Compare commits
No commits in common. "d0a7d6701d56ac7ea7959c6908efddd9fdfb8447" and "15958fdfef54e9ba0952f3ff081dc0f1a06decfb" have entirely different histories.
d0a7d6701d
...
15958fdfef
|
@ -5,15 +5,11 @@ general:
|
|||
- /^ultron\/.*/ # Ignore ultron/* branches
|
||||
|
||||
machine:
|
||||
environment:
|
||||
CXX: g++-4.9
|
||||
node:
|
||||
version: 4.5.0
|
||||
|
||||
dependencies:
|
||||
override:
|
||||
- rm -rf node_modules
|
||||
- npm install
|
||||
pre:
|
||||
- sudo pip install yamllint
|
||||
|
||||
test:
|
||||
|
|
|
@ -13,8 +13,8 @@ function check(request, log, data) {
|
|||
}
|
||||
/*
|
||||
Check whether request has expired or if
|
||||
expires parameter is more than 604800000 milliseconds
|
||||
(7 days) in the future.
|
||||
expires parameter is more than 100000000 milliseconds
|
||||
(1 day and 4 hours) in the future.
|
||||
Expires time is provided in seconds so need to
|
||||
multiply by 1000 to obtain
|
||||
milliseconds to compare to Date.now()
|
||||
|
@ -27,8 +27,8 @@ function check(request, log, data) {
|
|||
}
|
||||
|
||||
const currentTime = Date.now();
|
||||
// 604800000 ms (seven days).
|
||||
if (expirationTime > currentTime + 604800000) {
|
||||
// 100000000 ms (one day and 4 hours).
|
||||
if (expirationTime > currentTime + 100000000) {
|
||||
log.debug('expires parameter too far in future',
|
||||
{ expires: request.query.Expires });
|
||||
return { err: errors.AccessDenied };
|
||||
|
|
|
@ -32,7 +32,7 @@ function _toHexUTF8(char) {
|
|||
return res;
|
||||
}
|
||||
|
||||
function awsURIencode(input, encodeSlash, noEncodeStar) {
|
||||
function awsURIencode(input, encodeSlash) {
|
||||
const encSlash = encodeSlash === undefined ? true : encodeSlash;
|
||||
let encoded = '';
|
||||
for (let i = 0; i < input.length; i++) {
|
||||
|
@ -47,8 +47,6 @@ function awsURIencode(input, encodeSlash, noEncodeStar) {
|
|||
encoded = encoded.concat('%20');
|
||||
} else if (ch === '/') {
|
||||
encoded = encoded.concat(encSlash ? '%2F' : ch);
|
||||
} else if (ch === '*') {
|
||||
encoded = encoded.concat(noEncodeStar ? '*' : '%2A');
|
||||
} else {
|
||||
encoded = encoded.concat(_toHexUTF8(ch));
|
||||
}
|
||||
|
|
|
@ -27,16 +27,8 @@ function createCanonicalRequest(params) {
|
|||
payloadChecksum = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b' +
|
||||
'934ca495991b7852b855';
|
||||
} else if (pHttpVerb === 'POST') {
|
||||
let notEncodeStar = false;
|
||||
// The java sdk does not encode the '*' parameter to compute the
|
||||
// signature, if the user-agent is recognized, we need to keep
|
||||
// the plain '*' as well.
