Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read latest request body instead of snapshot copy #6

Closed
wants to merge 2 commits into from
Closed

Read latest request body instead of snapshot copy #6

wants to merge 2 commits into from

Conversation

kaischwanke
Copy link
Contributor

@kaischwanke kaischwanke commented Sep 6, 2023
edited

Addressing issue #7

When reading the request body to be signed, the actual body could have been modified since when it was first created (for example when using an encryption middleware).
Instead of using req.GetBody() (which returns a snapshot copy, see https://github.com/golang/go/blob/master/src/net/http/request.go#L919), we should read the actual latest content of the body.

In addition, I have swapped the deprecated ioutil package for io

PR checklist

  • An issue/feature request has been created for this PR
  • Pull Request title clearly describes the work in the pull request and the Pull Request description provides details about how to validate the work. Missing information here may result in a delayed response.
  • File the PR against the master branch
  • The code in this PR is covered by unit tests

@kaischwanke kaischwanke mentioned this pull request Sep 8, 2023
Closed
4 tasks
@kaischwanke
Copy link
Contributor Author

@bhargavmodi or @danny-gallagher would you have any feedback on this PR please?

@danny-gallagher danny-gallagher added the safe The PR has been reviewed by Mastercard and has been validated to be safe label Sep 20, 2023
karen-avetisyan-mc
karen-avetisyan-mc requested changes Sep 20, 2023
View reviewed changes
signer.go
@@ -3,7 +3,7 @@ package oauth
import (
"crypto/rsa"
"errors"
"io/ioutil"
"io"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the changes looks good, the library build fails to import the io module. this version 1.12 still assumes io/util is not deprecated

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will merge those changes directly

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will incorporate these changes as part of this PR: #8

@NehaSony NehaSony self-requested a review September 20, 2023 14:24
@danny-gallagher danny-gallagher mentioned this pull request Sep 20, 2023
Merged
@danny-gallagher
Copy link
Contributor

Addressed in: #8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karen-avetisyan-mc karen-avetisyan-mc karen-avetisyan-mc requested changes

@danny-gallagher danny-gallagher Awaiting requested review from danny-gallagher

@NehaSony NehaSony Awaiting requested review from NehaSony

Assignees
No one assigned
Labels
safe The PR has been reviewed by Mastercard and has been validated to be safe
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kaischwanke @danny-gallagher @karen-avetisyan-mc