From 6030ef859c93c6472443e0221bfcdc9c8a3466ce Mon Sep 17 00:00:00 2001 From: kyleknap Date: Wed, 10 Sep 2014 14:42:47 -0700 Subject: Fix bug where headers were presigned incorrectly. For Sigv4 urls, custom metadata headers were not being presigned correctly. --- boto/auth.py | 4 ++++ tests/unit/s3/test_connection.py | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/boto/auth.py b/boto/auth.py index df8dcccd..0d42dd52 100644 --- a/boto/auth.py +++ b/boto/auth.py @@ -705,6 +705,10 @@ class S3HmacAuthV4Handler(HmacAuthV4Handler, AuthHandler): if self._provider.security_token: params['X-Amz-Security-Token'] = self._provider.security_token + headers_to_sign = self.headers_to_sign(req) + l = sorted(['%s' % n.lower().strip() for n in headers_to_sign]) + params['X-Amz-SignedHeaders'] = ';'.join(l) + req.params.update(params) cr = self.canonical_request(req) diff --git a/tests/unit/s3/test_connection.py b/tests/unit/s3/test_connection.py index 35ebce97..5839a6a2 100644 --- a/tests/unit/s3/test_connection.py +++ b/tests/unit/s3/test_connection.py @@ -135,6 +135,26 @@ class TestSigV4Presigned(MockServiceWithConfigTestCase): self.assertIn('VersionId=2', url) self.assertIn('X-Amz-Security-Token=token', url) + def test_sigv4_presign_headers(self): + self.config = { + 's3': { + 'use-sigv4': True, + } + } + + conn = self.connection_class( + aws_access_key_id='less', + aws_secret_access_key='more', + host='s3.amazonaws.com' + ) + + headers = {'x-amz-meta-key': 'val'} + url = conn.generate_url_sigv4(86400, 'GET', bucket='examplebucket', + key='test.txt', headers=headers) + + self.assertIn('host', url) + self.assertIn('x-amz-meta-key', url) + class TestUnicodeCallingFormat(AWSMockServiceTestCase): connection_class = S3Connection -- cgit v1.2.1