Home Explore Help
Register Sign In
skyfffire
/
core-chain
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

swarm/api: Fix #18007, missing signature should return HTTP 400 (#18008)

Javier Peletier 7 years ago
parent
b35165555d
commit
36ca85fa1c
2 changed files with 38 additions and 6 deletions
Split View Show Diff Stats
  1. 6 4
      swarm/api/http/server.go
  2. 32 2
      swarm/api/http/server_test.go

+ 6 - 4
swarm/api/http/server.go
View File 

@@ -484,7 +484,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
 		return
 
 	}
 
 
-	if updateRequest.IsUpdate() {
 
+	switch {
 
+	case updateRequest.IsUpdate():
 
 		// Verify that the signature is intact and that the signer is authorized
 
 		// to update this feed
 
 		// Check this early, to avoid creating a feed and then not being able to set its first update.
 
@@ -497,9 +498,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
 			respondError(w, r, err.Error(), http.StatusInternalServerError)
 
 			return
 
 		}
 
-	}
 
-
 
-	if query.Get("manifest") == "1" {
 
+		fallthrough
 
+	case query.Get("manifest") == "1":
 
 		// we create a manifest so we can retrieve feed updates with bzz:// later
 
 		// this manifest has a special "feed type" manifest, and saves the
 
 		// feed identification used to retrieve feed updates later
 
@@ -519,6 +519,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
 		fmt.Fprint(w, string(outdata))
 
 
 		w.Header().Add("Content-type", "application/json")
 
+	default:
 
+		respondError(w, r, "Missing signature in feed update request", http.StatusBadRequest)
 
 	}
 
 }

+ 32 - 2
swarm/api/http/server_test.go
View File 

@@ -333,15 +333,45 @@ func TestBzzFeed(t *testing.T) {
 
 	}
 
 	urlQuery = testUrl.Query()
 
 	body = updateRequest.AppendValues(urlQuery) // this adds all query parameters
 
+	goodQueryParameters := urlQuery.Encode()    // save the query parameters for a second attempt
 
+
 
+	// create bad query parameters in which the signature is missing
 
+	urlQuery.Del("signature")
 
 	testUrl.RawQuery = urlQuery.Encode()
 
 
+	// 1st attempt with bad query parameters in which the signature is missing
 
 	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
 
 	if err != nil {
 
 		t.Fatal(err)
 
 	}
 
 	defer resp.Body.Close()
 
-	if resp.StatusCode != http.StatusOK {
 
-		t.Fatalf("Update returned %s", resp.Status)
 
+	expectedCode := http.StatusBadRequest
 
+	if resp.StatusCode != expectedCode {
 
+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
 
+	}
 
+
 
+	// 2nd attempt with bad query parameters in which the signature is of incorrect length
 
+	urlQuery.Set("signature", "0xabcd") // should be 130 hex chars
 
+	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	defer resp.Body.Close()
 
+	expectedCode = http.StatusBadRequest
 
+	if resp.StatusCode != expectedCode {
 
+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
 
+	}
 
+
 
+	// 3rd attempt, with good query parameters:
 
+	testUrl.RawQuery = goodQueryParameters
 
+	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	defer resp.Body.Close()
 
+	expectedCode = http.StatusOK
 
+	if resp.StatusCode != expectedCode {
 
+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
 
 	}
 
 
 	// get latest update through bzz-feed directly