mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
signature-v4: Support for transfer-encoding request header (#4053)
This commit is contained in:
parent
f205689ff5
commit
af82d27018
@ -107,7 +107,8 @@ func getURLEncodedName(name string) string {
|
||||
}
|
||||
|
||||
// extractSignedHeaders extract signed headers from Authorization header
|
||||
func extractSignedHeaders(signedHeaders []string, reqHeaders http.Header) (http.Header, APIErrorCode) {
|
||||
func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header, APIErrorCode) {
|
||||
reqHeaders := r.Header
|
||||
// find whether "host" is part of list of signed headers.
|
||||
// if not return ErrUnsignedHeaders. "host" is mandatory.
|
||||
if !contains(signedHeaders, "host") {
|
||||
@ -145,6 +146,10 @@ func extractSignedHeaders(signedHeaders []string, reqHeaders http.Header) (http.
|
||||
if header == "host" {
|
||||
continue
|
||||
}
|
||||
if header == "transfer-encoding" {
|
||||
extractedSignedHeaders[header] = r.TransferEncoding
|
||||
continue
|
||||
}
|
||||
// If not found continue, we will stop here.
|
||||
return nil, ErrUnsignedHeaders
|
||||
}
|
||||
|
@ -132,7 +132,7 @@ func TestGetURLEncodedName(t *testing.T) {
|
||||
|
||||
// TestExtractSignedHeaders - Tests validate extraction of signed headers using list of signed header keys.
|
||||
func TestExtractSignedHeaders(t *testing.T) {
|
||||
signedHeaders := []string{"host", "x-amz-content-sha256", "x-amz-date"}
|
||||
signedHeaders := []string{"host", "x-amz-content-sha256", "x-amz-date", "transfer-encoding"}
|
||||
|
||||
// If the `expect` key exists in the signed headers then golang server would have stripped out the value, expecting the `expect` header set to `100-continue` in the result.
|
||||
signedHeaders = append(signedHeaders, "expect")
|
||||
@ -140,14 +140,21 @@ func TestExtractSignedHeaders(t *testing.T) {
|
||||
expectedHost := "play.minio.io:9000"
|
||||
expectedContentSha256 := "1234abcd"
|
||||
expectedTime := UTCNow().Format(iso8601Format)
|
||||
expectedTransferEncoding := "gzip"
|
||||
|
||||
r, err := http.NewRequest("GET", "http://localhost", nil)
|
||||
if err != nil {
|
||||
t.Fatal("Unable to create http.Request :", err)
|
||||
}
|
||||
r.TransferEncoding = []string{expectedTransferEncoding}
|
||||
|
||||
// Creating input http header.
|
||||
inputHeader := make(http.Header)
|
||||
inputHeader := r.Header
|
||||
inputHeader.Set(signedHeaders[0], expectedHost)
|
||||
inputHeader.Set(signedHeaders[1], expectedContentSha256)
|
||||
inputHeader.Set(signedHeaders[2], expectedTime)
|
||||
// calling the function being tested.
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signedHeaders, inputHeader)
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signedHeaders, r)
|
||||
if errCode != ErrNone {
|
||||
t.Fatalf("Expected the APIErrorCode to be %d, but got %d", ErrNone, errCode)
|
||||
}
|
||||
@ -160,6 +167,9 @@ func TestExtractSignedHeaders(t *testing.T) {
|
||||
extractedDate := extractedSignedHeaders[signedHeaders[2]]
|
||||
// extracted `expect` header.
|
||||
extractedExpect := extractedSignedHeaders["expect"][0]
|
||||
|
||||
extractedTransferEncoding := extractedSignedHeaders["transfer-encoding"][0]
|
||||
|
||||
if expectedHost != extractedHost[0] {
|
||||
t.Errorf("host header mismatch: expected `%s`, got `%s`", expectedHost, extractedHost)
|
||||
}
|
||||
@ -170,6 +180,9 @@ func TestExtractSignedHeaders(t *testing.T) {
|
||||
if expectedTime != extractedDate[0] {
|
||||
t.Errorf("x-amz-date header mismatch: expected `%s`, got `%s`", expectedTime, extractedDate)
|
||||
}
|
||||
if extractedTransferEncoding != expectedTransferEncoding {
|
||||
t.Errorf("transfer-encoding mismatch: expected %s, got %s", expectedTransferEncoding, extractedTransferEncoding)
|
||||
}
|
||||
|
||||
// Since the list of signed headers value contained `expect`, the default value of `100-continue` will be added to extracted signed headers.
|
||||
if extractedExpect != "100-continue" {
|
||||
@ -179,7 +192,7 @@ func TestExtractSignedHeaders(t *testing.T) {
|
||||
// case where the headers doesn't contain the one of the signed header in the signed headers list.
|
||||
signedHeaders = append(signedHeaders, " X-Amz-Credential")
|
||||
// expected to fail with `ErrUnsignedHeaders`.
|
||||
_, errCode = extractSignedHeaders(signedHeaders, inputHeader)
|
||||
_, errCode = extractSignedHeaders(signedHeaders, r)
|
||||
if errCode != ErrUnsignedHeaders {
|
||||
t.Fatalf("Expected the APIErrorCode to %d, but got %d", ErrUnsignedHeaders, errCode)
|
||||
}
|
||||
@ -187,7 +200,7 @@ func TestExtractSignedHeaders(t *testing.T) {
|
||||
// case where the list of signed headers doesn't contain the host field.
|
||||
signedHeaders = signedHeaders[1:]
|
||||
// expected to fail with `ErrUnsignedHeaders`.
|
||||
_, errCode = extractSignedHeaders(signedHeaders, inputHeader)
|
||||
_, errCode = extractSignedHeaders(signedHeaders, r)
|
||||
if errCode != ErrUnsignedHeaders {
|
||||
t.Fatalf("Expected the APIErrorCode to %d, but got %d", ErrUnsignedHeaders, errCode)
|
||||
}
|
||||
|
@ -235,7 +235,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
|
||||
}
|
||||
|
||||
// Extract all the signed headers along with its values.
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(pSignValues.SignedHeaders, req.Header)
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(pSignValues.SignedHeaders, r)
|
||||
if errCode != ErrNone {
|
||||
return errCode
|
||||
}
|
||||
@ -360,7 +360,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
|
||||
}
|
||||
|
||||
// Extract all the signed headers along with its values.
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, header)
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
|
||||
if errCode != ErrNone {
|
||||
return errCode
|
||||
}
|
||||
|
@ -97,7 +97,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
|
||||
}
|
||||
|
||||
// Extract all the signed headers along with its values.
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, req.Header)
|
||||
extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
|
||||
if errCode != ErrNone {
|
||||
return "", time.Time{}, errCode
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user