Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to encode each path segment #12

Closed
Ryan-McMillan opened this issue Aug 13, 2019 · 5 comments · Fixed by #16 or #18
Closed

Need to encode each path segment #12

Ryan-McMillan opened this issue Aug 13, 2019 · 5 comments · Fixed by #16 or #18
Labels
no-issue-activity

Comments

@Ryan-McMillan
Copy link

Was seeing some signing errors and narrowed it down to path segments needing to be encoded.

It looks like adding ".map(encodeURIComponent)" in the path function solves the issue:

function path (ref) {
        var url = ref.url;

        return url.pathname
        .replace(multipleSlashesRegex, "/")
        .split("/")
        .reduce(function (prev, curr) {
            if(curr === "..") {
                prev.pop();

                return prev;
            }

            if(curr === ".") {
                return prev;
            }

            prev.push(curr);

            return prev;
        }, [])
        .map(encodeURIComponent)
        .join("/");
}

References: (ctrl + f "segment")
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
https://docs.aws.amazon.com/AlexaWebInfoService/latest/CalculatingSignatures.html
tivac added a commit that referenced this issue Aug 14, 2019
@tivac
fix: encode each path segment invidiually
16f599c 
Previously was using the implicit encoding from url.pathname but it's not thorough enough. So now decoding from that value to get the raw bit, then when it's split up into pieces encoding each of those as we go.

Fixes #12
@tivac tivac mentioned this issue Aug 14, 2019
Merged
@tivac tivac closed this as completed in #16 Aug 14, 2019
tivac added a commit that referenced this issue Aug 14, 2019
@tivac
refactor: modernize and clean up (#16)
e63b727 
Simplifying testing infrastructure, improving test coverage, and removing unnecessary code.

Also Fixes #12, previously was using the implicit encoding from url.pathname but it's not thorough enough. So now decoding from that value to get the raw bit, then when it's split up into pieces encoding each of those as we go.
@tivac
Copy link
Owner

tivac commented Aug 14, 2019

Need to be sure that this handles url encoded values as part of the path.

Here's an example of the raw value:

arn:aws:thing:us-west-2::session/fleet-cd38eef3-f782-487d-a9cd-6bc188d4a9c3/e16d3f92-2d22-4844-995c-4b52bd98fcac

And here's an example of what it would look like in a URL:

https://aws.amazon.com/arn%3Aaws%3Athing%3Aus-west-2%3A%3Asession%2Ffleet-cd38eef3-f782-487d-a9cd-6bc188d4a9c3%2Fe16d3f92-2d22-4844-995c-4b52bd98fcac

Here's what needs to happen:

  • Remove decode call
  • Change test to ensure that the weird values are url-encoded before passing to sign()
  • Document in the README that URLs should be encoded before passing to aws-sig

@tivac tivac reopened this Aug 14, 2019
@tivac
Copy link
Owner

tivac commented Aug 15, 2019

This change started failing some of the official AWS sigv4 test suite examples and I was super concerned I was misunderstanding something.

Nope. Turns out the official test suite has bad examples in it. Oy vey.

So, given that I've grabbed the latest version of the sigv4 test suite and I'm gonna stare at that chart for a while and see if I can figure out wtf to do here.

@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

This issue is stale because it has been open 30 days with no activity. Remove "no-issue-activity" label or comment or this will be closed in 5 days

@tivac tivac reopened this Aug 19, 2019
@tivac
Copy link
Owner

tivac commented Aug 19, 2019

This bot sucks.

@tivac tivac mentioned this issue Aug 19, 2019
Merged
@tivac tivac closed this as completed in #18 Aug 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-issue-activity
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Modernize and clean up tivac/aws-sig
fix: double-encoding paths correctly tivac/aws-sig
2 participants
@tivac @Ryan-McMillan