modify InvalidAccessKeySecret

modify http code

just modify lint

modify invalidAccessKeySecert error msg

modify AccessKey to AccessKeyId

Author: wallisyan

aliyun-python-sdk-core/aliyunsdkcore/auth/composer/roa_signature_composer.py

@@ -139,7 +139,7 @@ def get_signature(
         uri_pattern=uri_pattern,
         paths=paths)
     signature = signer.get_sign_string(sign_to_string, secret=secret)
-    return signature
+    return signature, sign_to_string
 
 
 def get_signature_headers(
@@ -152,7 +152,7 @@ def get_signature_headers(
         paths,
         method,
         signer=mac1):
-    signature = get_signature(
+    signature, sign_to_string = get_signature(
         queries,
         access_key,
         secret,
@@ -163,7 +163,7 @@ def get_signature_headers(
         method,
         signer)
     headers["Authorization"] = "acs " + str(access_key) + ":" + str(signature)
-    return headers
+    return headers, sign_to_string
 
 
 def get_url(uri_pattern, queries, path_parameters):

aliyun-python-sdk-core/aliyunsdkcore/auth/composer/rpc_signature_composer.py

@@ -76,4 +76,4 @@ def get_signed_url(params, ak, secret, accept_format, method, body_params, signe
     signature = __get_signature(string_to_sign, secret, signer)
     url_params['Signature'] = signature
     url = '/?' + __pop_standard_urlencode(urlencode(url_params))
-    return url
+    return url, string_to_sign

aliyun-python-sdk-core/aliyunsdkcore/client.py

@@ -371,7 +371,7 @@ def _handle_single_request(self, endpoint, request, timeout, signer):
                          endpoint, aliyunsdkcore.__version__, str(exception))
             return None, None, None, exception
 
-        exception = self._get_server_exception(status, body, endpoint)
+        exception = self._get_server_exception(status, body, endpoint, request.string_to_sign)
         return status, headers, body, exception
 
     @staticmethod
@@ -391,7 +391,7 @@ def _parse_error_info_from_response_body(response_body):
 
         return error_code_to_return, error_message_to_return
 
-    def _get_server_exception(self, http_status, response_body, endpoint):
+    def _get_server_exception(self, http_status, response_body, endpoint, string_to_sign):
         request_id = None
 
         try:
@@ -406,7 +406,11 @@ def _get_server_exception(self, http_status, response_body, endpoint):
 
             server_error_code, server_error_message = self._parse_error_info_from_response_body(
                 response_body.decode('utf-8'))
-
+            if http_status == codes.BAD_REQUEST and server_error_code == 'SignatureDoesNotMatch':
+                if string_to_sign == server_error_message.split(':')[1]:
+                    server_error_code = 'InvalidAccessKeySecret'
+                    server_error_message = 'The AccessKeySecret is incorrect. ' \
+                                           'Please check your AccessKeyId and AccessKeySecret.'
             exception = ServerException(
                 server_error_code,
                 server_error_message,

aliyun-python-sdk-core/aliyunsdkcore/request.py

@@ -105,6 +105,7 @@ def __init__(self, product, version=None,
         self.add_header('x-sdk-invoke-type', 'normal')
         self.endpoint = None
         self._extra_user_agent = {}
+        self.string_to_sign = ''
 
     def add_query_param(self, k, v):
         self._params[k] = v
@@ -296,14 +297,15 @@ def get_url(self, region_id, access_key_id, access_key_secret):
         sign_params = self._get_sign_params()
         if 'RegionId' not in iterkeys(sign_params):
             sign_params['RegionId'] = region_id
-        url = rpc_signer.get_signed_url(
+        url, string_to_sign = rpc_signer.get_signed_url(
             sign_params,
             access_key_id,
             access_key_secret,
             self.get_accept_format(),
             self.get_method(),
             self.get_body_params(),
             self._signer)
+        self.string_to_sign = string_to_sign
         return url
 
     def get_signed_header(self, region_id=None, ak=None, secret=None):
@@ -404,7 +406,7 @@ def get_signed_header(self, region_id, ak, secret):
             sign_params['RegionId'] = region_id
             self.add_header('x-acs-region-id', str(region_id))
 
