Skip to content

network: when using API key & secret key drop params #150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2024
Merged

network: when using API key & secret key drop params #150

merged 1 commit into from
May 20, 2024

Conversation

@rohityadavcloud
Copy link
Member

@rohityadavcloud rohityadavcloud commented May 4, 2024

Params need to be dropped as apikey & secretkey based URL has all the params and it causes signature validation issues when the same params are also posted again. For example, add host API with username, password params.

@rohityadavcloud
network: when using API key & secret key drop params
bd8e60f 
Params need to be dropped as apikey & secretkey based URL has all the
params and it causes signature validation issues when the same params
are also posted again. For example, add host API with username, password
params.

Signed-off-by: Rohit Yadav <[email protected]>
@rohityadavcloud
Copy link
Member Author

rohityadavcloud commented May 4, 2024

Steps to reproduce the issue:

  • Create profile with only apikey and secret key set
  • Try to add a host, it fails with HTTP 401, on deep dive - it appears signature fails to match

Fix: don't send both encoded params as part of the URL and also param that may be posted.

@rohityadavcloud rohityadavcloud mentioned this pull request May 5, 2024
Closed
@rohityadavcloud rohityadavcloud added this to the 6.5.0 milestone May 5, 2024
shwstppr
shwstppr approved these changes May 6, 2024
View reviewed changes
Copy link
Contributor

@shwstppr shwstppr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM. Signature is added only for API key and secret key based profiles

@rohityadavcloud rohityadavcloud merged commit 1f45761 into main May 20, 2024
@rohityadavcloud rohityadavcloud deleted the signature-bugfix branch May 20, 2024 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shwstppr shwstppr shwstppr approved these changes

@DaanHoogland DaanHoogland Awaiting requested review from DaanHoogland

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

6.5.0

Development

Successfully merging this pull request may close these issues.

2 participants

@rohityadavcloud @shwstppr