gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(s3): use URL-safe secret keys for dashboard users and service accounts (#8902)

Browse Source 
* fix(s3): use URL-safe secret keys for admin dashboard users and service accounts

The dashboard's generateSecretKey() used base64.StdEncoding which produces
+, /, and = characters that break S3 signature authentication. Reuse the
IAM package's GenerateSecretAccessKey() which was already fixed in #7990.

Fixes #8898

* fix: handle error from GenerateSecretAccessKey instead of ignoring it
This commit is contained in:
Chris Lu
2026-04-03 11:20:28 -07:00
committed by GitHub
parent d3cea714d0
commit 2e98902f29
2 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
weed/admin/dash/user_management_test.go
View File

@@ -74,9 +74,16 @@ func TestGenerateSecretKey(t *testing.T) {
key1 := generateSecretKey()
key2 := generateSecretKey()
// Check length (base64 encoding of 30 bytes = 40 characters)
if len(key1) != 40 {
t.Errorf("Expected secret key length 40, got %d", len(key1))
// Check length (IAM standard secret key length)
if len(key1) != 42 {
t.Errorf("Expected secret key length 42, got %d", len(key1))
}
// Check that key contains only URL-safe characters (no +, /)
for _, c := range key1 {
if c == '+' || c == '/' || c == '=' {
t.Errorf("Secret key contains non-URL-safe character: %c", c)
}
}
// Check uniqueness