postman-runtime icon indicating copy to clipboard operation
postman-runtime copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Include request body of multipart/form-data requests into AWS4 signature

Open Envek opened this issue 4 years ago • 2 comments

Context: I'm using Postman to test API endpoints that are located on API Gateway (and backed by Lambda functions) with request authentication by AWS signature. And everything works great except one request that uses multipart/form-data to upload file along with some metadata in single request.

Exploring source code I noticed that request body hashing is skipped for form data requests in the assumption that it is only used to do uploads directly to S3. But in my case, I want to post form data to API gateway with authentication. Maybe it is better to implement signature in the same way as for raw body type to cover at least this use case?

Should fix https://github.com/postmanlabs/postman-app-support/issues/8180

However, I'm not sure whether this pull request really fixes my problem as I don't know how to run Postman with my own runtime. Any links or guidance on how to do it is highly appreciated!

Envek avatar Feb 01 '21 16:02 Envek

Codecov Report

Merging #1120 (b2373d0) into develop (c15d437) will decrease coverage by 0.14%. The diff coverage is 0.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1120      +/-   ##
===========================================
- Coverage    90.99%   90.85%   -0.15%     
===========================================
  Files           42       42              
  Lines         2566     2570       +4     
  Branches       737      738       +1     
===========================================
  Hits          2335     2335              
- Misses         231      235       +4
Flag Coverage Δ
integration 79.41% <0.00%> (-0.13%) :arrow_down:
legacy 55.95% <0.00%> (-0.09%) :arrow_down:
unit 49.14% <0.00%> (-0.08%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
lib/authorizer/aws4.js 70.00% <0.00%> (-3.69%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c15d437...b2373d0. Read the comment docs.

codecov[bot] avatar Feb 01 '21 16:02 codecov[bot]

3 years.... can we please get this in?

bitsofinfo avatar Jun 21 '24 19:06 bitsofinfo