Only mark required header as in-use if it's included in the signing string

This commit is contained in:
asonix 2020-04-23 14:46:14 -05:00
parent 597a61fb4b
commit 1997d54b36
2 changed files with 12 additions and 10 deletions

View file

@ -1,7 +1,7 @@
[package] [package]
name = "http-signature-normalization" name = "http-signature-normalization"
description = "An HTTP Signatures library that leaves the signing to you" description = "An HTTP Signatures library that leaves the signing to you"
version = "0.5.0" version = "0.5.1"
authors = ["asonix <asonix@asonix.dog>"] authors = ["asonix <asonix@asonix.dog>"]
license-file = "LICENSE" license-file = "LICENSE"
readme = "README.md" readme = "README.md"

View file

@ -228,14 +228,6 @@ fn build_signing_string(
btm: &mut BTreeMap<String, String>, btm: &mut BTreeMap<String, String>,
mut required_headers: HashSet<String>, mut required_headers: HashSet<String>,
) -> Result<String, RequiredError> { ) -> Result<String, RequiredError> {
for key in btm.keys() {
required_headers.remove(key);
}
if !required_headers.is_empty() {
return Err(RequiredError(required_headers));
}
let request_target = format!("{} {}", method.to_string().to_lowercase(), path_and_query); let request_target = format!("{} {}", method.to_string().to_lowercase(), path_and_query);
btm.insert(REQUEST_TARGET.to_owned(), request_target.clone()); btm.insert(REQUEST_TARGET.to_owned(), request_target.clone());
@ -248,10 +240,20 @@ fn build_signing_string(
let signing_string = sig_headers let signing_string = sig_headers
.iter() .iter()
.filter_map(|h| btm.remove(h).map(|v| format!("{}: {}", h, v))) .filter_map(|h| {
let opt = btm.remove(h).map(|v| format!("{}: {}", h, v));
if opt.is_some() {
required_headers.remove(h);
}
opt
})
.collect::<Vec<_>>() .collect::<Vec<_>>()
.join("\n"); .join("\n");
if !required_headers.is_empty() {
return Err(RequiredError(required_headers));
}
Ok(signing_string) Ok(signing_string)
} }