Authenticate writes!

src/allmydata/storage/http_server.py

@@ -167,8 +167,8 @@ class UploadsInProgress(object):
         self, storage_index: bytes, share_number: int, upload_secret: bytes
     ) -> BucketWriter:
         """Get the given in-progress immutable share upload."""
+        self.validate_upload_secret(storage_index, share_number, upload_secret)
         try:
-            # TODO 3877 check the upload secret matches given one
             return self._uploads[storage_index].shares[share_number]
         except (KeyError, IndexError):
             raise _HTTPError(http.NOT_FOUND)
@@ -345,8 +345,6 @@ class HTTPServer(object):
 
         offset = content_range.start
 
-        # TODO 3877 test for checking upload secret
-
         # TODO limit memory usage
         # https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3872
         data = request.content.read(content_range.stop - content_range.start + 1)

src/allmydata/test/test_storage_http.py

@@ -474,6 +474,21 @@ class ImmutableHTTPAPITests(SyncTestCase):
             )
             self.assertEqual(downloaded, expected_data[offset : offset + length])
 
+    def test_write_with_wrong_upload_key(self):
+        """A write with the wrong upload key fails."""
+        (upload_secret, _, storage_index, _) = self.create_upload({1}, 100)
+        with self.assertRaises(ClientException) as e:
+            result_of(
+                self.imm_client.write_share_chunk(
+                    storage_index,
+                    1,
+                    upload_secret + b"X",
+                    0,
+                    b"123",
+                )
+            )
+        self.assertEqual(e.exception.args[0], http.UNAUTHORIZED)
+
     def test_allocate_buckets_second_time_wrong_upload_key(self):
         """
         If allocate buckets endpoint is called second time with wrong upload