From 8489f22fe28ad671117aa45135afb7988560f781 Mon Sep 17 00:00:00 2001 From: Krishna Srinivas Date: Mon, 23 Jan 2017 17:01:44 -0800 Subject: [PATCH] signature-v2: Use request.RequestURI for signature calculation. (#3616) * signature-v2: Use request.RequestURI for signature calculation. * Use splitStr instead of strings.Split --- cmd/signature-v2.go | 29 ++++++----------------------- cmd/signature-v2_test.go | 2 ++ cmd/test-utils_test.go | 15 ++++++++++----- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/cmd/signature-v2.go b/cmd/signature-v2.go index c5540201e..107dbe8c5 100644 --- a/cmd/signature-v2.go +++ b/cmd/signature-v2.go @@ -85,16 +85,9 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode { // Access credentials. cred := serverConfig.GetCredential() - // url.RawPath will be valid if path has any encoded characters, if not it will - // be empty - in which case we need to consider url.Path (bug in net/http?) - encodedResource := r.URL.RawPath - encodedQuery := r.URL.RawQuery - if encodedResource == "" { - splits := strings.Split(r.URL.Path, "?") - if len(splits) > 0 { - encodedResource = getURLEncodedName(splits[0]) - } - } + // r.RequestURI will have raw encoded URI as sent by the client. + splits := splitStr(r.RequestURI, "?", 2) + encodedResource, encodedQuery := splits[0], splits[1] queries := strings.Split(encodedQuery, "&") var filteredQueries []string @@ -213,19 +206,9 @@ func doesSignV2Match(r *http.Request) APIErrorCode { return apiError } - // Encode path: - // url.RawPath will be valid if path has any encoded characters, if not it will - // be empty - in which case we need to consider url.Path (bug in net/http?) - encodedResource := r.URL.RawPath - if encodedResource == "" { - splits := strings.Split(r.URL.Path, "?") - if len(splits) > 0 { - encodedResource = getURLEncodedName(splits[0]) - } - } - - // Encode query strings - encodedQuery := r.URL.Query().Encode() + // r.RequestURI will have raw encoded URI as sent by the client. + splits := splitStr(r.RequestURI, "?", 2) + encodedResource, encodedQuery := splits[0], splits[1] expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header) if v2Auth != expectedAuth { diff --git a/cmd/signature-v2_test.go b/cmd/signature-v2_test.go index 91f4176a8..56cc38957 100644 --- a/cmd/signature-v2_test.go +++ b/cmd/signature-v2_test.go @@ -101,6 +101,8 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) { if e != nil { t.Errorf("(%d) failed to create http.Request, got %v", i, e) } + // Should be set since we are simulating a http server. + req.RequestURI = req.URL.RequestURI() // Do the same for the headers. for key, value := range testCase.headers { diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go index bd9537ca6..a9c544576 100644 --- a/cmd/test-utils_test.go +++ b/cmd/test-utils_test.go @@ -1739,20 +1739,25 @@ func prepareXLStorageDisks(t *testing.T) ([]StorageAPI, []string) { // initializes the specified API endpoints for the tests. // initialies the root and returns its path. // return credentials. -func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (bucketName string, apiRouter http.Handler, err error) { +func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (string, http.Handler, error) { // get random bucket name. - bucketName = getRandomBucketName() + bucketName := getRandomBucketName() // Create bucket. - err = obj.MakeBucket(bucketName) + err := obj.MakeBucket(bucketName) if err != nil { // failed to create newbucket, return err. return "", nil, err } // Register the API end points with XL object layer. // Registering only the GetObject handler. - apiRouter = initTestAPIEndPoints(obj, endpoints) - return bucketName, apiRouter, nil + apiRouter := initTestAPIEndPoints(obj, endpoints) + var f http.HandlerFunc + f = func(w http.ResponseWriter, r *http.Request) { + r.RequestURI = r.URL.RequestURI() + apiRouter.ServeHTTP(w, r) + } + return bucketName, f, nil } // ExecObjectLayerAPIAnonTest - Helper function to validate object Layer API handler