Merge pull request #144 from harshavardhana/pr_out_verify_both_x_amz_date_and_date_header_before_discarding_request

This commit is contained in:
Harshavardhana 2015-02-08 02:39:03 -08:00
commit b2724b80c1

View File

@ -34,8 +34,11 @@ func SignRequest(user config.User, req *http.Request) {
// This package implements verification side of Object API Signature request
func ValidateRequest(user config.User, req *http.Request) (bool, error) {
if date := req.Header.Get("Date"); date == "" {
return false, fmt.Errorf("Date should be set")
// Verify if date headers are set, if not reject the request
if req.Header.Get("x-amz-date") == "" {
if req.Header.Get("Date") == "" {
return false, fmt.Errorf("Date should be set")
}
}
hm := hmac.New(sha1.New, []byte(user.SecretKey))
ss := getStringToSign(req)
@ -48,9 +51,9 @@ func ValidateRequest(user config.User, req *http.Request) (bool, error) {
encoder.Close()
// DEBUG
// fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
// fmt.Println("Header calculated: ", authHeader.String())
// fmt.Printf("%q : %x", ss, ss)
//fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
//fmt.Println("Header calculated: ", authHeader.String())
//fmt.Printf("%q : %x", ss, ss)
if req.Header.Get("Authorization") != authHeader.String() {
return false, fmt.Errorf("Authorization header mismatch")
}