SignatureDoesNotMatch using ruby aws-sdk gem and presigned pos - ruby

I need some help to get the new ruby AWS S3 SDK 2.0 working. I am using the region eu-central-1 so it is required to use the latest signature method v4 for all requests.
Actually I want to create a presigned post url to use it in combination with jquery-fileupload. I have setup S3 correctly with all access keys, bucket, CORS configuration, etc. But every time I generate a url with the following code
#signer = Aws::S3::Presigner.new
#url = #signer.presigned_url(:put_object, bucket: ENV['S3_BUCKET_NAME'], key: "documents/#{SecureRandom.uuid}/${filename}", acl: :public_read)
which creates the following URL
https://project-xxxxx-staging.s3.eu-central-1.amazonaws.com/documents/a253feb0-4c60-4735-8d95-4649c0d3dcb5/%24%7Bfilename%7D?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJVY57LY6XGIRIRHQ%2F20150205%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20150205T140425Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&x-amz-acl=public_read&X-Amz-Signature=ff2fbe233ed7380dc745aa7ba37421d7d8703db0d67208541e500367262a8c51
I get the following error
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
Does anybody know how to fix this or any hints on the underlying problem?
My environment I am using:
ruby '2.2.0'
gem 'rails', '4.2.0'
gem 'aws-sdk', '~> 2.0.21.pre'

A pre-signed URL contains a signature computed from headers and query parameters that would/should be sent. What is likely happening is the jquery uploader is adding a header that Amazon S3 requires to be signed (such as Content-Type). You would need to pre-specify this content type when building the presigned url:
signer = Aws::S3::Presigner.new
signer.presigned_url(:put_object, bucket:'name', key:'key', acl:'public-read', content_type:'...')
Also, the correct canned ACL is "public-read", not :public_read. This could also possibly be causing an issue.

Related

Error "SignatureDoesNotMatch". Google Cloud Storage Bucket PUT

I'm loosing my mind.
I'm using Shrine (https://github.com/janko-m/shrine) with Google Cloud Storage (https://github.com/renchap/shrine-google_cloud_storage), but when I start the PUT call I get this:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
</Message>
<StringToSign>
PUT
image/jpeg
1518399402
/mybucket.appspot.com/7d5e4aad1e3a737fb8d2c59571fdb980.jpg
</StringToSign>
</Error>
I followed this info (http://shrinerb.com/rdoc/classes/Shrine/Plugins/PresignEndpoint.html) for presign_endpoint, but still nothing:
class FileUploader < Shrine
plugin :presign_endpoint, presign_options: -> (request) do
filename = request.params["filename"]
extension = File.extname(filename)
content_type = Rack::Mime.mime_type(extension)
{
content_type: content_type
}
end
end
I tried with and without this (restarting the Rails server everytime).
Where am I wrong?
I also tried with Postman with a PUT to that URL and withtout any content-type. But still nothing.
I read here: https://github.com/GoogleCloudPlatform/google-cloud-node/issues/1976 and here: https://github.com/GoogleCloudPlatform/google-cloud-node/issues/1695
How can I try without Rails?
Is there a REPL (or similar) to try with my credentials and with a file?
You have several options for just uploading a file to Google Cloud Storage as you can see in the official docs here.
For example if you want to use Ruby Client Library, you can use this code:
# project_id = "Your Google Cloud project ID"
# your-bucket-name = "Your Google Cloud Storage bucket name"
# local_file_path = "Path to local file to upload"
# storage_file_path = "Path to store the file in Google Cloud Storage"
require "google/cloud/storage"
storage = Google::Cloud::Storage.new(project: "your-project_id")
bucket = storage.bucket "your-bucket-name"
file = bucket.create_file "local_file_path", "storage_file_path"
puts "Uploaded #{file.name}"
You will need to:
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the file path of the JSON file that contains your service account key.
as you can see in the Cloud Storage Client Libraries docs here.
However, it looks like the github repo you are using makes use of signed URLs. If you need to create a signed URL you have the instructions here. It exists already the signed_urls method for Ruby in the official repo.
Anyway, the error you were getting is because there was something wrong being made with the signed urls. And precisely there was a commit to the repo you were referencing (https://github.com/renchap/shrine-google_cloud_storage) 7 days ago with the name Fix presigned uploads. It looks like this commit should fix the "PUT" upload (before a "GET" was being signed, therefore it wouldn't work). Still I didn't try it so I don't know if it is actually working.

Change s3 file access with aws-sdk -> 2 and ruby

I try to migrate my project to aws-sdk 2. Need to use AWS SDK for Ruby - Version 2 for this.
I found all methods, but i cant change access to file (make public).
In later version i use this:
bucket.objects[file_path].acl = :public_read
But i cant find method for changing with new api version.
This is link to old api documentation
This is link to new api documentations
I presume here that you want to change the object ACL after it's been uploaded to S3. If you can, consider setting the ACL when the object is sent to S3 rather than after.
There's two ways to do it. They are both similar and perform the same action. Pick the one you like best or the one you are more comfortable with.
Using the Client API
client = Aws::S3::Client.new(region: myregion)
resp = client.put_object_acl({ acl: "public-read", bucket: mybucket, key: mykey })
Documentation:
http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Client.html#put_object_acl-instance_method
The Resource API
s3 = Aws::S3::Resource.new(region: myregion)
bucket = s3.bucket(mybucket)
object = bucket.object(mykey)
resp = object.acl.put({ acl: "public-read" })
Documentation:
http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/ObjectAcl.html#put-instance_method
Bonus
If absolutely all your objects inside your bucket needs to be public, you can set the default ACL on your whole bucket so that any object uploaded will be automatically public without having you to specify it. You do that by setting a bucket policy to your bucket.
Make a bucket public in Amazon S3

