switch ContentMD5 check for default provider

localstack · thrau · Sep 13, 2023 · Sep 5, 2023 · Sep 5, 2023 · Sep 5, 2023
commit 64a28a221a56bb696f5c58f906399731869e7164
diff --git a/localstack/services/s3/provider.py b/localstack/services/s3/provider.py
@@ -186,7 +186,7 @@
 from localstack.utils.aws.arns import s3_bucket_name
 from localstack.utils.collections import get_safe
 from localstack.utils.patch import patch
-from localstack.utils.strings import md5, short_uid
+from localstack.utils.strings import short_uid
 from localstack.utils.time import parse_timestamp
 from localstack.utils.urls import localstack_host
 
@@ -519,16 +519,6 @@ def put_object(
         if checksum_algorithm := request.get("ChecksumAlgorithm"):
             verify_checksum(checksum_algorithm, context.request.data, request)
 
-        # TODO: handle ContentMD5 and ChecksumAlgorithm in a handler for all requests except requests with a streaming
-        #  body. We can use the specs to verify which operations needs to have the checksum validated
-        if content_md5 := request.get("ContentMD5"):
-            calculated_md5 = etag_to_base_64_content_md5(md5(context.request.data))
-            if calculated_md5 != content_md5:
-                raise InvalidDigest(
-                    "The Content-MD5 you specified was invalid.",
-                    Content_MD5=content_md5,
-                )
-
         moto_backend = get_moto_s3_backend(context)
         moto_bucket = get_bucket_from_moto(moto_backend, bucket=request["Bucket"])
 
@@ -546,6 +536,23 @@ def put_object(
                 )
             raise
 
+        # TODO: handle ContentMD5 and ChecksumAlgorithm in a handler for all requests except requests with a streaming
+        #  body. We can use the specs to verify which operations needs to have the checksum validated
+        # verify content_md5
+        if content_md5 := request.get("ContentMD5"):
+            calculated_md5 = etag_to_base_64_content_md5(response["ETag"].strip('"'))
+            if calculated_md5 != content_md5:
+                moto_backend.delete_object(
+                    bucket_name=request["Bucket"],
+                    key_name=request["Key"],
+                    version_id=response.get("VersionId"),
+                    bypass=True,
+                )
+                raise InvalidDigest(
+                    "The Content-MD5 you specified was invalid.",
+                    Content_MD5=content_md5,
+                )
+
         # moto interprets the Expires in query string for presigned URL as an Expires header and use it for the object
         # we set it to the correctly parsed value in Request, else we remove it from moto metadata
         # we are getting the last set key here so no need for versionId when getting the key