Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BlobClient(<full-blob-url-with-sas-token>).upload_blob(file) gets a 403 #6500

Closed
alexperovich opened this issue Jul 25, 2019 · 5 comments
Closed

BlobClient(<full-blob-url-with-sas-token>).upload_blob(file) gets a 403 #6500

alexperovich opened this issue Jul 25, 2019 · 5 comments
Assignees
@annatisch
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. Storage Storage Service (Queues, Blobs, Files)

Comments

@alexperovich
Copy link

alexperovich commented Jul 25, 2019
edited

Code that is run

log.info("Begin Upload: {file} as {name} {type}".format(file=repr(file), name=name, type=content_type))
write_url = self._create_write_url(name) # produces a full url with SAS token with write permissions.
content_settings = ContentSettings(
    content_type=content_type,
    content_disposition="inline",
)
try:
    with BlobClient(write_url, logging_enable=True, retry_policy=ExponentialRetry(initial_backoff=2, retry_total=10)) as client:
        if type(file) is str:
            with open(file, 'rb') as f:
                client.upload_blob(f, content_settings=content_settings)
        else:
            client.upload_blob(file, content_settings=content_settings)
except:
    log.exception("Failure while uploading {file}".format(file=repr(file)))

Server Response:

<?xml version="1.0" encoding="utf-8"?>
<Error>
  <Code>AuthenticationFailed</Code>
  <Message>
    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
    RequestId:***
    Time:2019-07-23T23:00:12.1569153Z
  </Message>
  <AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail>
</Error>

The blob url I passed is valid and works with manual PUT requests. The debug logs show that the sas token on the url is url-decoded and the final PUT request is made using the (invalid) decoded sas token signature.
@loarabia loarabia added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. Storage Storage Service (Queues, Blobs, Files) labels Jul 26, 2019
@loarabia
Copy link

Hi @alexperovich thanks for reporting the bug. CCing @annatisch & @mayurid to help route this further

@annatisch
Copy link
Member

Thanks @alexperovich - we are aware of this and have a fix under review now.
This fix should be released in our next preview release.

The specific line with the fix is here:
https://github.com/Azure/azure-sdk-for-python/pull/6442/files#diff-19efb00002f2454f98f0c2539aeae6f3R274

Thanks again!

@annatisch annatisch mentioned this issue Aug 5, 2019
Merged
@annatisch
Copy link
Member

Hi @alexperovich - Preview 2 of storage has been released that should resolve this issue.
Can you confirm whether that's the case?

https://pypi.org/project/azure-storage-blob/12.0.0b2/

@annatisch
Copy link
Member

I'm assuming this is now fixed - please let me know if it needs to be reopened :)

@alexperovich
Copy link
Author

I haven't had a chance to try it yet. I will let you know if I this issue isn't fixed.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@annatisch annatisch

Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@loarabia @annatisch @alexperovich