signature-v2: Use request.RequestURI for signature calculation. (#3616)

* signature-v2: Use request.RequestURI for signature calculation.

* Use splitStr instead of strings.Split

cmd/signature-v2.go

@@ -85,16 +85,9 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
 	// Access credentials.
 	cred := serverConfig.GetCredential()
 
-	// url.RawPath will be valid if path has any encoded characters, if not it will
+	// r.RequestURI will have raw encoded URI as sent by the client.
-	// be empty - in which case we need to consider url.Path (bug in net/http?)
+	splits := splitStr(r.RequestURI, "?", 2)
-	encodedResource := r.URL.RawPath
+	encodedResource, encodedQuery := splits[0], splits[1]
-	encodedQuery := r.URL.RawQuery
-	if encodedResource == "" {
-		splits := strings.Split(r.URL.Path, "?")
-		if len(splits) > 0 {
-			encodedResource = getURLEncodedName(splits[0])
-		}
-	}
 
 	queries := strings.Split(encodedQuery, "&")
 	var filteredQueries []string
@@ -213,19 +206,9 @@ func doesSignV2Match(r *http.Request) APIErrorCode {
 		return apiError
 	}
 
-	// Encode path:
+	// r.RequestURI will have raw encoded URI as sent by the client.
-	//   url.RawPath will be valid if path has any encoded characters, if not it will
+	splits := splitStr(r.RequestURI, "?", 2)
-	//   be empty - in which case we need to consider url.Path (bug in net/http?)
+	encodedResource, encodedQuery := splits[0], splits[1]
-	encodedResource := r.URL.RawPath
-	if encodedResource == "" {
-		splits := strings.Split(r.URL.Path, "?")
-		if len(splits) > 0 {
-			encodedResource = getURLEncodedName(splits[0])
-		}
-	}
-
-	// Encode query strings
-	encodedQuery := r.URL.Query().Encode()
 
 	expectedAuth := signatureV2(r.Method, encodedResource, encodedQuery, r.Header)
 	if v2Auth != expectedAuth {

cmd/signature-v2_test.go

@@ -101,6 +101,8 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
 		if e != nil {
 			t.Errorf("(%d) failed to create http.Request, got %v", i, e)
 		}
+		// Should be set since we are simulating a http server.
+		req.RequestURI = req.URL.RequestURI()
 
 		// Do the same for the headers.
 		for key, value := range testCase.headers {

cmd/test-utils_test.go

@@ -1739,20 +1739,25 @@ func prepareXLStorageDisks(t *testing.T) ([]StorageAPI, []string) {
 // initializes the specified API endpoints for the tests.
 // initialies the root and returns its path.
 // return credentials.
-func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (bucketName string, apiRouter http.Handler, err error) {
+func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (string, http.Handler, error) {
 	// get random bucket name.
-	bucketName = getRandomBucketName()
+	bucketName := getRandomBucketName()
 
 	// Create bucket.
-	err = obj.MakeBucket(bucketName)
+	err := obj.MakeBucket(bucketName)
 	if err != nil {
 		// failed to create newbucket, return err.
 		return "", nil, err
 	}
 	// Register the API end points with XL object layer.
 	// Registering only the GetObject handler.
-	apiRouter = initTestAPIEndPoints(obj, endpoints)
+	apiRouter := initTestAPIEndPoints(obj, endpoints)
-	return bucketName, apiRouter, nil
+	var f http.HandlerFunc
+	f = func(w http.ResponseWriter, r *http.Request) {
+		r.RequestURI = r.URL.RequestURI()
+		apiRouter.ServeHTTP(w, r)
+	}
+	return bucketName, f, nil
 }
 
 // ExecObjectLayerAPIAnonTest - Helper function to validate object Layer API handler