From 0d78ca82c9c0cd06eabf05d435aaa07096065610 Mon Sep 17 00:00:00 2001 From: Joe Hosteny Date: Thu, 31 Oct 2013 11:37:49 -0400 Subject: [PATCH] This change adds support for using credentials from a federated user. There are two parts: 1) Allow the user to specify the session_token in the configuration. 2) Set the x-amz-security-token field in the upload form. Update s3_direct_upload.rake Fix missing key in hash argument. --- README.md | 1 + lib/s3_direct_upload/config_aws.rb | 2 +- lib/s3_direct_upload/form_helper.rb | 5 ++++- lib/tasks/s3_direct_upload.rake | 2 +- spec/helpers/form_helper_spec.rb | 7 +++++++ 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 621114b..dd935ff 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ Then add a new initalizer with your AWS credentials: S3DirectUpload.config do |c| c.access_key_id = "" # your access key id c.secret_access_key = "" # your secret access key + c.session_token = "" # your session token (for federated credentials) c.bucket = "" # your bucket name c.region = nil # region prefix of your bucket url (optional), eg. "s3-eu-west-1" c.url = nil # S3 API endpoint (optional), eg. "https://#{c.bucket}.s3.amazonaws.com/" diff --git a/lib/s3_direct_upload/config_aws.rb b/lib/s3_direct_upload/config_aws.rb index 56c9904..d33de4c 100644 --- a/lib/s3_direct_upload/config_aws.rb +++ b/lib/s3_direct_upload/config_aws.rb @@ -4,7 +4,7 @@ module S3DirectUpload class Config include Singleton - ATTRIBUTES = [:access_key_id, :secret_access_key, :bucket, :prefix_to_clean, :region, :url] + ATTRIBUTES = [:access_key_id, :secret_access_key, :session_token, :bucket, :prefix_to_clean, :region, :url] attr_accessor *ATTRIBUTES end diff --git a/lib/s3_direct_upload/form_helper.rb b/lib/s3_direct_upload/form_helper.rb index 5b1a5ab..9d8d6f3 100644 --- a/lib/s3_direct_upload/form_helper.rb +++ b/lib/s3_direct_upload/form_helper.rb @@ -15,6 +15,7 @@ def initialize(options) @options = options.reverse_merge( aws_access_key_id: S3DirectUpload.config.access_key_id, aws_secret_access_key: S3DirectUpload.config.secret_access_key, + aws_session_token: S3DirectUpload.config.session_token, bucket: S3DirectUpload.config.bucket, region: S3DirectUpload.config.region || "s3", url: S3DirectUpload.config.url, @@ -52,7 +53,8 @@ def fields :policy => policy, :signature => signature, :success_action_status => "201", - 'X-Requested-With' => 'xhr' + 'X-Requested-With' => 'xhr', + 'x-amz-security-token' => @options[:aws_session_token] } end @@ -75,6 +77,7 @@ def policy_data ["starts-with", "$utf8", ""], ["starts-with", "$key", @options[:key_starts_with]], ["starts-with", "$x-requested-with", ""], + ["starts-with", "$x-amz-security-token", ""], ["content-length-range", 0, @options[:max_file_size]], ["starts-with","$content-type", @options[:content_type_starts_with] ||""], {bucket: @options[:bucket]}, diff --git a/lib/tasks/s3_direct_upload.rake b/lib/tasks/s3_direct_upload.rake index a885494..3f31bd6 100644 --- a/lib/tasks/s3_direct_upload.rake +++ b/lib/tasks/s3_direct_upload.rake @@ -4,7 +4,7 @@ namespace :s3_direct_upload do require 'thread' require 'fog' - s3 = Fog::Storage::AWS.new(aws_access_key_id: S3DirectUpload.config.access_key_id, aws_secret_access_key: S3DirectUpload.config.secret_access_key) + s3 = Fog::Storage::AWS.new(aws_access_key_id: S3DirectUpload.config.access_key_id, aws_secret_access_key: S3DirectUpload.config.secret_access_key, aws_session_token: S3DirectUpload.config.session_token) bucket = S3DirectUpload.config.bucket prefix = S3DirectUpload.config.prefix_to_clean || "uploads/#{2.days.ago.strftime('%Y%m%d')}" diff --git a/spec/helpers/form_helper_spec.rb b/spec/helpers/form_helper_spec.rb index f839810..4db002e 100644 --- a/spec/helpers/form_helper_spec.rb +++ b/spec/helpers/form_helper_spec.rb @@ -28,6 +28,13 @@ s3_uploader.policy_data[:conditions].should include ["starts-with", "$content-type", ""] end end + + describe "starts-with $x-amz-security-token" do + it "is defaults to an empty string" do + s3_uploader = S3DirectUpload::UploadHelper::S3Uploader.new({}) + s3_uploader.policy_data[:conditions].should include ["starts-with", "$x-amz-security-token", ""] + end + end end end