Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include request body of multipart/form-data requests into AWS4 signature #1120

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

Envek
Copy link

@Envek Envek commented Feb 1, 2021

Context: I'm using Postman to test API endpoints that are located on API Gateway (and backed by Lambda functions) with request authentication by AWS signature. And everything works great except one request that uses multipart/form-data to upload file along with some metadata in single request.

Exploring source code I noticed that request body hashing is skipped for form data requests in the assumption that it is only used to do uploads directly to S3. But in my case, I want to post form data to API gateway with authentication. Maybe it is better to implement signature in the same way as for raw body type to cover at least this use case?

Should fix postmanlabs/postman-app-support#8180

However, I'm not sure whether this pull request really fixes my problem as I don't know how to run Postman with my own runtime. Any links or guidance on how to do it is highly appreciated!

@codecov
Copy link

codecov bot commented Feb 1, 2021

Codecov Report

Merging #1120 (b2373d0) into develop (c15d437) will decrease coverage by 0.14%.
The diff coverage is 0.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1120      +/-   ##
===========================================
- Coverage    90.99%   90.85%   -0.15%     
===========================================
  Files           42       42              
  Lines         2566     2570       +4     
  Branches       737      738       +1     
===========================================
  Hits          2335     2335              
- Misses         231      235       +4     
Flag Coverage Δ
integration 79.41% <0.00%> (-0.13%) ⬇️
legacy 55.95% <0.00%> (-0.09%) ⬇️
unit 49.14% <0.00%> (-0.08%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
lib/authorizer/aws4.js 70.00% <0.00%> (-3.69%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c15d437...b2373d0. Read the comment docs.

@bitsofinfo
Copy link

3 years.... can we please get this in?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Incorrect AWS signature for multipart/form-data
2 participants