MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

signature: use region from Auth header if server's region not configured (#4329)

Browse Source
This commit is contained in:
Krishna Srinivas
2017-05-15 18:17:02 -07:00
committed by Harshavardhana
parent 465274cd21
commit 5db1e9f3dd
13 changed files with 138 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
cmd/signature-v4_test.go
View File

@@ -54,14 +54,7 @@ func TestDoesPolicySignatureMatch(t *testing.T) {
},
expected: ErrInvalidAccessKeyID,
},
// (2) It should fail if the region is invalid.
{
form: http.Header{
"X-Amz-Credential": []string{fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "invalidregion")},
},
expected: ErrInvalidRegion,
},
// (3) It should fail with a bad signature.
// (2) It should fail with a bad signature.
{
form: http.Header{
"X-Amz-Credential": []string{fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion)},
@@ -71,7 +64,7 @@ func TestDoesPolicySignatureMatch(t *testing.T) {
},
expected: ErrSignatureDoesNotMatch,
},
// (4) It should succeed if everything is correct.
// (3) It should succeed if everything is correct.
{
form: http.Header{
"X-Amz-Credential": []string{
@@ -135,21 +128,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: "us-west-1",
expected: ErrInvalidAccessKeyID,
},
// (2) Should fail with an invalid region.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
"X-Amz-Date": now.Format(iso8601Format),
"X-Amz-Expires": "60",
"X-Amz-Signature": "badsignature",
"X-Amz-SignedHeaders": "host;x-amz-content-sha256;x-amz-date",
"X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKeyID, now.Format(yyyymmdd), "us-west-1"),
"X-Amz-Content-Sha256": payloadSHA256,
},
region: globalMinioDefaultRegion,
expected: ErrInvalidRegion,
},
// (3) Should NOT fail with an invalid region if it doesn't verify it.
// (2) Should NOT fail with an invalid region if it doesn't verify it.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
@@ -163,7 +142,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: "us-west-1",
expected: ErrUnsignedHeaders,
},
// (4) Should fail to extract headers if the host header is not signed.
// (3) Should fail to extract headers if the host header is not signed.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
@@ -177,7 +156,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: region,
expected: ErrUnsignedHeaders,
},
// (5) Should give an expired request if it has expired.
// (4) Should give an expired request if it has expired.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
@@ -195,7 +174,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: region,
expected: ErrExpiredPresignRequest,
},
// (6) Should error if the signature is incorrect.
// (5) Should error if the signature is incorrect.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
@@ -213,7 +192,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: region,
expected: ErrSignatureDoesNotMatch,
},
// (7) Should error if the request is not ready yet, ie X-Amz-Date is in the future.
// (6) Should error if the request is not ready yet, ie X-Amz-Date is in the future.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,
@@ -231,7 +210,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: region,
expected: ErrRequestNotReadyYet,
},
// (8) Should not error with invalid region instead, call should proceed
// (7) Should not error with invalid region instead, call should proceed
// with sigature does not match.
{
queryParams: map[string]string{
@@ -250,7 +229,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: "",
expected: ErrSignatureDoesNotMatch,
},
// (9) Should error with signature does not match. But handles
// (8) Should error with signature does not match. But handles
// query params which do not precede with "x-amz-" header.
{
queryParams: map[string]string{
@@ -270,7 +249,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
region: "",
expected: ErrSignatureDoesNotMatch,
},
// (10) Should error with unsigned headers.
// (9) Should error with unsigned headers.
{
queryParams: map[string]string{
"X-Amz-Algorithm": signV4Algorithm,