fix(storage) Storage.uploadFile exits early on access denied

Author: jcjimenez

AmplifyPlugins/Storage/Sources/AWSS3StoragePlugin/Operation/AWSS3StorageUploadFileOperation.swift

@@ -84,6 +84,17 @@ class AWSS3StorageUploadFileOperation: AmplifyInProcessReportingOperation<
             return
         }
 
+        // This check was added because, at the time of this writing, AWS SDK
+        // failed silently on access denied.
+        if FileManager.default.fileExists(atPath: request.local.path) {
+            guard FileManager.default.isReadableFile(atPath: request.local.path) else {
+                dispatch(StorageError.accessDenied("Access to local file denied: \(request.local.path)",
+                                                   "Please ensure that \(request.local) is readable"))
+                finish()
+                return
+            }
+        }
+
         let uploadSize: UInt64
         do {
             uploadSize = try StorageRequestUtils.getSize(request.local)

AmplifyPlugins/Storage/Tests/AWSS3StoragePluginTests/Operation/AWSS3StorageUploadFileOperationTests2.swift

@@ -0,0 +1,74 @@
+////
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+@testable import Amplify
+@testable import AmplifyTestCommon
+@testable import AWSPluginsTestCommon
+@testable import AWSS3StoragePlugin
+@testable import AWSPluginsCore
+
+import AWSS3
+import XCTest
+
+final class AWSS3StorageUploadFileOperationTests2: AWSS3StorageOperationTestBase {
+    
+    override func setUp() {
+        super.setUp()
+        self.continueAfterFailure = false
+    }
+
+    /// - Given: A file with no read permissions from the user
+    /// - When: An attempt is made to upload it
+    /// - Then: An accessDenied error is returned before attempting proceed further
+    func testAccessDenied() throws {
+        let path = NSTemporaryDirectory().appending(UUID().uuidString)
+        FileManager.default.createFile(atPath: path,
+                                       contents: Data(UUID().uuidString.utf8),
+                                       attributes: [FileAttributeKey.posixPermissions: 000])
+        defer {
+            try? FileManager.default.removeItem(atPath: path)
+        }
+
+        let url = URL(fileURLWithPath: path)
+        let key = (path as NSString).lastPathComponent
+        let options = StorageUploadFileRequest.Options(accessLevel: .protected)
+        let request = StorageUploadFileRequest(key: key, local: url, options: options)
+
+        let progressExpectation = expectation(description: "progress")
+        progressExpectation.isInverted = true
+        let progressListner: ProgressListener = { _ in progressExpectation.fulfill() }
+
+        let resultExpectation = expectation(description: "result")
+        let resultListener: StorageUploadFileOperation.ResultListener = { result in
+            defer {
+                resultExpectation.fulfill()
+            }
+            switch result {
+            case .failure(let error):
+                guard case .accessDenied(let description, let recommendation, _) = error else {
+                    XCTFail("Should have failed with validation error")
+                    return
+                }
+                XCTAssertEqual(description, "Access to local file denied: \(path)")
+                XCTAssertEqual(recommendation, "Please ensure that \(url) is readable")
+            case .success:
+                XCTFail("Expecting an error but got success")
+            }
+        }
+
+        let operation = AWSS3StorageUploadFileOperation(request,
+                                                        storageConfiguration: testStorageConfiguration,
+                                                        storageService: mockStorageService,
+                                                        authService: mockAuthService,
+                                                        progressListener: progressListner,
+                                                        resultListener: resultListener)
+        operation.start()
+
+        wait(for: [progressExpectation, resultExpectation], timeout: 1)
+        XCTAssertTrue(operation.isFinished)
+    }
+}

AmplifyPlugins/Storage/Tests/StorageHostApp/AWSS3StoragePluginIntegrationTests/AWSS3StoragePluginNegativeTests.swift

@@ -92,6 +92,29 @@ class AWSS3StoragePluginNegativeTests: AWSS3StoragePluginTestBase {
         XCTAssertEqual(description, StorageErrorConstants.localFileNotFound.errorDescription)
     }
 
+    /// Given: An unreadable file
+    /// When: An attempt to upload it is made
+    /// Then: A StorageError.accessDenied error is propagated to the caller
+    func testUploadUnreadableFile() async throws {
+        let key = UUID().uuidString
+        let path = NSTemporaryDirectory() + key + ".tmp"
+        FileManager.default.createFile(atPath: path,
+                                       contents: Data(key.utf8),
+                                       attributes: [FileAttributeKey.posixPermissions: 000])
+        defer {
+            try? FileManager.default.removeItem(atPath: path)
+        }
+
+        let url = URL(fileURLWithPath: path)
+        do {
+            _ = try await Amplify.Storage.uploadFile(key: key, local: url, options: nil).value
+        } catch StorageError.accessDenied(let description, let recommendation, let underlyingError) {
+            XCTAssertEqual(description, "Access to local file denied: \(path)")
+            XCTAssertEqual(recommendation, "Please ensure that \(url) is readable")
+            XCTAssertNil(underlyingError)
+        }
+    }
+
     // TODO: possibly after understanding content-type
 //    func testPutWithInvalidContentType() {
 //