signature-v2: Use request.RequestURI for signature calculation. (#3616)

* signature-v2: Use request.RequestURI for signature calculation.

* Use splitStr instead of strings.Split
master
Krishna Srinivas 8 years ago committed by Harshavardhana
parent fc6f804865
commit 8489f22fe2
  1. 29
      cmd/signature-v2.go
  2. 2
      cmd/signature-v2_test.go
  3. 15
      cmd/test-utils_test.go

@ -85,16 +85,9 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
// Access credentials. // Access credentials.
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
// url.RawPath will be valid if path has any encoded characters, if not it will // r.RequestURI will have raw encoded URI as sent by the client.
// be empty - in which case we need to consider url.Path (bug in net/http?) splits := splitStr(r.RequestURI, "?", 2)
encodedResource := r.URL.RawPath encodedResource, encodedQuery := splits[0], splits[1]
encodedQuery := r.URL.RawQuery
if encodedResource == "" {
splits := strings.Split(r.URL.Path, "?")
if len(splits) > 0 {
encodedResource = getURLEncodedName(splits[0])
}
}
queries := strings.Split(encodedQuery, "&") queries := strings.Split(encodedQuery, "&")
var filteredQueries []string var filteredQueries []string
@ -213,19 +206,9 @@ func doesSignV2Match(r *http.Request) APIErrorCode {
return apiError return apiError
} }
// Encode path: // r.RequestURI will have raw encoded URI as sent by the client.
// url.RawPath will be valid if path has any encoded characters, if not it will splits := splitStr(r.RequestURI, "?", 2)
// be empty - in which case we need to consider url.Path (bug in net/http?) encodedResource, encodedQuery := splits[0], splits[1]
encodedResource := r.URL.RawPath
if encodedResource == "" {
splits := strings.Split(r.URL.Path, "?")
if len(splits) > 0 {
encodedResource = getURLEncodedName(splits[0])
}
}
// Encode query strings
encodedQuery := r.URL.Query().Encode()
expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header) expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header)
if v2Auth != expectedAuth { if v2Auth != expectedAuth {

@ -101,6 +101,8 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
if e != nil { if e != nil {
t.Errorf("(%d) failed to create http.Request, got %v", i, e) t.Errorf("(%d) failed to create http.Request, got %v", i, e)
} }
// Should be set since we are simulating a http server.
req.RequestURI = req.URL.RequestURI()
// Do the same for the headers. // Do the same for the headers.
for key, value := range testCase.headers { for key, value := range testCase.headers {

@ -1739,20 +1739,25 @@ func prepareXLStorageDisks(t *testing.T) ([]StorageAPI, []string) {
// initializes the specified API endpoints for the tests. // initializes the specified API endpoints for the tests.
// initialies the root and returns its path. // initialies the root and returns its path.
// return credentials. // return credentials.
func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (bucketName string, apiRouter http.Handler, err error) { func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (string, http.Handler, error) {
// get random bucket name. // get random bucket name.
bucketName = getRandomBucketName() bucketName := getRandomBucketName()
// Create bucket. // Create bucket.
err = obj.MakeBucket(bucketName) err := obj.MakeBucket(bucketName)
if err != nil { if err != nil {
// failed to create newbucket, return err. // failed to create newbucket, return err.
return "", nil, err return "", nil, err
} }
// Register the API end points with XL object layer. // Register the API end points with XL object layer.
// Registering only the GetObject handler. // Registering only the GetObject handler.
apiRouter = initTestAPIEndPoints(obj, endpoints) apiRouter := initTestAPIEndPoints(obj, endpoints)
return bucketName, apiRouter, nil var f http.HandlerFunc
f = func(w http.ResponseWriter, r *http.Request) {
r.RequestURI = r.URL.RequestURI()
apiRouter.ServeHTTP(w, r)
}
return bucketName, f, nil
} }
// ExecObjectLayerAPIAnonTest - Helper function to validate object Layer API handler // ExecObjectLayerAPIAnonTest - Helper function to validate object Layer API handler

Loading…
Cancel
Save