wcs: do not include nonce in signed URL to wcs file (#78159) #112
|
@ -147,5 +147,5 @@ def redirect_crypto_url(request, session_key, crypto_url):
|
|||
if '?' not in real_url:
|
||||
real_url += '?'
|
||||
real_url += '&orig=%s' % service['orig']
|
||||
redirect_url = sign_url(real_url, service['secret'])
|
||||
redirect_url = sign_url(real_url, service['secret'], nonce=False)
|
||||
return HttpResponseRedirect(redirect_url)
|
||||
|
|
|
@ -43,7 +43,10 @@ def sign_query(query, key, algo='sha256', timestamp=None, nonce=None):
|
|||
new_query = query
|
||||
if new_query:
|
||||
new_query += '&'
|
||||
new_query += urlencode((('algo', algo), ('timestamp', timestamp), ('nonce', nonce)))
|
||||
params = [('algo', algo), ('timestamp', timestamp)]
|
||||
if nonce:
|
||||
params.append(('nonce', nonce))
|
||||
new_query += urlencode(params)
|
||||
signature = base64.b64encode(sign_string(new_query, key, algo=algo))
|
||||
new_query += '&signature=' + quote(signature)
|
||||
return new_query
|
||||
|
|
|
@ -3,6 +3,7 @@ import json
|
|||
import logging
|
||||
import os
|
||||
import re
|
||||
import urllib.parse
|
||||
from unittest import mock
|
||||
|
||||
import pytest
|
||||
|
@ -733,6 +734,10 @@ def test_json_cell_make_public_url(app):
|
|||
resp = app.get(url)
|
||||
assert '/api/wcs/file/' in resp.text
|
||||
assert 'http://127.0.0.1:8999' not in resp.text
|
||||
resp = app.get(resp.text)
|
||||
qs = urllib.parse.parse_qs(urllib.parse.urlparse(resp.location).query)
|
||||
assert 'signature' in qs
|
||||
assert 'nonce' not in qs
|
||||
|
||||
# url from unknown service
|
||||
cell.template_string = '{% make_public_url url="https://example.net" %}'
|
||||
|
|
Loading…
Reference in New Issue