Merge branch 'main' into parse-stream-tweaking

r-lib · Jan 24, 2025 · 57d21cb · 57d21cb
2 parents 4fd89fd + 97d2944
commit 57d21cb
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 1 deletion.
diff --git a/NEWS.md b/NEWS.md
@@ -1,6 +1,7 @@
 # httr2 (development version)
 
 * `resp_stream_sse()` now automatically retrieves the next event if the current event contains no data. The data is now returned as a single string (#650).
+* `aws_v4_signature()` now works if url contains query parameters (@jeffreyzuber, #645).
 
 # httr2 1.1.0
 

diff --git a/R/req-auth-aws.R b/R/req-auth-aws.R
@@ -129,7 +129,7 @@ aws_v4_signature <- function(method,
     CanonicalQueryString <- ""
   } else {
     sorted_query <- url$query[order(names(url$query))]
-    CanonicalQueryString <- url_query_build(CanonicalQueryString)
+    CanonicalQueryString <- url_query_build(sorted_query)
   }
 
   headers$host <- url$hostname

diff --git a/tests/testthat/_snaps/req-auth-aws.md b/tests/testthat/_snaps/req-auth-aws.md
@@ -1,3 +1,21 @@
+# aws_v4_signature calculates correct signature
+
+    Code
+      signature
+    Output
+      $CanonicalRequest
+      [1] "POST\n/v0/\n\nhost:example.execute-api.us-east-1.amazonaws.com\n\nhost\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+      
+      $string_to_sign
+      [1] "AWS4-HMAC-SHA256\n20250121T182222Z\n20250121/us-east-1/execute-api/aws4_request\n40b845bd8e6a316382ca9f73516e236075e4af2e04ebcb5f0d8eff12a040f6a4"
+      
+      $SigningKey
+      sha256 hmac 56:b5:cd:6c:f3:27:c6:2c:ba:96:96:4c:45:3b:10:aa:97:11:7f:3d:dc:20:c0:58:d9:c4:07:7e:07:eb:63:58 
+      
+      $Authorization
+      [1] "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20250121/us-east-1/execute-api/aws4_request,SignedHeaders=host,Signature=db2ef1ec9fd9efa801b8eb6b3e754d9d2d5d46189833a947c5427dd706f9534c"
+      
+
 # validates its inputs
 
     Code

diff --git a/tests/testthat/test-req-auth-aws.R b/tests/testthat/test-req-auth-aws.R
@@ -18,6 +18,27 @@ test_that("can correctly sign a request", {
   expect_no_error(req_perform(req))
 })
 
+test_that('aws_v4_signature calculates correct signature', {
+  req <- request("https://example.execute-api.us-east-1.amazonaws.com/v0/") %>%
+    req_method('POST')
+
+  body_sha256 <- openssl::sha256(req_body_get(req))
+  current_time <- as.POSIXct(1737483742, origin = "1970-01-01", tz = "EST")
+
+  signature <- aws_v4_signature(
+    method = req_method_get(req),
+    url = url_parse(req$url),
+    headers = req$headers,
+    body_sha256 = body_sha256,
+    current_time = current_time,
+    aws_service = 'execute-api',
+    aws_region = 'us-east-1',
+    aws_access_key_id = 'AKIAIOSFODNN7EXAMPLE',
+    aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
+  )
+  expect_snapshot(signature)
+})
+
 test_that("signing agrees with glacier example", {
   # Example from
   # https://docs.aws.amazon.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html