Ruby Script using Octokit: Making API Calls

I am trying to create a script that gets a list of all repositories from GitHub. GitHub has a ruby gem called Octokit that I am trying to utilize, but I am a little lost.
The API has a reference here. It shows that I can get this response using a GET request. I am trying to figure out how to perform this using the Octokit Gem.
I may be completely off base with this question as I am new to Ruby, but I'd appreciate some steps showing how this can be completed. If I should not be using Octokit for this, a recommendation for creating HTTP Requests and Parsing the appropriate JSON response would be appreciated as well.
The Code I have so far:
#!/usr/bin/ruby
require 'Octokit'
client = Octokit::Client.new \
:login => '',
:password => ''
user = client.user
user.login
Following along with the code you already wrote, you can get all of the repositories for the user who's credentials you're using when authenticating the client with:
client.repositories
You can also get the public repositories of another user by passing their login as an argument:
client.repositories('username_here')

Why does Google's Custom Search API say that I'm missing an access token when using the Ruby client?

I'm trying to use Google's Custom Search API through the Google API Ruby client. I have setup my API key through the Google API console, and have also created my CSE. Based on the documentation, it seems that, as long as I provide an API key (which I am doing), I shouldn't need an OAuth2 authentication token to call the list method. However, when I try to execute the code below, I get the following error:
ArgumentError: Missing access token.
What am I missing? Here's my code:
# create client
client = Google::APIClient.new
# Fetch discovery doc
search = client.discovered_api('custom search')
# Call list method
response = client.execute(
search.cse.list, 'key' => '<my API key>', 'cx' => '<my CSE id>', 'alt' => 'json', 'q' => 'hello world'
)
I believe this is in fact a bug in the client (it's in alpha). After fiddling with it a little more, I've found a workaround:
just after creating the client object, assign it a "dummy" access token:
client.authorization.access_token = '123'
then you can call the search.cse.list method without getting the 'ArgumentError: Missing access token.' error.
If you're just after using Google CSE with ruby, try google-cse. I just built the gem, although I've been using it for a while privately. Much easier to work with than the alpha client
I found out that adding client.retries = 3 to my code solves this problem.
With the current version of the gem (0.7.1), you need to set the authorization to nil in addition to setting the key:
require 'google/api_client'
client = Google::APIClient.new
client.key = ENV['GOOGLE_API_KEY']
client.authorization = nil
client.execute ...

Issues POSTing XML to OAuth and Signature Invalid with Ruby OAuth Gem

[Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it]
I'm working on integrating a project with TripIt's OAuth API
and am running into a weird issue.
I authenticate fine, I store and retrieve the token/secret for a given
user with no problem, I can even make GET requests to a number of
services using the gem. But when I try using the one service I need
POST for, I'm getting a 401 "invalid signature" response.
Perhaps I'm not understanding how to pass in data to the AccessToken's
post method, so here's a sample of my code:
xml = <<-XML
<Request>
<Trip>
<start_date>2008-12-09</start_date>
<end_date>2008-12-27</end_date>
<primary_location>New York, NY</primary_location>
</Trip>
</Request>
XML`
response = access_token.post('/v1/create', {:xml => xml},
{'Content-Type' => 'application/x-www-form-urlencoded'})
I've tried this with and without escaping the xml string before hand.
The guys at TripIt seemed to think that perhaps the xml param wasn't
getting included in the signature_base_string, but when I output that
(from lib/signature/base.rb) I see:
POST&https%3A%2F%2Fapi.tripit.com%2Fv1%2Fcreate&oauth_consumer_key
%3D%26oauth_nonce
%3Djs73Y9caeuffpmPVc6lqxhlFN3Qpj7OhLcfBTYv8Ww%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1252011612%26oauth_token
%3D%26oauth_version%3D1.0%26xml%3D%25253CRequest%25253E
%25250A%252520%252520%25253CTrip%25253E%25250A
%252520%252520%252520%252520%25253Cstart_date%25253E2008-12-09%25253C
%252Fstart_date%25253E%25250A
%252520%252520%252520%252520%25253Cend_date%25253E2008-12-27%25253C
%252Fend_date%25253E%25250A
%252520%252520%252520%252520%25253Cprimary_location%25253ENew
%252520York%252C%252520NY%25253C%252Fprimary_location%25253E%25250A
%252520%252520%25253C%252FTrip%25253E%25250A%25253C%252FRequest%25253E
%25250A
This seems to be correct to me.
I output signature (from the same file) and the output doesn't match
the oauth_signature param of the Auth header in lib/client/
net_http.rb. It's been URL-encoded in the auth header. Is this
correct?
Anyone know if the gem is broken/if there's a fix somewhere? I'm finding it hard to trace through some of the code.
Your oauth_token is empty. Not familiar with the protocol, is that ok?
Once you include the correct token, please also remember to use token_secret in the signing.

Resources