diff options
author | jonyrock <ilms@live.ru> | 2013-07-11 12:32:07 +0400 |
---|---|---|
committer | Thom May <thom@may.lt> | 2016-06-08 11:37:26 +0100 |
commit | dde604f3c3d55240ad04e6b87c0318fc075e5d72 (patch) | |
tree | 98f27dd5fd9bf76adb8e40c73d9097ca703a81cf /lib | |
parent | 8cd4ab1ad2b48cf92b45cd980279f7d5b836892f (diff) | |
download | mixlib-authentication-dde604f3c3d55240ad04e6b87c0318fc075e5d72.tar.gz |
Fix following bug:
It's possible that a request contains more than nine headers like "x_ops_authorization_n".
In this case headers will be sorted in the wrong way. The first will be "x_ops_authorization_1",
the second "x_ops_authorization_10" and so on. So that request signature transfered by parts in "x_ops_authorization_n" headers will be reconstructed in wrong way. So that authentication will fail.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mixlib/authentication/http_authentication_request.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/mixlib/authentication/http_authentication_request.rb b/lib/mixlib/authentication/http_authentication_request.rb index 819f8f5..b573d2d 100644 --- a/lib/mixlib/authentication/http_authentication_request.rb +++ b/lib/mixlib/authentication/http_authentication_request.rb @@ -70,7 +70,8 @@ module Mixlib def request_signature unless @request_signature - @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x, y| x.to_s <=> y.to_s }.map { |i| i[1] }.join("\n") + @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ } + .sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map { |i| i[1] }.join("\n") Mixlib::Authentication::Log.debug "Reconstituted (user-supplied) request signature: #{@request_signature}" end @request_signature |