diff options
| author | Tim Hinderliter <tim@opscode.com> | 2010-03-04 18:34:07 -0800 |
|---|---|---|
| committer | Tim Hinderliter <tim@opscode.com> | 2010-03-04 18:34:07 -0800 |
| commit | e4ec558e22e9aa63f554cd9f779874ba21dbb436 (patch) | |
| tree | f3ac62cae5a66a776f7025e45f732b7ea3114c23 | |
| parent | ce4c935409bbeed86113c21c51e79cd052b8bf5a (diff) | |
| parent | aab4c4b3ec2382f5b9a06f5010150ee3290801f5 (diff) | |
| download | mixlib-authentication-e4ec558e22e9aa63f554cd9f779874ba21dbb436.tar.gz | |
Merge remote branch 'timh/CHEF-780-2'
| -rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 17 | ||||
| -rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 7 |
2 files changed, 19 insertions, 5 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index d067a2e..2528923 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -66,17 +66,26 @@ module Mixlib @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n") Mixlib::Authentication::Log.debug "Reconstituted request signature: #{@request_signature}" + # The request signature is based on any file attached, if any. Otherwise + # it's based on the body of the request. + # TODO: tim: 2009-12-28: It'd be nice to remove this special case, and + # always hash the entire request body. In the file case it would just be + # expanded multipart text - the entire body of the POST. + # # Pull out any file that was attached to this request, using multipart # form uploads. # Depending on the server we're running in, multipart form uploads are # handed to us differently. # - In Passenger (Cookbooks Community Site), the File is handed to us # directly in the params hash. The name is whatever the client used, - # its value is therefore a File or Tempfile. + # its value is therefore a File or Tempfile. + # e.g. request['file_param'] = File + # # - In Merb (Chef server), the File is wrapped. The original parameter - # name used for the file is passed in with a Hash value. Within the hash - # is a name/value pair named 'file' which actually contains the Tempfile - # instance. + # name used for the file is used, but its value is a Hash. Within + # the hash is a name/value pair named 'file' which actually + # contains the Tempfile instance. + # e.g. request['file_param'] = { :file => Tempfile } file_param = request.params.values.find { |value| value.respond_to?(:read) } # No file_param; we're running in Merb, or it's just not there.. diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 7e9aaa4..63fd352 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -84,7 +84,12 @@ module Mixlib end def hashed_body - @hashed_body ||= self.file ? digester.hash_file(self.file) : digester.hash_string(self.body) + # Hash the file object if it was passed in, otherwise hash based on + # the body. + # TODO: tim 2009-12-28: It'd be nice to just remove this special case, + # always sign the entire request body, using the expanded multipart + # body in the case of a file being include. + @hashed_body ||= (self.file && self.file.respond_to?(:read)) ? digester.hash_file(self.file) : digester.hash_string(self.body) end # Takes HTTP request method & headers and creates a canonical form |