Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Signature mismatch when using special characters #32

Closed
chadwilken opened this issue Sep 13, 2022 · 5 comments
Closed

AWS Signature mismatch when using special characters #32

chadwilken opened this issue Sep 13, 2022 · 5 comments

Comments

@chadwilken
Copy link

Since integrating the AwsSigv4Plugin we receive the following error every time that a user searches something that contains a special character such as &.

SearchFlip::ResponseError: SearchFlip::ResponseError (403): {"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}

I did a light cursory search and it seems that perhaps this is coming from this line but I'm not entirely sure.

I verified that I can take the output from criteria.request and make a curl request to the AWS endpoint and it works as intended.

My initializer looks like:

SearchFlip::Config[:base_url] = ENV.fetch('ELASTICSEARCH_URL')

aws_config = SearchFlip::Config[:aws] ||= {}

SearchFlip::Config[:sign_requests] = Rails.application.config.sign_elasticsearch_requests
SearchFlip::Config[:aws][:region] = 'us-east-1'
SearchFlip::Config[:aws][:access_key_id] = Rails.application.credentials.aws[:access_key]
SearchFlip::Config[:aws][:secret_access_key] = Rails.application.credentials.aws[:secret_token]

SearchFlip::AWSConnection = SearchFlip::Connection.new(
  base_url: ENV.fetch('ELASTICSEARCH_URL'),
  http_client: SearchFlip::HTTPClient.new(
    plugins: [
      SearchFlip::AwsSigv4Plugin.new(
        region: 'us-east-1',
        access_key_id: Rails.application.credentials.aws[:access_key],
        secret_access_key: Rails.application.credentials.aws[:secret_token]
      )
    ]
  )
)

Any ideas on a work around? This apparently has been happening since we released this feature and we weren't alerted via our error monitoring about it though.
@chadwilken
Copy link
Author

It looks like we are able to actually remove the plugin now though. We recently rearchitected our system and no longer need signed requests inside the VPC. I'll leave it open in case someone else hits this issue.

@mrkamel
Copy link
Owner

mrkamel commented Sep 14, 2022

hm, strange ... thx for the report. I'll look into this

mrkamel added a commit that referenced this issue Sep 18, 2022
@mrkamel
Fix regarding AWS signatures #32
5d3a896
@mrkamel
Copy link
Owner

mrkamel commented Sep 18, 2022

@chadwilken i was able to reproduce it and fixed it in branch fix_aws_sigv4. Maybe you still have the possibility to check if it'd be working for you now.

@chadwilken
Copy link
Author

@chadwilken i was able to reproduce it and fixed it in branch fix_aws_sigv4. Maybe you still have the possibility to check if it'd be working for you now.

I ended up pulling the code and have already released it. If I get some extra time this week I might be able to push a branch to staging that has the signing back in place. Regardless, thanks for the quick fix!

mrkamel added a commit that referenced this issue Sep 27, 2022
@mrkamel
Fix regarding AWS signatures #32 (#33)
be037ba
@mrkamel
Copy link
Owner

mrkamel commented Sep 27, 2022

closing. if you still find time to check it, i'd be happy if you let me know about it.

@mrkamel mrkamel closed this as completed Sep 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrkamel @chadwilken