Compare commits

..

2 Commits

Author SHA1 Message Date
Rahul Padigela 3a367fceef Merge pull request #189 from scality/bf/sortQueryParam
BF: Sort query params for v4 auth.
2016-11-02 10:14:57 -07:00
Lauren Spiegel 205f7240f1 BF: Sort query params for v4 auth.
Before this change we were only taking into account
capital letters that appeared at the beginning of a query
param key.  With this change we take into account
capital letters throughout the key.
2016-11-01 18:38:56 -07:00
2 changed files with 9 additions and 24 deletions

View File

@ -41,31 +41,11 @@ function createCanonicalRequest(params) {
// canonical query string // canonical query string
let canonicalQueryStr = ''; let canonicalQueryStr = '';
if (pQuery && !(service === 'iam' && pHttpVerb === 'POST')) { if (pQuery && !(service === 'iam' && pHttpVerb === 'POST')) {
const queryParams = Object.keys(pQuery).map(key => { const sortedQueryParams = Object.keys(pQuery).sort().map(key => {
const encodedKey = awsURIencode(key);
const value = pQuery[key] ? awsURIencode(pQuery[key]) : ''; const value = pQuery[key] ? awsURIencode(pQuery[key]) : '';
return { return `${encodedKey}=${value}`;
qParam: awsURIencode(key),
value,
};
}); });
queryParams.sort((a, b) => {
if (a.qParam[0] && b.qParam[0]) {
if (a.qParam[0].toUpperCase() === a.qParam[0]
&& b.qParam[0].toUpperCase() !== b.qParam[0]) {
// a is capitalized so comes first
return -1;
}
if (b.qParam[0].toUpperCase() === b.qParam[0]
&& a.qParam[0].toUpperCase() !== a.qParam[0]) {
// b is capitalized so comes first
return 1;
}
}
return a.qParam.localeCompare(b.qParam);
});
const sortedQueryParams = queryParams.map(item =>
`${item.qParam}=${item.value}`);
canonicalQueryStr = sortedQueryParams.join('&'); canonicalQueryStr = sortedQueryParams.join('&');
} }

View File

@ -136,6 +136,8 @@ describe('createCanonicalRequest function', () => {
'X-Amz-Date': '20130524T000000Z', 'X-Amz-Date': '20130524T000000Z',
'X-Amz-Credential': 'AKIAIOSFODNN7EXAMPLE/20130524/' + 'X-Amz-Credential': 'AKIAIOSFODNN7EXAMPLE/20130524/' +
'us-east-1/s3/aws4_request', 'us-east-1/s3/aws4_request',
'X-Amz-Meta-camelCase': 'before',
'X-Amz-Meta-camelcase': 'after',
}, },
pHeaders: { pHeaders: {
host: 'examplebucket.s3.amazonaws.com', host: 'examplebucket.s3.amazonaws.com',
@ -148,7 +150,10 @@ describe('createCanonicalRequest function', () => {
'X-Amz-Algorithm=AWS4-HMAC-SHA256&' + 'X-Amz-Algorithm=AWS4-HMAC-SHA256&' +
'X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2' + 'X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2' +
'Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000' + 'Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000' +
'Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host' + 'Z&X-Amz-Expires=86400' +
'&X-Amz-Meta-camelCase=before' +
'&X-Amz-Meta-camelcase=after' +
'&X-Amz-SignedHeaders=host' +
'&x-amz-acl=public\n' + '&x-amz-acl=public\n' +
'host:examplebucket.s3.amazonaws.com\n' + 'host:examplebucket.s3.amazonaws.com\n' +
'x-amz-acl:public\n\n' + 'x-amz-acl:public\n\n' +