|
||||
if (/aws-sdk-java\/[0-9.]+/.test(pHeaders['user-agent'])) {
|
||||
notEncodeStar = true;
|
||||
}
|
||||
let payload = queryString.stringify(pQuery, null, null, {
|
||||
encodeURIComponent: input => awsURIencode(input, false,
|
||||
notEncodeStar),
|
||||
encodeURIComponent: awsURIencode,
|
||||
});
|
||||
payload = payload.replace(/%20/g, '+');
|
||||
payloadChecksum = crypto.createHash('sha256')
|
||||
|
|
|
@ -99,8 +99,7 @@ function extractQueryParams(queryObj, log) {
|
|||
}
|
||||
|
||||
const expiry = Number.parseInt(queryObj['X-Amz-Expires'], 10);
|
||||
const sevenDays = 604800;
|
||||
if (expiry && (expiry > 0 && expiry <= sevenDays)) {
|
||||
if (expiry && (expiry > 0 && expiry < 604801)) {
|
||||
authParams.expiry = expiry;
|
||||
} else {
|
||||
log.warn('invalid expiry', { expiry });
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "arsenal",
|
||||
"version": "6.4.7",
|
||||
"version": "1.1.0",
|
||||
"description": "Common utilities for the S3 project components",
|
||||
"main": "index.js",
|
||||
"repository": {
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
'use strict'; // eslint-disable-line strict
|
||||
|
||||
const assert = require('assert');
|
||||
const awsURIencode =
|
||||
require('../../../../lib/auth/v4/awsURIencode');
|
||||
|
||||
const createCanonicalRequest =
|
||||
require('../../../../lib/auth/v4/createCanonicalRequest');
|
||||
|
||||
|
@ -46,50 +45,6 @@ describe('createCanonicalRequest function', () => {
|
|||
assert.strictEqual(actualOutput, expectedOutput);
|
||||
});
|
||||
|
||||
const msg = 'S3C-820: aws java sdk should not encode * ' +
|
||||
'character for signature';
|
||||
it(msg, () => {
|
||||
const doc = JSON.stringify({
|
||||
Statement: [{
|
||||
Action: 's3:*',
|
||||
}],
|
||||
});
|
||||
const params = {
|
||||
pHttpVerb: 'POST',
|
||||
pResource: '/',
|
||||
pQuery: {
|
||||
PolicyDocument: doc,
|
||||
},
|
||||
pHeaders: {
|
||||
'host': 'examplebucket.s3.amazonaws.com',
|
||||
'x-amz-date': '20130524T000000Z',
|
||||
'user-agent': 'aws-sdk-java/1.11',
|
||||
'authorization': 'AWS4-HMAC-SHA256 Credential' +
|
||||
'=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/' +
|
||||
's3/aws4_request,SignedHeaders=host;user-agent' +
|
||||
'x-amz-content-sha256;x-amz-date,Signature=' +
|
||||
'f0e8bdb87c964420e857bd35b5d6ed310bd44f' +
|
||||
'0170aba48dd91039c6036bdb41',
|
||||
'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c' +
|
||||
'8996fb92427ae41e4649b934ca495991b7852b855',
|
||||
},
|
||||
pSignedHeaders: 'host;user-agent;x-amz-content-sha256;x-amz-date',
|
||||
};
|
||||
const expectedOutput = 'POST\n' +
|
||||
'/\n' +
|
||||
`PolicyDocument=${awsURIencode(doc)}\n` +
|
||||
'host:examplebucket.s3.amazonaws.com\n' +
|
||||
'user-agent:aws-sdk-java/1.11\n' +
|
||||
'x-amz-content-sha256:e3b0c44298fc1c149afbf4c' +
|
||||
'8996fb92427ae41e4649b934ca495991b7852b855\n' +
|
||||
'x-amz-date:20130524T000000Z\n\n' +
|
||||
'host;user-agent;x-amz-content-sha256;x-amz-date\n' +
|
||||
'25775fcf6b536b361aadce0c5f1afb46eb945dbdd6c3a7723b18300234a89588';
|
||||
const actualOutput = createCanonicalRequest(params);
|
||||
assert.strictEqual(actualOutput, expectedOutput);
|
||||
});
|
||||
|
||||
|
||||
// Example taken from: http://docs.aws.amazon.com/AmazonS3/
|
||||
// latest/API/sig-v4-header-based-auth.html
|
||||
it('should construct a canonical request in accordance ' +
|
||||
|
|
|
@ -199,30 +199,4 @@ describe('v4 queryAuthCheck', () => {
|
|||
assert.strictEqual(res.params.version, 4);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should successfully return v4 and no error if X-Amz-Expires param ' +
|
||||
'is 604800 (7 days)', done => {
|
||||
// Freezes time so date created within function will be Feb 8, 2016
|
||||
const clock = lolex.install(1454974984001);
|
||||
const alteredRequest = createAlteredRequest({ 'X-Amz-Expires':
|
||||
604800 }, 'query', request, query);
|
||||
const res = queryAuthCheck(alteredRequest, log, alteredRequest.query);
|
||||
clock.uninstall();
|
||||
assert.deepStrictEqual(res.err, null);
|
||||
assert.strictEqual(res.params.version, 4);
|
||||
done();
|
||||
});
|
||||
|
||||
it('should successfully return v4 and no error if X-Amz-Expires param ' +
|
||||
'is less thant 604800 (7 days)', done => {
|
||||
// Freezes time so date created within function will be Feb 8, 2016
|
||||
const clock = lolex.install(1454974984001);
|
||||
const alteredRequest = createAlteredRequest({ 'X-Amz-Expires':
|
||||
604799 }, 'query', request, query);
|
||||
const res = queryAuthCheck(alteredRequest, log, alteredRequest.query);
|
||||
clock.uninstall();
|
||||
assert.deepStrictEqual(res.err, null);
|
||||
assert.strictEqual(res.params.version, 4);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue