Signature Headers Checked as Case-sensitive, Causing Failure on Google Cloud Functions
teddy-owen opened this issue · 2 comments
I'm submitting a...
[ ] Regression (a behavior that used to work and stopped working in a new release)
[X ] Bug report
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:
When using the WebserviceSkillHandler in Google Cloud Functions, the requests fail with ask_sdk_webservice_support.verifier.VerificationException: Missing Signature/Certificate for the skill request. This is occurring, because verifier.py: 190: cert_url = headers.get(self._signature_cert_chain_url_key), is checking for the header "SignatureCertChainUrl", but the header available is "Signaturecertchainurl", because Google load balancers make the headers lowercase. These header checks should not be case sensitive.
Expected Behavior
Code should identify the header correctly if "Signaturecertchainurl" exists in any capitalization format.
Current Behavior
Header Dump:
Content-Length : "3661"
Content-Type : "application/json; charset=utf-8"
Host : "us-central1-.cloudfunctions.net"
User-Agent : "Apache-HttpClient/4.5.x (Java/1.8.0_222)"
Accept : "application/json"
Accept-Charset : "utf-8"
Forwarded : "for="";proto=https"
Function-Execution-Id : ""
Signature : ""
Signaturecertchainurl : "https://s3.amazonaws.com/echo.api/echo-api-cert-7.pem"
X-Appengine-City : "ashburn"
X-Appengine-Citylatlong : "39.043757,-77.487442"
X-Appengine-Country : "US"
X-Appengine-Default-Version-Hostname : ""
X-Appengine-Https : "on"
X-Appengine-Region : "va"
X-Appengine-Request-Log-Id : ""
X-Appengine-User-Ip : ""
X-Cloud-Trace-Context : ""
X-Forwarded-For : "*********"
X-Forwarded-Proto : "https"
Accept-Encoding : "gzip"
Connection : "close"
Resulting stack trace on request process:
Traceback (most recent call last):
File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 346, in run_http_function
result = _function_handler.invoke_user_function(flask.request)
File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 217, in invoke_user_function
return call_user_function(request_or_event)
File "/env/local/lib/python3.7/site-packages/google/cloud/functions/worker.py", line 210, in call_user_function
return self._user_function(request_or_event)
File "/user_code/main.py", line 114, in hello_world
response = webservice_handler.verify_request_and_dispatch(headers,body)
File "/env/local/lib/python3.7/site-packages/ask_sdk_webservice_support/webservice_handler.py", line 148, in verify_request_and_dispatch
deserialized_request_env=request_envelope)
File "/env/local/lib/python3.7/site-packages/ask_sdk_webservice_support/verifier.py", line 195, in verify
"Missing Signature/Certificate for the skill request")
ask_sdk_webservice_support.verifier.VerificationException: Missing Signature/Certificate for the skill request
Possible Solution
// Not required, but suggest a fix/reason for the bug,
// or ideas how to implement the addition or change
Adopt better header format convention like "Signature-Cert-Chain-Url" or send this in the request body where it won't be modified, or add logic to support various capitalization formats.
Steps to Reproduce (for bugs)
// Provide a self-contained, concise snippet of code
// For more complex issues provide a repo with the smallest sample that reproduces the bug
// Including business logic or unrelated code makes diagnosis more difficult
Process an alexa skill request from a google cloud function endpoint with Python3.7 using the WebserviceSkillHandler.
Context
Your Environment
- ASK SDK for Python used: x.x.x
- Operating System and version:
Python version info
- Python version used for development:
Sorry for not responding earlier @teddy-owen . This is definitely a bug in our webservice verifiers code since we try to retrieve the header values for the exact key match here.
I think it is better to capitalize the constant value and do a key.upper() to check if the value exists. Thanks for pointing this out. We will work on the bug fix and release the new version soon.
The PR #139 has been pushed to the code base and has been released as part of version 1.2.0. Please update your dependencies and test the changes. Closing the issue. Thanks.