From b663d0d304e968fb7f4ecf0eae2d70d67ea9a652 Mon Sep 17 00:00:00 2001
From: jackyalbo <jacky.albo@gmail.com>
Date: Thu, 15 Jun 2023 16:55:02 +0300
Subject: [PATCH 1/2] reverting check_miss for read_bucket_policy_info

Signed-off-by: jackyalbo <jacky.albo@gmail.com>
(cherry picked from commit 0e7b4970ce1b79eb47d1016797124a2bdf3ea482)
---
 src/sdk/object_sdk.js           | 2 +-
 src/test/unit_tests/coretest.js | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sdk/object_sdk.js b/src/sdk/object_sdk.js
index eb0bf40cec..e6f0e3309f 100644
--- a/src/sdk/object_sdk.js
+++ b/src/sdk/object_sdk.js
@@ -149,7 +149,7 @@ class ObjectSDK {
     }
 
     async read_bucket_sdk_policy_info(name) {
-        const { bucket } = await bucket_namespace_cache.get_with_cache({ sdk: this, name }, 'cache_miss');
+        const { bucket } = await bucket_namespace_cache.get_with_cache({ sdk: this, name });
         const policy_info = {
             s3_policy: bucket.s3_policy,
             system_owner: bucket.system_owner,
diff --git a/src/test/unit_tests/coretest.js b/src/test/unit_tests/coretest.js
index 91c55c0b24..daaf1e9d8f 100644
--- a/src/test/unit_tests/coretest.js
+++ b/src/test/unit_tests/coretest.js
@@ -24,6 +24,7 @@ require('../../util/fips');
 const config = require('../../../config.js');
 config.test_mode = true;
 config.NODES_FREE_SPACE_RESERVE = 10 * 1024 * 1024;
+config.OBJECT_SDK_BUCKET_CACHE_EXPIRY_MS = 1;
 
 const dbg = require('../../util/debug_module')(__filename);
 const dbg_level =

From 4d6b36492b5024670457cb7893ec23987eca660c Mon Sep 17 00:00:00 2001
From: jackyalbo <jacky.albo@gmail.com>
Date: Wed, 28 Jun 2023 19:12:22 +0300
Subject: [PATCH 2/2] fixing issue with calling read_account

Signed-off-by: jackyalbo <jacky.albo@gmail.com>
(cherry picked from commit e468196f13a6743fd70491c6150622d7f027efce)
---
 src/endpoint/s3/s3_rest.js |  3 ++-
 src/sdk/object_sdk.js      | 37 ++++++++++++++++++++++---------------
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js
index fb8346131e..a05e89e09c 100755
--- a/src/endpoint/s3/s3_rest.js
+++ b/src/endpoint/s3/s3_rest.js
@@ -192,6 +192,7 @@ function authenticate_request(req) {
 }
 
 async function authorize_request(req) {
+    await req.object_sdk.load_requesting_account(req);
     await Promise.all([
         req.object_sdk.authorize_request_account(req),
         // authorize_request_policy(req) is supposed to
@@ -215,7 +216,7 @@ async function authorize_request_policy(req) {
         return;
     }
 
-    const account = await req.object_sdk.rpc_client.account.read_account({});
+    const account = req.object_sdk.requesting_account;
     const is_system_owner = account.email.unwrap() === system_owner.unwrap();
 
     // @TODO: System owner as a construct should be removed - Temporary
diff --git a/src/sdk/object_sdk.js b/src/sdk/object_sdk.js
index e6f0e3309f..11da0f2617 100644
--- a/src/sdk/object_sdk.js
+++ b/src/sdk/object_sdk.js
@@ -169,27 +169,34 @@ class ObjectSDK {
         return this._setup_bucket_namespace(bucket);
     }
 
+    async load_requesting_account(req) {
+        try {
+            const token = this.get_auth_token();
+            if (!token) return;
+            this.requesting_account = await account_cache.get_with_cache({
+                rpc_client: this.internal_rpc_client,
+                access_key: token.access_key,
+            });
+        } catch (error) {
+            dbg.error('authorize_request_account error:', error);
+            if (error.rpc_code && error.rpc_code === 'NO_SUCH_ACCOUNT') {
+                throw new RpcError('INVALID_ACCESS_KEY_ID', `Account with access_key not found`);
+            } else {
+                throw error;
+            }
+        }
+    }
+
     async authorize_request_account(req) {
         const { bucket } = req.params;
         const token = this.get_auth_token();
         // If the request is signed (authenticated)
         if (token) {
-            try {
-                this.requesting_account = await account_cache.get_with_cache({
-                    rpc_client: this.internal_rpc_client,
-                    access_key: token.access_key
-                });
-            } catch (error) {
-                dbg.error('authorize_request_account error:', error);
-                if (error.rpc_code && error.rpc_code === 'NO_SUCH_ACCOUNT') {
-                    throw new RpcError('INVALID_ACCESS_KEY_ID', `Account with access_key not found`);
-                } else {
-                    throw error;
-                }
+            const signature_secret = token.temp_secret_key || this.requesting_account?.access_keys?.[0]?.secret_key?.unwrap();
+            if (signature_secret) {
+                const signature = signature_utils.get_signature_from_auth_token(token, signature_secret);
+                if (token.signature !== signature) throw new RpcError('SIGNATURE_DOES_NOT_MATCH', `Signature that was calculated did not match`);
             }
-            const signature_secret = token.temp_secret_key || this.requesting_account.access_keys[0].secret_key.unwrap();
-            const signature = signature_utils.get_signature_from_auth_token(token, signature_secret);
-            if (token.signature !== signature) throw new RpcError('SIGNATURE_DOES_NOT_MATCH', `Signature that was calculated did not match`);
         }
         // check for a specific bucket
         if (bucket && req.op_name !== 'put_bucket') {