From 4f27e349747c3756925287b3be0a105faa75d956 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Mon, 12 Aug 2024 11:17:16 +0300
Subject: [PATCH] [#456] auth: Fix authentication for POST Object

During post object operation field AuthHeader in middleware.Box wasn't set
that led to panic

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 api/auth/center.go      | 14 ++++++++++++--
 api/auth/center_test.go |  3 ++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/api/auth/center.go b/api/auth/center.go
index 72fb7fe..dafa9c1 100644
--- a/api/auth/center.go
+++ b/api/auth/center.go
@@ -270,7 +270,9 @@ func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 		return nil, fmt.Errorf("failed to parse x-amz-date field: %w", err)
 	}
 
-	addr, err := getAddress(submatches["access_key_id"])
+	accessKeyID := submatches["access_key_id"]
+
+	addr, err := getAddress(accessKeyID)
 	if err != nil {
 		return nil, err
 	}
@@ -290,7 +292,15 @@ func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 			reqSignature, signature)
 	}
 
-	return &middleware.Box{AccessBox: box, Attributes: attrs}, nil
+	return &middleware.Box{
+		AccessBox: box,
+		AuthHeaders: &middleware.AuthHeader{
+			AccessKeyID: accessKeyID,
+			Region:      region,
+			SignatureV4: signature,
+		},
+		Attributes: attrs,
+	}, nil
 }
 
 func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
diff --git a/api/auth/center_test.go b/api/auth/center_test.go
index e2feb73..d70ad6d 100644
--- a/api/auth/center_test.go
+++ b/api/auth/center_test.go
@@ -434,7 +434,7 @@ func TestAuthenticate(t *testing.T) {
 
 func TestHTTPPostAuthenticate(t *testing.T) {
 	const (
-		policyBase64     = "eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJhY2wiOiAicHVibGljLXJlYWQiIH0sCiAgICB7ImJ1Y2tldCI6ICJqb2huc21pdGgiIH0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogIF0KfQ=="
+		policyBase64     = "eyJleHBpcmF0aW9uIjogIjIwMjUtMTItMDFUMTI6MDA6MDAuMDAwWiIsImNvbmRpdGlvbnMiOiBbCiBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1jcmVkZW50aWFsIiwgIiJdLAogWyJzdGFydHMtd2l0aCIsICIkeC1hbXotZGF0ZSIsICIiXQpdfQ=="
 		invalidValue     = "invalid-value"
 		defaultFieldName = "file"
 		service          = "s3"
@@ -602,6 +602,7 @@ func TestHTTPPostAuthenticate(t *testing.T) {
 			} else {
 				require.NoError(t, err)
 				require.Equal(t, secret.SecretKey, box.AccessBox.Gate.SecretKey)
+				require.Equal(t, accessKeyID, box.AuthHeaders.AccessKeyID)
 			}
 		})
 	}