summaryrefslogtreecommitdiff
path: root/boto/auth.py
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #2611 from felixonmars/common-tidyDaniel G. Taylor2014-09-221-12/+8
|\ | | | | PEP8 fixes to various common modules. Fixes #2611.
| * common modules: tidy up to meet PEP8 betterFelix Yan2014-09-141-12/+8
| |
* | Fix bug where headers were presigned incorrectly.kyleknap2014-09-101-0/+4
|/ | | | For Sigv4 urls, custom metadata headers were not being presigned correctly.
* fix a typo in auth.py: Bejing -> BeijingFelix Yan2014-09-021-2/+2
|
* Support auth when headers contains bytesDaniel G. Taylor2014-08-131-0/+2
| | | | | | This fixes #2520 by checking whether headers are `bytes` and decoding them before performing string operations. It adds a new test covering this functionality which now passes on all supported Python versions.
* use encodebytes instead of encodestring (#2483)Piotr Bulinski2014-08-011-2/+2
|
* Fix AttributeError: 'Provider' object has no attribute 'encode'Mark Reid2014-07-311-1/+1
| | | | | | 2.32.0 introduces this error - several updates to encode self._provider.secret_key, but one too many that attempt to encode self._provider itself.
* Remove redundant lines in auth.pyOri Avtalion2014-07-081-2/+0
|
* Rebase upstream and fix testsDaniel G. Taylor2014-06-271-1/+1
|
* Initial work to support Python 3.3+Daniel G. Taylor2014-06-271-35/+40
| | | | | | | | | | | | | | | | | This updates most of the code to be forward-compatible with Python 3.3 and 3.4 while still continuing to support 2.6 and 2.7. It **drops** support for Python 2.5. Python 3 support is added for common Boto modules (`boto/*.py`) as well as S3, SQS, Kinesis and CloudTrail. Several other modules may work but have not been thoroughly tested. The `tox` configuration has been updated to run tests for all supported environments, and for now a whitelist is used for Python 3 unit tests. A new porting guide is included to help community members port other modules to Python 3, and both the README and Sphinx index list which modules currently support Python 3.
* Add S3 sigv4 presigningDaniel G. Taylor2014-06-271-0/+53
|
* Comments about where else to update code.Daniel Lindsley2014-03-071-0/+6
|
* Corrected quoted string header value preservationLee Trout2014-03-041-2/+4
|
* Fix dupe header dictLee Trout2014-03-041-1/+0
|
* Merge pull request #2037 from dangra/2033-bugfixDaniel G. Taylor2014-02-241-2/+2
|\ | | | | Prevent implicit string decode in hmac-v4 handlers. Fixes #2037, #2033.
| * Prevent implicit string decode in hmac-v4 handlers. Fix #2033Daniel Graña2014-01-271-2/+2
| |
* | Added opt-in support for EC2.Daniel Lindsley2014-02-041-0/+6
| |
* | Merge remote-tracking branch 'pasc/auth_path_noquery' into developDaniel Lindsley2014-01-311-1/+4
|\ \ | | | | | | | | | Fixes #2042, #1943.
| * | whitespace cleanupPascal Hakim2014-01-281-1/+1
| | |
| * | Remove unnecessary '?' from req.path on POSTkdmukai2013-12-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The if/else logic in add_auth on line 491 only handles if qs and POST. But if you're POSTing with no query string, execution falls into the else condition on line 497 and an unnecessary '?' is added with a blank query string. My elastictranscoder.create_job calls were failing due to the unnecessary '?' in the path. It would return: JSONResponseError: 403 Forbidden {u'message': u"When Content-Type:application/x-www-form-urlencoded, URL cannot include query-string parameters (after '?'): '/2012-09-25/jobs?'"} I'm not sure why, but the bug only happens when running on Google App Engine. My local dev_appserver was able to make the create_job request just fine.
* | | Covered the missing ENV support.Daniel Lindsley2014-01-271-0/+4
| | |
* | | Added tests around opting-in on SigV4 for S3.Daniel Lindsley2014-01-151-0/+3
| |/ |/|
* | Fixed a quoting bug of special characters in S3.Daniel Lindsley2014-01-061-1/+4
| |
* | Updated all old-style inheritance calls.Daniel Lindsley2013-12-231-1/+1
|/
* Merge branch 's3sigv4' into developDaniel Lindsley2013-12-191-12/+186
|\
| * Added conditional signing selection to S3.Daniel Lindsley2013-12-181-0/+10
| |
| * S3 domains are a wee bit non-standard between regions.Daniel Lindsley2013-12-101-20/+36
| | | | | | Just a bit.
| * Fixes to get BJS working - hacks!Daniel G. Taylor2013-12-101-0/+1
| |
| * Sigv4 support for S3 by lindsleyDaniel G. Taylor2013-12-101-12/+159
| |
* | Merge branch 'ec2-bjs' into developDaniel Lindsley2013-12-191-0/+11
|\ \
| * | Added conditional use of SigV4 to EC2.Daniel Lindsley2013-12-131-0/+11
| |/
* | Switched all classes over to new-style classes.Daniel Lindsley2013-12-181-22/+1
|/ | | | Fixes #1918.
