URL path segment not properly encoded when using signature authentication - Githubissues

RelationalAI / rai-sdk-python

The RelationalAI Software Development Kit (SDK) for Python.

Apache License 2.0

17 stars 4 forks source link

URL path segment not properly encoded when using signature authentication #15

Closed geokollias closed 3 years ago

geokollias commented 3 years ago

Request signing follows the AWS v4 spec. According to it:

The canonical URI is the URI-encoded version of the absolute path component of the URI, which is everything in the URI from the HTTP host to the question mark character ("?") that begins the query string parameters (if any).

Normalize URI paths according to RFC 3986. Remove redundant and relative path components. Each path segment must be URI-encoded twice (...)

As an example, /documents and settings should be encoded to /documents%2520and%2520settings. Similarly, /users/auth0|60e58bb864244200711c30ae should be encoded to /users/auth0%257C60e58bb864244200711c30ae.

Currently, no such encoding takes place.

Segflow commented 3 years ago

I think that's the result of URL encoding twice.

urlencode(" ") is "%20"

urlencode("%") is "%25"

So I think that %2520 is the result of urlencode(urlencode(" ")).

Also, won't we drop the sign based auth in favor of oauth-client creds anyway?

EDIT: I just noticed that the double encoding is already mentioned in the quoted docs added by george

geokollias commented 3 years ago

Also, won't we drop the sign based auth in favor of oauth-client creds anyway?

Yeah, but since we found the issue anyway I figured better to fix it.

billscheidel-rai commented 1 year ago

Note: This issue has been migrated to https://relationalai.atlassian.net/browse/RAI-3804.

This link is only accessible to employees of RelationalAI.