-        signed_headers = roa_signer.get_signature_headers(
+        signed_headers, sign_to_string = roa_signer.get_signature_headers(
             sign_params,
             ak,
             secret,
@@ -413,6 +415,7 @@ def get_signed_header(self, region_id, ak, secret):
             self.get_uri_pattern(),
             self.get_path_params(),
             self.get_method())
+        self.string_to_sign = sign_to_string
         return signed_headers
 
     def get_url(self, region_id, ak=None, secret=None):

aliyun-python-sdk-core/tests/auth/composer/test_roa_signature_composer.py

@@ -78,15 +78,15 @@ def test_refresh_sign_parameters(self, mock_get_rfc_2616_date):
     @patch("aliyunsdkcore.utils.parameter_helper.get_rfc_2616_date")
     def test_get_signature(self, mock_get_rfc_2616_date):
         mock_get_rfc_2616_date.return_value = "2018-12-04T03:55:31Z"
-        sign = get_signature({}, 'access_key_id',
-                             'access_key_secret', 'json', {}, '/', {}, 'GET')
+        sign, _ = get_signature({}, 'access_key_id',
+                                'access_key_secret', 'json', {}, '/', {}, 'GET')
         mock_get_rfc_2616_date.assert_called_once_with()
         self.assertEqual(sign, 'HKCpm41tJg6b3EYdtGMbNuwALZU=')
 
     @patch("aliyunsdkcore.utils.parameter_helper.get_rfc_2616_date")
     def test_get_signature_headers(self, mock_get_rfc_2616_date):
         mock_get_rfc_2616_date.return_value = "2018-12-04T03:55:31Z"
-        headers = get_signature_headers(
+        headers, _ = get_signature_headers(
             {}, 'access_key_id', 'access_key_secret', 'json', {}, '/', {}, 'GET')
         mock_get_rfc_2616_date.assert_called_once_with()
         self.assertEqual(headers.get('Authorization'),

python-sdk-functional-test/bugs_test.py

@@ -8,6 +8,7 @@
 from aliyunsdkcore.http import method_type
 from aliyunsdkcore.profile import region_provider
 from aliyunsdkcore.request import CommonRequest, RpcRequest
+from aliyunsdkcore.client import AcsClient
 from base import SDKTestBase
 
 
@@ -97,3 +98,14 @@ def test_bug_with_body_params(self):
         response = self.client.do_action_with_exception(request)
         response = self.get_dict_response(response)
         self.assertTrue(response.get("RequestId"))
+
+    def test_bug_with_not_match_sign(self):
+        from aliyunsdkcdn.request.v20180510.PushObjectCacheRequest import PushObjectCacheRequest
+        client = AcsClient(self.access_key_id, 'BadAccessKeySecret', 'cn-hangzhou')
+        request = PushObjectCacheRequest()
+        request.add_query_param('ObjectPath', 'http://lftest005.sbcicp1.net/C环境下SDK部署方式.txt')
+        try:
+            response = client.do_action_with_exception(request)
+            assert False
+        except ServerException as e:
+            self.assertEqual("InvalidAccessKeySecret", e.error_code)

python-sdk-functional-test/new_endpoint_test.py

@@ -367,7 +367,7 @@ def test_invalid_access_key_secret(self):
             self.resolve("cn-hangzhou", "Ecs", "ecs", "innerAPI")
             assert False
         except ServerException as e:
-            self.assertEqual("SignatureDoesNotMatch", e.get_error_code())
+            self.assertEqual("InvalidAccessKeySecret", e.get_error_code())
 
     def test_local_clock_screw_when_call_location_service(self):
         # Not implemented