mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Merge pull request #728 from harshavardhana/pr_out_handle_both_space_and_non_space_characters_in_signature_v4
This commit is contained in:
commit
f1d52df130
@ -226,21 +226,14 @@ func (r *Signature) DoesSignatureMatch(hashedPayload string) (bool, error) {
|
||||
if err != nil {
|
||||
return false, iodine.New(err, nil)
|
||||
}
|
||||
signedHeaders := r.getSignedHeaders()
|
||||
canonicalRequest := r.getCanonicalRequest()
|
||||
scope := r.getScope(t)
|
||||
stringToSign := r.getStringToSign(canonicalRequest, t)
|
||||
signingKey := r.getSigningKey(t)
|
||||
signature := r.getSignature(signingKey, stringToSign)
|
||||
newSignature := r.getSignature(signingKey, stringToSign)
|
||||
|
||||
// final Authorization header
|
||||
parts := []string{
|
||||
authHeaderPrefix + " Credential=" + r.AccessKeyID + "/" + scope,
|
||||
"SignedHeaders=" + signedHeaders,
|
||||
"Signature=" + signature,
|
||||
}
|
||||
newAuthHeader := strings.Join(parts, ", ")
|
||||
if newAuthHeader != r.AuthHeader {
|
||||
authFields := strings.Split(strings.TrimSpace(r.AuthHeader), ",")
|
||||
signature := strings.Split(strings.TrimSpace(authFields[2]), "=")[1]
|
||||
if newSignature != signature {
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
|
@ -118,17 +118,15 @@ func (api Minio) ListMultipartUploadsHandler(w http.ResponseWriter, req *http.Re
|
||||
// write body
|
||||
w.Write(encodedSuccessResponse)
|
||||
}
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNotFound:
|
||||
{
|
||||
writeErrorResponse(w, req, NoSuchBucket, acceptsContentType, req.URL.Path)
|
||||
}
|
||||
default:
|
||||
{
|
||||
log.Error.Println(iodine.New(err, nil))
|
||||
writeErrorResponse(w, req, InternalError, acceptsContentType, req.URL.Path)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ListObjectsHandler - GET Bucket (List Objects)
|
||||
// -------------------------
|
||||
@ -185,6 +183,8 @@ func (api Minio) ListObjectsHandler(w http.ResponseWriter, req *http.Request) {
|
||||
setCommonHeaders(w, getContentTypeString(acceptsContentType), len(encodedSuccessResponse))
|
||||
// write body
|
||||
w.Write(encodedSuccessResponse)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNameInvalid:
|
||||
writeErrorResponse(w, req, InvalidBucketName, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNotFound:
|
||||
@ -242,6 +242,8 @@ func (api Minio) ListBucketsHandler(w http.ResponseWriter, req *http.Request) {
|
||||
setCommonHeaders(w, getContentTypeString(acceptsContentType), len(encodedSuccessResponse))
|
||||
// write response
|
||||
w.Write(encodedSuccessResponse)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
default:
|
||||
log.Error.Println(iodine.New(err, nil))
|
||||
writeErrorResponse(w, req, InternalError, acceptsContentType, req.URL.Path)
|
||||
@ -300,6 +302,8 @@ func (api Minio) PutBucketHandler(w http.ResponseWriter, req *http.Request) {
|
||||
// Make sure to add Location information here only for bucket
|
||||
w.Header().Set("Location", "/"+bucket)
|
||||
writeSuccessResponse(w, acceptsContentType)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.TooManyBuckets:
|
||||
writeErrorResponse(w, req, TooManyBuckets, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNameInvalid:
|
||||
@ -352,6 +356,8 @@ func (api Minio) PutBucketACLHandler(w http.ResponseWriter, req *http.Request) {
|
||||
switch iodine.ToError(err).(type) {
|
||||
case nil:
|
||||
writeSuccessResponse(w, acceptsContentType)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNameInvalid:
|
||||
writeErrorResponse(w, req, InvalidBucketName, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNotFound:
|
||||
@ -398,6 +404,8 @@ func (api Minio) HeadBucketHandler(w http.ResponseWriter, req *http.Request) {
