Merge pull request #611 from harshavardhana/pr_out_add_missing_validate_access_keys_after_extracted_from_authheader

10 years ago · c63ba4be26
parent 138288f788 e11f9110b6
commit c63ba4be26
2 changed files with 19 additions and 19 deletions
--- a/pkg/api/api_generic_handlers.go
+++ b/pkg/api/api_generic_handlers.go
@ -23,6 +23,7 @@ import (
 	"time"
 	"github.com/minio/minio/pkg/api/config"
 	"github.com/minio/minio/pkg/utils/crypto/keys"
 )
 type contentTypeHandler struct {
@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) {
 	a.signedheaders = strings.Split(signedheaders, "=")[1]
 	a.signature = strings.Split(signature, "=")[1]
 	a.accessKey = strings.Split(a.credential, "/")[0]
 	if !keys.IsValidAccessKey(a.accessKey) {
 		return nil, errors.New("Invalid access key")
 	}
 	return a, nil
 }
--- a/pkg/utils/crypto/keys/common.go
+++ b/pkg/utils/crypto/keys/common.go
@ -16,6 +16,8 @@
 package keys
 import "regexp"
 // AccessID and SecretID length in bytes
 const (
 	MinioAccessID = 20
@ -24,26 +26,20 @@ const (
 /// helpers
-// Is alphanumeric?
+// IsValidSecretKey - validate secret key
-func isalnum(c byte) bool {
+func IsValidSecretKey(secretAccessKey string) bool {
-	return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z'
+	if secretAccessKey == "" {
 		return true
 	}
 	regex := regexp.MustCompile("^.{40}$")
 	return regex.MatchString(secretAccessKey)
 }
-// IsValidAccessKey - validate access key for only alphanumeric characters
+// IsValidAccessKey - validate access key
-func IsValidAccessKey(key []byte) bool {
+func IsValidAccessKey(accessKeyID string) bool {
-	for _, char := range key {
+	if accessKeyID == "" {
-		if isalnum(char) {
+		return true
 			continue
 		}
 		switch char {
 		case '-':
 		case '.':
 		case '_':
 		case '~':
 			continue
 		default:
 			return false
 		}
 	}
-	return true
+	regex := regexp.MustCompile("^[A-Z0-9\\-\\.\\_\\~]{20}$")
 	return regex.MatchString(accessKeyID)
 }