* Make connection pooling port-aware, properly use port settings when creating ↵Daniel G. Taylor2013-10-091-6/+10
| | | | new connections.
* Further fixed STS ``assume_role_with_web_identity``.Daniel Lindsley2013-08-191-0/+39
|
* Enable connect_to_region('us-gov-west-1') for all services in GovCloudChristian Arllen2013-08-041-0/+2
| | | | | | | | added region information to the __init__.py for each service additional updates supporting govcloud functionality: - update auth.py HmacAuthV4Handler to return the correct region name - update iam/connection.py to return the correct IAM signin url for govcloud
* normpath in windowAhmed2013-07-221-2/+3
| | | | | | normpath in windows used backslashes '\' instead of '/' which cause dynamodb connection to fail Conflicts: boto/auth.py
* Safely re-introduced the change from SHA: dec541.Daniel Lindsley2013-06-121-1/+4
|
* Revert "Preserve trailing / when canonicalizing URI path for signature V4"Daniel Lindsley2013-06-121-2/+0
| | | | This reverts commit dec541f7e56506342394e466fa6e9d9805dd77fb.
* Preserve trailing / when canonicalizing URI path for signature V4Steve Jones2013-06-071-0/+2
|
* change os.path.normpath to posixpath.normpath because on windows ↵Ori Hoch2013-05-171-2/+2
| | | | os.path.normpath converts forward-slashes to backward-slashes
* Add port to host header when necessary for signature V4Steve Jones2013-05-111-1/+9
|
* Fixed a bug where URIs were properly canonicalized in Sig V4 signatures.Daniel Lindsley2013-05-101-5/+10
|
* Log the S3 signature for debugging purposes.Mitch Garnaat2013-03-181-3/+3
|
* Allow CloudFront API calls using IAM rolesjjhooper2013-01-291-0/+3
| | | | | | When picking up credentials from an IAM instance role, need to add header x-amz-security-token to the request. Otherwise you get InvalidClientTokenId.
* Changed boto auth plugin framework to allow multiple auth plugins supporting ↵Mike Schwartz2013-01-031-17/+12
| | | | requested capability
* Allow service_name/region_name to be overridenJames Saryerwinnie2012-11-211-5/+24
| | | | | | | | For Signature version 4, you can now explicitly set the region_name/service_name that's used for generating the signature. If these attributes are set, then the endpoint url is not used for determining the appropriate credential scope.
* Sort by param keys only for sigv4James Saryerwinnie2012-11-191-2/+1
| | | | | | The sigv4 spec states that the canonical_query_string should be sorted by the param keys only. Boto was previously using 'key=value' as the sort key.
* Fix HmacAuthV4Handler to treat POST parameters properly.Greg Harris2012-10-241-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I ran into this problem when digging into why AWS was returning HTTP 505 Version Not Supported responses for autoscaling's CreateLaunchConfiguration action. In past cases it looks like this error has occurred when the query string of GET requests exceed some threshold (AWS likely reads a fixed size and takes the last 5 bytes on the first line as the HTTP version). Although the AWSQueryConnection.get_object call was set to use POST the actual request consisted of a POST with all of the parameters in the query string. In researching this I figured out the logic to actually map request parameters into the query string (GET requests) or into the request body (POST requests) actually occurs in the add_auth call in _mexe shortly before the request is issued to Amazon. For HmacAuthV4Handler there was no special POST request handling so parameters always came in as query strings with the method 'POST'. This patch does the following: (1) Moves the query string / request body manipulation on HmacAuthV4Handler to before the canonical_request is calculated so that the request body signature is correctly generated. (2) Updates the canonical_uri to look at req.auth_path instead of req.path. Since the query string manipulation is occuring before the request is signed now we need to use the cached version of this field that is set aside for authentication already. (3) Modify canonical_query_string to return '' when a POST request is used. This is because the parameters in a POST request will now be part of the body when calculating the canonical_request to sign. This appears to do the right thing in the cases I've tested. It does blow away the contents of request.body when their is a query string present so if anything ever attempts to make a POST call with both params and data set bad things could happen. This is just copying the behaviour already present in QuerySignatureHelper when a POST request is processed.
* SigV1 apparently needs sha1 verus sha256 hmac digestsAndy Davidoff2012-10-141-0/+5
|
* Condense multiple whitespace into a single spaceJames Saryerwinnie2012-09-281-3/+3
| | | | | | | | | | For sigv4, when computing the cononical headers, any inner whitespace should be condensed to a single whitespace: 'x-amz-foo: foo bar baz' 'x-amx-foo: foo bar baz' Otherwise the signature will be incorrect.
View Lorry Controller Status