|
||||
switch iodine.ToError(err).(type) {
|
||||
case nil:
|
||||
writeSuccessResponse(w, acceptsContentType)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNotFound:
|
||||
error := getErrorCode(NoSuchBucket)
|
||||
w.WriteHeader(error.HTTPStatusCode)
|
||||
|
@ -91,6 +91,8 @@ func (api Minio) GetObjectHandler(w http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
}
|
||||
}
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNameInvalid:
|
||||
writeErrorResponse(w, req, InvalidBucketName, acceptsContentType, req.URL.Path)
|
||||
case donut.BucketNotFound:
|
||||
@ -144,6 +146,10 @@ func (api Minio) HeadObjectHandler(w http.ResponseWriter, req *http.Request) {
|
||||
case nil:
|
||||
setObjectHeaders(w, metadata)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
error := getErrorCode(SignatureDoesNotMatch)
|
||||
w.Header().Set("Server", "Minio")
|
||||
w.WriteHeader(error.HTTPStatusCode)
|
||||
case donut.BucketNameInvalid:
|
||||
error := getErrorCode(InvalidBucketName)
|
||||
w.Header().Set("Server", "Minio")
|
||||
@ -314,6 +320,8 @@ func (api Minio) NewMultipartUploadHandler(w http.ResponseWriter, req *http.Requ
|
||||
// write body
|
||||
w.Write(encodedSuccessResponse)
|
||||
}
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.ObjectExists:
|
||||
writeErrorResponse(w, req, MethodNotAllowed, acceptsContentType, req.URL.Path)
|
||||
default:
|
||||
@ -450,6 +458,8 @@ func (api Minio) AbortMultipartUploadHandler(w http.ResponseWriter, req *http.Re
|
||||
case nil:
|
||||
setCommonHeaders(w, getContentTypeString(acceptsContentType), 0)
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.InvalidUploadID:
|
||||
writeErrorResponse(w, req, NoSuchUpload, acceptsContentType, req.URL.Path)
|
||||
default:
|
||||
@ -505,6 +515,8 @@ func (api Minio) ListObjectPartsHandler(w http.ResponseWriter, req *http.Request
|
||||
// write body
|
||||
w.Write(encodedSuccessResponse)
|
||||
}
|
||||
case donut.SignatureDoesNotMatch:
|
||||
writeErrorResponse(w, req, SignatureDoesNotMatch, acceptsContentType, req.URL.Path)
|
||||
case donut.InvalidUploadID:
|
||||
writeErrorResponse(w, req, NoSuchUpload, acceptsContentType, req.URL.Path)
|
||||
default:
|
||||
|
@ -35,7 +35,7 @@ func StripAccessKeyID(ah string) (string, error) {
|
||||
if ah == "" {
|
||||
return "", errors.New("Missing auth header")
|
||||
}
|
||||
authFields := strings.Split(ah, ",")
|
||||
authFields := strings.Split(strings.TrimSpace(ah), ",")
|
||||
if len(authFields) != 3 {
|
||||
return "", errors.New("Missing fields in Auth header")
|
||||
}
|
||||
@ -46,17 +46,17 @@ func StripAccessKeyID(ah string) (string, error) {
|
||||
if authPrefixFields[0] != authHeaderPrefix {
|
||||
return "", errors.New("Missing fields is Auth header")
|
||||
}
|
||||
credentials := strings.Split(authPrefixFields[1], "=")
|
||||
credentials := strings.Split(strings.TrimSpace(authPrefixFields[1]), "=")
|
||||
if len(credentials) != 2 {
|
||||
return "", errors.New("Missing fields in Auth header")
|
||||
}
|
||||
if len(strings.Split(authFields[1], "=")) != 2 {
|
||||
if len(strings.Split(strings.TrimSpace(authFields[1]), "=")) != 2 {
|
||||
return "", errors.New("Missing fields in Auth header")
|
||||
}
|
||||
if len(strings.Split(authFields[2], "=")) != 2 {
|
||||
if len(strings.Split(strings.TrimSpace(authFields[2]), "=")) != 2 {
|
||||
return "", errors.New("Missing fields in Auth header")
|
||||
}
|
||||
accessKeyID := strings.Split(credentials[1], "/")[0]
|
||||
accessKeyID := strings.Split(strings.TrimSpace(credentials[1]), "/")[0]
|
||||
if !auth.IsValidAccessKey(accessKeyID) {
|
||||
return "", errors.New("Invalid access key")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user