[#19] Bug with AccessKey

Closes #19. Signed-off-by: Pavel Korotkov <pkorotkov@gmail.com>
2020-08-19 16:28:17 +03:00 · 2020-08-19 16:28:17 +03:00 · 0528eed7b6
parent 9986a82fca
commit 0528eed7b6
1 changed files with 4 additions and 3 deletions
--- a/auth/center.go
+++ b/auth/center.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/ecdsa"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"regexp"
@ -22,7 +23,7 @@ import (
 	"go.uber.org/zap"
 )

-var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
+var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)/(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)

 const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`

@ -84,7 +85,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear
 		return nil, errors.New("unsupported request: wrong length of Authorization header field")
 	}
 	sms1 := center.submatcher.getSubmatches(authHeaderField[0])
-	if len(sms1) != 6 {
+	if len(sms1) != 7 {
 		return nil, errors.New("bad Authorization header field")
 	}
 	signedHeaderFieldsNames := strings.Split(sms1["signed_header_fields"], ";")
@ -95,7 +96,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to parse x-amz-date header field")
 	}
-	accessKeyID := sms1["access_key_id"]
+	accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
 	bearerToken, secretAccessKey, err := center.fetchBearerToken(accessKeyID)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to fetch bearer token")