mirror of
https://github.com/minio/minio.git
synced 2024-12-26 23:25:54 -05:00
Merge pull request #144 from harshavardhana/pr_out_verify_both_x_amz_date_and_date_header_before_discarding_request
This commit is contained in:
commit
b2724b80c1
@ -34,8 +34,11 @@ func SignRequest(user config.User, req *http.Request) {
|
||||
|
||||
// This package implements verification side of Object API Signature request
|
||||
func ValidateRequest(user config.User, req *http.Request) (bool, error) {
|
||||
if date := req.Header.Get("Date"); date == "" {
|
||||
return false, fmt.Errorf("Date should be set")
|
||||
// Verify if date headers are set, if not reject the request
|
||||
if req.Header.Get("x-amz-date") == "" {
|
||||
if req.Header.Get("Date") == "" {
|
||||
return false, fmt.Errorf("Date should be set")
|
||||
}
|
||||
}
|
||||
hm := hmac.New(sha1.New, []byte(user.SecretKey))
|
||||
ss := getStringToSign(req)
|
||||
@ -48,9 +51,9 @@ func ValidateRequest(user config.User, req *http.Request) (bool, error) {
|
||||
encoder.Close()
|
||||
|
||||
// DEBUG
|
||||
// fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
|
||||
// fmt.Println("Header calculated: ", authHeader.String())
|
||||
// fmt.Printf("%q : %x", ss, ss)
|
||||
//fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
|
||||
//fmt.Println("Header calculated: ", authHeader.String())
|
||||
//fmt.Printf("%q : %x", ss, ss)
|
||||
if req.Header.Get("Authorization") != authHeader.String() {
|
||||
return false, fmt.Errorf("Authorization header mismatch")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user