6

I am using Django and S3Boto and whenever a signature has a '+' sign in it, I get a 403 Forbidden. If there is no '+' sign in the signature, I get the resource just fine. What could be wrong here?

UPDATE:

The repo is at : https://github.com/boto/boto

the files concerned are:

boto/utils.py
boto/s3/connection.py

NOTE: I am quite new to Python. I tried modifying the code but I still can't get the encoding done properly.

yretuta
  • 7,963
  • 17
  • 80
  • 151
  • 2
    I'm not familiar with S3Boto, but my gut instinct would be something isn't getting URL encoded correctly, so the + is getting decoded as a space. – Joe Day Aug 17 '12 at 13:55
  • here is the issue I created: https://github.com/boto/boto/issues/916 . If you like to see the code, clone the repo and look at boto.s3.connection in the generate_url method. that seems to be where the encoding is done. I have done this but I can't find where the error is T_T – yretuta Aug 17 '12 at 14:02

3 Answers3

3

I'm a little short on time (as it's 1:30am) so unfortunately I do not have a code sample for you yet, but I believe this is because the value + in a URL should be encoded. So from github, your url of...

https://s3.amazonaws.com/dragonflysco/static/js/plugins/blockui.js?Signature=+tahbTacs5Vkzt5jQ+hZULzGPhE=&Expires=1345019173&AWSAccessKeyId=AKIAJNCPYIZVZXKOPCHA

should really be

https://s3.amazonaws.com/dragonflysco/static/js/plugins/blockui.js?Signature=%2BtahbTacs5Vkzt5jQ+hZULzGPhE=&Expires=1345019173&AWSAccessKeyId=AKIAJNCPYIZVZXKOPCHA

(Note: I replaced the + with %2B)

See http://www.w3schools.com/tags/ref_urlencode.asp

To fix the code, I would add an URLEncoding function where it builds the URL query string.

Wulfram
  • 3,292
  • 2
  • 15
  • 11
  • however, I am using a plugin, and I tried digging into that plugin's source but I can't find the code that encodes the signature and makes the request. If you look at the comment above, I have created the issue and tried changing the encoding at some places, to no avail. – yretuta Aug 22 '12 at 10:18
1

In a nutshell, the problem is not in S3Boto but in some call to "unquote" that happens later on the url.

I answered a similar question here:

Inconsistent SignatureDoesNotMatch Amazon S3 with django-pipeline, s3boto and storages

Please check out my solution there.

Community
  • 1
  • 1
idanzalz
  • 1,740
  • 1
  • 11
  • 18
0

I just committed what I hope will be a fix for this issue in boto. See https://github.com/boto/boto/commit/a01a5d1a1e88f79ed5db52639d3674d9eb5e45dc. Please let me know if this takes care of the problem.

garnaat
  • 44,310
  • 7
  • 123
  • 103
  • So, what part didn't work. Are you still getting "+" signs in your signatures? – garnaat Sep 01 '12 at 16:31
  • Are you sure that S3Boto is picking up the new version of boto? I'm having a hard time figuring out how you could still be getting a "+" in the signature with the latest code. – garnaat Sep 02 '12 at 16:06
  • I just checked my virtualenv site-packages and the boto plugin. I checked your changes to boto/s3/connection.py and the line you committed is indeed there. – yretuta Sep 02 '12 at 22:56
  • just to inform you though, I don't get '+' characters in the signature when I use Amazon's old S3 library bundled with django-storages 1.1.4. I examined the code and it seems to return the encoded canonical string with the encode() method that does both b64 encoding, with even an optional url encoding, so quote_plus wasn't a necessity. That may mean something may have gone wrong with the signing of the string in boto/auth.py – yretuta Sep 02 '12 at 23:00
  • Okay, thanks for the additional information. I'm have been unable to reproduce this but I'll keep investigating. It sounds like something is not right. – garnaat Sep 03 '12 at 01:11
  • a question I asked is related to this, you can see it here(I'll try to apply this and get back to you): http://stackoverflow.com/questions/11820566/inconsistent-signaturedoesnotmatch-amazon-s3-with-django-pipeline-s3boto-and-st/12262106#12262106 – yretuta Sep 04 '12 at 13:23