWS Access Key Id you provided does not exist in our records."
+    )