SharedKeySigner generates invalid signatures when the name of the Blob container starts with the same name as Storage Account #22
Description
Thank you for maintaining this wonderful gem!
I tried using the gem today and came across a bug. Let me explain how it happened.
Let's say we have a variable like this:
c = AzureBlob::Client(account_name: foo, container: foo + bar, access_key: ...)
where foo and bar represent two values of String.
When we try to generate a signed URL using
c.signed_uri("path/to/blob", permissions: "rw", expiry: Time.at(Time.now.to_i + 300).utc.iso8601),
the resulting signature is invalid. This is because the canonicalizedResource computed from uri is incorrect since its prefix is being unnecessarily removed in the following lines:
azure-blob/lib/azure_blob/shared_key_signer.rb
Lines 44 to 47 in 3a470ba
For example, if the original uri was "https://foo.blob.core.windows.net/foo-bar/baz" where its path would be "/foo-bar/baz", the uri.path will going to be changed to "-bar/baz", which would cause an error like this: bad component(expected absolute path component): -bar/baz (URI::InvalidComponentError).
It looks like this prefix trimming was helpful for users working with Azurite, but it causes issues when the name of the Blob container starts with the same name as the storage account.
As a user who does not use Azurite, I confirmed that when those lines of code are commented out, the signed URL feature works properly.
I have never used Azurite, and I could not immediately think of a way to fix this bug while making it compatible with Azurite. I am sorry that I could not write a possible solution here, but I thought it would be better to have an issue created than nothing.