Skip to content

Commit

Permalink
Include 'content-length-range' in S3 signature
Browse files Browse the repository at this point in the history
  • Loading branch information
@dstillman @uniuuu
dstillman authored and uniuuu committed May 7, 2023
1 parent 9cf2e10 commit 28a234e
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 1 deletion.
1 change: 1 addition & 0 deletions model/Storage.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,7 @@ public static function generateUploadPOSTParams($item, Zotero_StorageFileInfo $i
['key' => $info->hash],
['acl' => 'private'],
['Content-MD5' => $contentMD5],
['content-length-range', $info->size, $info->size],
['success_action_status' => $successStatus],
['x-amz-credential' => $credentials],
['x-amz-algorithm' => $algorithm],
Expand Down
57 changes: 56 additions & 1 deletion tests/remote/tests/API/3/FileTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ public function testAddFileFormDataFull() {
// Upload wrong contents to S3
$response = HTTP::post(
$json->url,
$json->prefix . $fileContents . "INVALID" . $json->suffix,
$json->prefix . strrev($fileContents) . $json->suffix,
[
"Content-Type: " . $json->contentType
]
Expand Down Expand Up @@ -1672,6 +1672,61 @@ public function testAddFileClientV5Zip() {
}


public function testClientV5ShouldRejectFileSizeMismatch() {
API::userClear(self::$config['userID']);

$file = "work/file";
$fileContents = self::getRandomUnicodeString();
$contentType = "text/plain";
$charset = "utf-8";
file_put_contents($file, $fileContents);
$hash = md5_file($file);
$filename = "test_" . $fileContents;
$mtime = filemtime($file) * 1000;
$size = 0;

$json = API::createAttachmentItem("imported_file", [
'contentType' => $contentType,
'charset' => $charset
], false, $this, 'jsonData');
$key = $json['key'];
$originalVersion = $json['version'];

// Get authorization
$response = API::userPost(
self::$config['userID'],
"items/$key/file",
$this->implodeParams([
"md5" => $hash,
"mtime" => $mtime,
"filename" => $filename,
"filesize" => $size
]),
[
"Content-Type: application/x-www-form-urlencoded",
"If-None-Match: *"
]
);
$this->assert200($response);
$json = API::getJSONFromResponse($response);

self::$toDelete[] = "$hash";

// Try to upload to S3, which should fail
$response = HTTP::post(
$json['url'],
$json['prefix'] . $fileContents . $json['suffix'],
[
"Content-Type: {$json['contentType']}"
]
);
$this->assert400($response);
$this->assertContains(
"Your proposed upload exceeds the maximum allowed size", $response->getBody()
);
}


public function testClientV5ShouldReturn404GettingAuthorizationForMissingFile() {
// Get authorization
$response = API::userPost(
Expand Down

0 comments on commit 28a234e

Please sign in to comment.