Bug fix for s3 presigned urls using secure: false.

Closes #998
aws · Dec 9, 2015 · 7a730b3 · 7a730b3
1 parent 794a2cf
commit 7a730b3
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 Unreleased Changes
 ------------------
 
+* Issue - Aws::S3 - Resolved a regression with `Aws::S3::Presigner#presigned_url`
+  when using the `secure: false` option. Added integration test to prevent
+  future regressions.
+
+  See [related GitHub issue #998](https://github.com/aws/aws-sdk-ruby/issues/998).
+
 * Issue - Aws::Route53 - Fixed an issue that prevented users from calling  the
   `Aws::Route53::Client#get_traffic_policy` operation. The endpoint builder
   was failing to convert the paramters to strings before URI encoding them.

diff --git a/aws-sdk-core/features/s3/presigned.feature b/aws-sdk-core/features/s3/presigned.feature
@@ -5,13 +5,20 @@ Feature: S3 Presigned Operations
   Background:
     Given I create a bucket
 
-  Scenario: Presigning a get object request
+  Scenario: Presigning a HTTPS get object request
     When I put "signed" to the key "retrieve_me"
     And I create a presigned url for "get_object" with:
     | key  | retrieve_me |
     And I send an HTTP get request for the presigned url
     Then the response should be "signed"
 
+  Scenario: Presinging a HTTP get object request
+    When I put "signed" to the key "retrieve_me"
+    And I create a non-secure presigned url for "get_object" with:
+    | key  | retrieve_me |
+    And I send an HTTP get request for the presigned url
+    Then the response should be "signed"
+
   Scenario: Presigning a put object request
     When I create a presigned url for "put_object" with:
     | key | test        |

diff --git a/aws-sdk-core/features/s3/step_definitions.rb b/aws-sdk-core/features/s3/step_definitions.rb
@@ -188,10 +188,11 @@ def create_bucket(options = {})
   @client.head_object(bucket: @bucket_name, key: @key)
 end
 
-When(/^I create a presigned url for "(.*?)" with:$/) do |method, params|
+When(/^I create a (non-secure )?presigned url for "(.*?)" with:$/) do |non_secure, method, params|
   presigner = Aws::S3::Presigner.new(client: @client)
   params = symbolized_params(params)
   params[:bucket] = @bucket_name
+  params[:secure] = false if non_secure
   @url = presigner.presigned_url(method.to_sym, params)
 end
 

diff --git a/aws-sdk-core/lib/aws-sdk-core/s3/presigner.rb b/aws-sdk-core/lib/aws-sdk-core/s3/presigner.rb
@@ -89,7 +89,12 @@ def sign_but_dont_send(req, expires_in, scheme)
         req.handlers.remove(Plugins::S3RequestSigner::SigningHandler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
         req.handle(step: :send) do |context|
-          context.http_request.endpoint.scheme = scheme
+          if scheme != context.http_request.endpoint.scheme
+            endpoint = context.http_request.endpoint.dup
+            endpoint.scheme = scheme
+            endpoint.port = (scheme == 'http' ? 80 : 443)
+            context.http_request.endpoint = URI.parse(endpoint.to_s)
+          end
           signer = Signers::V4.new(
             context.config.credentials, 's3',
             context.config.region