search

Azure / Azurite

A lightweight server clone of Azure Storage that simulates most of the commands supported by it with minimal dependencies
MIT License
1.8k stars 320 forks source link

Bug in Azurite Container, cannot handle signature with pluses in them. #2341

Open jacobmurrey opened 7 months ago

jacobmurrey commented 7 months ago

Which service(blob, file, queue, table) does this issue concern?

Blob Storage

Which version of the Azurite was used?

3.29.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

Visual Studio Version 17.8.3

What's the Node.js version?

v18.13.0

What problem was encountered?

When using Azurite for integration testing we came across a situation where we get intermittent errors with authorization: Azure.RequestFailedException : Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature. RequestId:d9959d4c-76d5-43b8-b3e7-dba434cdb288 Time:2024-01-11T14:37:51.585Z Status: 403 (Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.)

Steps to reproduce the issue?

In an integration test, trying to upload a document to blob storage.
We generated a log file and found out that a ‘+’ in the signature seems to be the issue: 2024-01-11T14:37:51.585Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 info: BlobSASAuthenticator:validate() Validate signature based account key1. 2024-01-11T14:37:51.585Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 debug: BlobSASAuthenticator:validate() String to sign is: “rwdyi\n2024-01-10T14:37:51Z\n2024-01-11T15:37:51Z\n/blob/devstoreaccount1/documents/docType/referenceType/referenceId/fileName\n\n\n\n2023-11-03\nb\n\n\n\n\n\n\n” 2024-01-11T14:37:51.585Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 debug: BlobSASAuthenticator:validate() Calculated signature is: pdTqjgXw8u/ZRvqndCShlAj4VqooAfO69KH5/moq+Xc= 2024-01-11T14:37:51.585Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 info: BlobSASAuthenticator:validate() Signature based on key1 validation failed. 2024-01-11T14:37:51.586Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 error: ErrorMiddleware: Received a MiddlewareError, fill error information to HTTP response 2024-01-11T14:37:51.586Z d9959d4c-76d5-43b8-b3e7-dba434cdb288 error: ErrorMiddleware: ErrorName=StorageError ErrorMessage=Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature. ErrorHTTPStatusCode=403 ErrorHTTPStatusMessage=Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature. ErrorHTTPHeaders={“x-ms-error-code”:“AuthorizationFailure”,“x-ms-request-id”:“d9959d4c-76d5-43b8-b3e7-dba434cdb288”} ErrorHTTPBody=“<?xml version=“1.0” encoding=“UTF-8” standalone=“yes”?>\n\n AuthorizationFailure\n Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:d9959d4c-76d5-43b8-b3e7-dba434cdb288\nTime:2024-01-11T14:37:51.585Z\n” ErrorStack=“StorageError: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\n at Function.getAuthorizationFailure (/opt/azurite/dist/src/blob/errors/StorageErrorFactory.js:137:16)\n at /opt/azurite/dist/src/blob/middlewares/AuthenticationMiddlewareFactory.js:25:56\n at processTicksAndRejections (internal/process/task_queues.js:95:5)”

WE only get the auth failure when the key in bold above has a plus in it. So it fails randomly.

debug.log

Have you found a mitigation/solution?

No

EmmaZhu commented 7 months ago

Hi @jacobmurrey ,

Can you share which client(SDK) are you using to connect to Azurite, and the code segment where you got this error?

We'll try to have a reproduce to help for debuging.

jacobmurrey commented 7 months ago

Here are the azure versions the client is using.

Here is the code for the test and the line that breaks (red):

public async Task UploadDocuments_ReturnsUrl() { // Act var response = await _documentsClient.UploadDocumentMutation.ExecuteAsync("docType", "fileName", "referenceId", "referenceType");

  // Assert
  response.Errors.Count.Should().Be(0);
  response.Data.UploadDocument.Should().NotBeNull();

response.Data.UploadDocument.String.Should().Contain("devstoreaccount1/documents/docType/referenceType/referenceId/fileName");

  // Act
  var blobClient = new BlobClient(new Uri(response.Data.UploadDocument.String));

  using (MemoryStream memStream = new MemoryStream(100))
  {
        byte[] data = new UnicodeEncoding().GetBytes("TEST DATA");
        memStream.Write(data, 0, data.Length);
        memStream.Seek(0, SeekOrigin.Begin);

        var uploadResponse = await blobClient.UploadAsync(memStream);
        // Assert
        uploadResponse.Value.Should().NotBeNull();
        uploadResponse.GetRawResponse().Status.Should().Be(201);
  }

}

Please let me know if you have any further questions.

Thanks tom

From: EmmaZhu-MSFT @.> Sent: Thursday, January 11, 2024 8:06 PM To: Azure/Azurite @.> Cc: Tom Mason @.>; Mention @.> Subject: Re: [Azure/Azurite] Bug in Azurite Container, cannot handle signature with pluses in them. (Issue #2341)

Hi @jacobmurreyhttps://github.com/jacobmurrey ,

Can you share which client(SDK) are you using to connect to Azurite, and the code segment where you got this error?

We'll try to have a reproduce to help for debuging.

- Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azurite/issues/2341#issuecomment-1888300102, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BEVBE43QN2DTCMHAWD7P5KTYOCLB3AVCNFSM6AAAAABBXGWPGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBYGMYDAMJQGI. You are receiving this because you were mentioned.Message ID: @.**@.>>