FIX: v4 signing tool

(cherry picked from commit 526dcf4148)
2018-01-12 15:23:20 -08:00
2 changed files with 45 additions and 0 deletions
--- a/lib/auth/auth.js
+++ b/lib/auth/auth.js
@ -1,6 +1,7 @@
 'use strict'; // eslint-disable-line strict

 const crypto = require('crypto');
+const url = require('url');
 const errors = require('../errors');
 const queryString = require('querystring');
 const AuthInfo = require('./AuthInfo');
@ -144,6 +145,7 @@ function doAuth(request, log, cb, awsService, requestContexts) {
    return cb(errors.InternalError);
 }

+
 /**
 * This function will generate a version 4 header
 *
@ -159,6 +161,11 @@ function doAuth(request, log, cb, awsService, requestContexts) {
 function generateV4Headers(request, data, accessKey, secretKeyValue,
                           awsService, proxyPath) {
    Object.assign(request, { headers: {} });
+    // hold the full path to restore the request after creating signature
+    const holdPath = request.path;
+    // pull the path without the query since canonical uri is without query
+    // eslint-disable-next-line no-param-reassign
+    request.path = url.parse(request.path, true).pathname;
    const amzDate = convertUTCtoISO8601(Date.now());
    // get date without time
    const scopeDate = amzDate.slice(0, amzDate.indexOf('T'));
@ -202,6 +209,9 @@ function generateV4Headers(request, data, accessKey, secretKeyValue,
        `Signature=${signature}`;
    request.setHeader('authorization', authorizationHeader);
    Object.assign(request, { headers: {} });
+    // restore path
+    // eslint-disable-next-line no-param-reassign
+    request.path = holdPath;
 }

 module.exports = {
--- a/tests/unit/auth/v4/generateV4Headers.js
+++ b/tests/unit/auth/v4/generateV4Headers.js
@ -0,0 +1,35 @@
+'use strict'; // eslint-disable-line strict
+
+const http = require('http');
+const assert = require('assert');
+const lolex = require('lolex');
+
+const generateV4Headers = require('../../../../lib/auth/auth')
+    .client.generateV4Headers;
+
+describe('generateV4Headers', () => {
+    it('should generate valid v4 headers for signing a ' +
+        'request even when request has a query', () => {
+        const query = 'userMd.`x-amz-meta-dog`="labrador"';
+        const escapedSearch = encodeURIComponent(query);
+        const options = {
+            host: '127.0.0.1',
+            port: '8000',
+            method: 'GET',
+            path: `/searchdemo/?search=${escapedSearch}`,
+            headers: { 'Content-Length': 0 },
+        };
+        const request = http.request(options, () => {});
+        const clock = lolex.install(1515718759886);
+        generateV4Headers(request, { search: query },
+            'accessKey1', 'verySecretKey1', 's3');
+        const result = request._headers.authorization;
+        clock.uninstall();
+        assert.strictEqual(result,
+            'AWS4-HMAC-SHA256 Credential=accessKey1' +
+            '/20180112/us-east-1/s3/aws4_request, ' +
+            'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' +
+            'Signature=84b568558470827963fb6aeb1ba4747d75e394dc2' +
+            '14044febe2ec3247de6a839');
+    });
+});