Skip to content
Permalink
Browse files
fix: correctly encode bytes for V2 signature (#382)
* fix: correctly encode bytes for V2 signature

V2 signature was passing a string to the sign_bytes function
instead of bytes. This works fine for most credentials (since
their sign_bytes implementations accept strings) but not for
impersonated credentials. V4 signature encodes the string before
calling sign_bytes, so I do the same here.

We should also look into clarifying the contract for the
sign_bytes interface in the auth library.

Fixes #373

* fix py2 failure
  • Loading branch information
tritone committed Feb 17, 2021
1 parent 79d27da commit f44212b7b91a67ca661898400fe632f9fb3ec8f6
Showing with 3 additions and 3 deletions.
  1. +1 −1 google/cloud/storage/_signing.py
  2. +2 −2 tests/unit/test__signing.py
@@ -77,7 +77,7 @@ def get_signed_query_params_v2(credentials, expiration, string_to_sign):
signed payload.
"""
ensure_signed_credentials(credentials)
signature_bytes = credentials.sign_bytes(string_to_sign)
signature_bytes = credentials.sign_bytes(string_to_sign.encode("ascii"))
signature = base64.b64encode(signature_bytes)
service_account_name = credentials.signer_email
return {
@@ -255,7 +255,7 @@ def test_it(self):
"Signature": base64.b64encode(sig_bytes),
}
self.assertEqual(result, expected)
credentials.sign_bytes.assert_called_once_with(string_to_sign)
credentials.sign_bytes.assert_called_once_with(string_to_sign.encode("ascii"))


class Test_get_canonical_headers(unittest.TestCase):
@@ -420,7 +420,7 @@ def _generate_helper(

string_to_sign = "\n".join(elements)

credentials.sign_bytes.assert_called_once_with(string_to_sign)
credentials.sign_bytes.assert_called_once_with(string_to_sign.encode("ascii"))

scheme, netloc, path, qs, frag = urllib_parse.urlsplit(url)
expected_scheme, expected_netloc, _, _, _ = urllib_parse.urlsplit(

0 comments on commit f44212b

Please sign in to comment.