Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secondary Authentication fails in Production style URL #2208

Closed
vigneashs opened this issue Oct 9, 2023 · 4 comments
Closed

Secondary Authentication fails in Production style URL #2208

vigneashs opened this issue Oct 9, 2023 · 4 comments
Assignees
@blueww
Labels
bug Something isn't working

Comments

@vigneashs
Copy link
Contributor

Which service(blob, file, queue, table) does this issue concern?

Blob, queue, table, all of them fail.

Which version of the Azurite was used?

V3.26.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

NuGet - custom built

What's the Node.js version?

V18 LTS

What problem was encountered?

In Authentication string to sign, Authentication Path is not formed correctly when using Production style URL for secondary requests.

Steps to reproduce the issue?

Take any storage client, use production style URL with -secondary suffix for secondary read operation on Azurite.

You can observe the string to sign is malformed for these requests.

Have you found a mitigation/solution?

Yes, I have fixed the error. Until it gets merged use non-production style URL for secondary requests.
vigneashs added a commit to vigneashs/Azurite that referenced this issue Oct 9, 2023
@vigneashs
Fixes issue Azure#2208
19b9f99
@vigneashs
Copy link
Contributor Author

Snippet which causes the regression:
if (isSecondary) {
const pos = blobContext.authenticationPath.search(SECONDARY_SUFFIX);
blobContext.authenticationPath =
blobContext.authenticationPath.substr(0, pos) +
blobContext.authenticationPath.substr(pos + SECONDARY_SUFFIX.length);
}

Now, this works fine for non-production URLs like - 127.0.0.1:10000/devaccount-secondary/testcontainer. As there is a secondary suffix in the authentication path - /devaccount-secondary/testcontainer. So this path gets transformed to /devaccount/testcontainer

Now, let's take a look at production URL trying to access a secondary storage, devaccount-secondary.sample.com/testcontainer.

The authentication path looks like this - /testcontainer.
now, when we search for secondary_suffix, the code would return -1 (non-existence). In the next line, we are doing a substring of (0,-1) and (-1+10) - (9). So, the resulting string would be "ainer". This causes the authentication string to be malformed and results in authentication errors for production style secondary URLs.

@blueww
Copy link
Member

blueww commented Oct 10, 2023

@vigneashs

Thanks for finding and investigation of this issue!

Azurite welcome contribution!
Would you like to raise a PR to fix this issue?

@blueww blueww self-assigned this Oct 10, 2023
@blueww blueww added the bug Something isn't working label Oct 10, 2023
@vigneashs
Copy link
Contributor Author

vigneashs commented Oct 10, 2023 via email

@blueww
Copy link
Member

blueww commented Oct 11, 2023

@vigneashs

I have reviewed your PR, and raised a comment for change log and test case.
Would you please help to look?

@blueww blueww mentioned this issue Oct 12, 2023
Merged
blueww pushed a commit that referenced this issue Oct 19, 2023
@vigneashs
Fixes issue #2208 (#2215)
68a3b05 
* Fixes issue #2208

* Code review comments

* Code review comments

* Code review comments

* Code review comments

* Code review comments

* Code cleanup

* Tests fail on local dev - so using Azure devops to test if these are passing there

* Testing changes in Azure Devops

* Canonicalized Resource string bug fixed

* Fixed bug in createStringToSignForSharedKeyLite routine

* Fixes bug in createStringToSignForSharedKeyLite

* Clean up and documentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blueww blueww

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blueww @vigneashs