Merge pull request #144 from harshavardhana/pr_out_verify_both_x_amz_date_and_date_header_before_discarding_request

pkg/utils/crypto/signers/signers.go

@@ -34,8 +34,11 @@ func SignRequest(user config.User, req *http.Request) {
 
 // This package implements verification side of Object API Signature request
 func ValidateRequest(user config.User, req *http.Request) (bool, error) {
-	if date := req.Header.Get("Date"); date == "" {
-		return false, fmt.Errorf("Date should be set")
+	// Verify if date headers are set, if not reject the request
+	if req.Header.Get("x-amz-date") == "" {
+		if req.Header.Get("Date") == "" {
+			return false, fmt.Errorf("Date should be set")
+		}
 	}
 	hm := hmac.New(sha1.New, []byte(user.SecretKey))
 	ss := getStringToSign(req)
@@ -48,9 +51,9 @@ func ValidateRequest(user config.User, req *http.Request) (bool, error) {
 	encoder.Close()
 
 	// DEBUG
-	// fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
-	// fmt.Println("Header calculated: ", authHeader.String())
-	// fmt.Printf("%q : %x", ss, ss)
+	//fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
+	//fmt.Println("Header calculated: ", authHeader.String())
+	//fmt.Printf("%q : %x", ss, ss)
 	if req.Header.Get("Authorization") != authHeader.String() {
 		return false, fmt.Errorf("Authorization header mismatch")
 	}