More secure SAS permissions for Azure upload

2019-08-06 13:43:57 -04:00 · 2019-08-06 13:43:57 -04:00 · 59de01031c
commit 59de01031c
parent 989e28e5fb
2 changed files with 6 additions and 5 deletions
--- a/atst/domain/csp/file_uploads.py
+++ b/atst/domain/csp/file_uploads.py
@ -1,5 +1,5 @@
 from azure.storage.common import CloudStorageAccount
-from azure.storage.blob import ContainerPermissions
+from azure.storage.blob import BlobPermissions
 from datetime import datetime, timedelta
 from uuid import uuid4

@ -52,10 +52,11 @@ class AzureUploader(Uploader):
        )
        bbs = account.create_block_blob_service()
        object_name = self.object_name()
-        sas_token = bbs.generate_container_shared_access_signature(
+        sas_token = bbs.generate_blob_shared_access_signature(
            self.container_name,
-            ContainerPermissions.WRITE,
-            datetime.utcnow() + self.timeout,
+            object_name,
+            permission=BlobPermissions.CREATE,
+            expiry=datetime.utcnow() + self.timeout,
            protocol="https",
        )
        return ({"token": sas_token}, object_name)
--- a/js/lib/upload.js
+++ b/js/lib/upload.js
@ -27,7 +27,7 @@ class AzureUploader {
      fileReader.addEventListener('load', f => {
        blobService.createBlockBlobFromText(
          this.containerName,
-          `${objectName}.pdf`,
+          `${objectName}`,
          f.target.result,
          options,
          function(err, result) {