signature problem between scoold and para ?
See original GitHub issueI’ve installed para and created an application for scoold, testing from another instance with para-cli works:
# para-cli read --id user@domain.example
[
{
"id": "user@domain.example",
"type": "sysprop",
"name": "identifier",
"stored": true,
"indexed": true,
"cached": true,
"version": 0,
"timestamp": 1563267351020,
"appid": "scoold",
"creatorid": "1061925487619608576",
"votes": 0,
"plural": "sysprops",
"objectURI": "/sysprops/user%40domain.example",
"password": "$2a$12$IXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCe",
"key": "user@domain.example"
}
]
But when trying to login into scoold I get
2019-07-16 14:22:35 [ERROR] Request signature is invalid. - Request signature is invalid.
And para access log has:
10.xx.xx.xx4 - - [16/Jul/2019:14:22:35 +0000] "GET /v1/_id/user@domain.example HTTP/1.1" 403 65 "-" "Jersey/2.27 (HttpUrlConnection 1.8.0_212)"
Same para host, same access_key, same secret_key. Nothing relevant in para.log.
Signing up in scoold (email validation desactivated) works as I can see the user created in DynamoDB but with the same error as when trying to log in.
I’ve tried setting loglevel to trace, wich on scoold didn’t give me much more details, I didn’t found how to set para in debug mode.
How can I dig further why the scoold request is rejected by para ?
Sidenote: I was unsure the help request belongs here or on Para
Lately spotted difference, para-cli makes a GET to /v1/_batch where scoold’s para-client request /v1/_id
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (4 by maintainers)
Ok, after capturing on client side, server side before waf and server side just before para I think I found the problem.
Request on client side:
GET /v1/_id/user%40domein HTTP/1.1\r\n
Before WAF side:GET /v1/_id/user%40domein HTTP/1.1\r\n
Before para (after WAF):GET /v1/_id/user@domein HTTP/1.1
The
@
sign is decoded before retransmission and I suspect this is what cause the problem as the request signature has been done with urlencoded parameter.I’ll have to dig on apache configuration to avoid that.
Thanks for the help, I’ll close the issue as it’s not due to para nor scoold.
Thanks for sharing this information. It could be helpful to others as well. 👍