Skip to content

Commit

Permalink
Merge pull request #57 from Carobit/bugfix/consistent-urlencoding
Browse files Browse the repository at this point in the history 
Bugfix/consistent urlencoding
  • Loading branch information
@freekmurze
freekmurze authored Dec 6, 2023
2 parents 49e8b4f + 730d254 commit 991ee9e
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 4 deletions.
6 changes: 4 additions & 2 deletions src/AbstractUrlSigner.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,11 @@ public function sign(

$expiration = $this->getExpirationTimestamp($expiration);

$signature = $this->createSignature($url, $expiration, $signatureKey);
$normalizedUrl = $this->getIntendedUrl($url);

return $this->signUrl($url, $expiration, $signature);
$signature = $this->createSignature($normalizedUrl, $expiration, $signatureKey);

return $this->signUrl($normalizedUrl, $expiration, $signature);
}

protected function signUrl(string $url, string $expiration, $signature): string
Expand Down
6 changes: 4 additions & 2 deletions src/BaseUrlSigner.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,11 @@ public function sign(

$expiration = $this->getExpirationTimestamp($expiration);

$signature = $this->createSignature($url, $expiration, $signatureKey);
$normalizedUrl = $this->getIntendedUrl($url);

return $this->signUrl($url, $expiration, $signature);
$signature = $this->createSignature($normalizedUrl, $expiration, $signatureKey);

return $this->signUrl($normalizedUrl, $expiration, $signature);
}

protected function signUrl(string $url, string $expiration, $signature): string
Expand Down
24 changes: 24 additions & 0 deletions tests/Md5UrlSignerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,3 +83,27 @@
expect($this->urlSigner->validate($signedUsingCustomKey, 'custom-key'))->toBeTrue();
expect($this->urlSigner->validate($signedUsingCustomKey, 'wrong-custom-key'))->toBeFalse();
});

it('can sign url which has special characters in the query parameters', function ($url) {
$expiration = 100;

$signedUrl = $this->urlSigner->sign($url, $expiration);

expect($this->urlSigner->validate($signedUrl))->toBeTrue();
})->with([
['https://myapp.com/?foo=bar baz'],
['https://myapp.com/?foo=bar%20baz'],
['https://myapp.com/?foo=bar@baz.com'],
]);

it('can sign url which has reserved query parameters', function ($url) {
$expiration = 100;

$signedUrl = $this->urlSigner->sign($url, $expiration);

expect($this->urlSigner->validate($signedUrl))->toBeTrue();
})->with([
['https://myapp.com/?foo=bar&expires=100&signature=abc123'],
['https://myapp.com/?foo=bar&expires=100'],
['https://myapp.com/?foo=bar&signature=abc123'],
]);
24 changes: 24 additions & 0 deletions tests/Sha256UrlSignerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,3 +92,27 @@
expect($this->urlSigner->validate($signedUsingCustomKey, 'custom-key'))->toBeTrue();
expect($this->urlSigner->validate($signedUsingCustomKey, 'wrong-custom-key'))->toBeFalse();
});

it('can sign url which has special characters in the query parameters', function ($url) {
$expiration = 100;

$signedUrl = $this->urlSigner->sign($url, $expiration);

expect($this->urlSigner->validate($signedUrl))->toBeTrue();
})->with([
['https://myapp.com/?foo=bar baz'],
['https://myapp.com/?foo=bar%20baz'],
['https://myapp.com/?foo=bar@baz.com'],
]);

it('can sign url which has reserved query parameters', function ($url) {
$expiration = 100;

$signedUrl = $this->urlSigner->sign($url, $expiration);

expect($this->urlSigner->validate($signedUrl))->toBeTrue();
})->with([
['https://myapp.com/?foo=bar&expires=100&signature=abc123'],
['https://myapp.com/?foo=bar&expires=100'],
['https://myapp.com/?foo=bar&signature=abc123'],
]);

0 comments on commit 991ee9e

Please sign in to comment.