Merge pull request #150 from scireum/jvo/authentication-fix

Fix: Authentication Check
scireum · Sep 15, 2020 · 94876a9 · 94876a9
2 parents f5f874a + 7aaf82d
commit 94876a9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/java/ninja/S3Dispatcher.java b/src/main/java/ninja/S3Dispatcher.java
@@ -546,7 +546,7 @@ private boolean checkObjectRequest(WebContext ctx, Bucket bucket, String id) {
 
     private boolean objectCheckAuth(WebContext ctx, Bucket bucket, String key) {
         String hash = getAuthHash(ctx);
-        if (hash != null) {
+        if (Strings.isFilled(hash)) {
             String expectedHash = hashCalculator.computeHash(ctx, "");
             String alternativeHash = hashCalculator.computeHash(ctx, "/s3");
             if (!expectedHash.equals(hash) && !alternativeHash.equals(hash)) {
@@ -562,7 +562,7 @@ private boolean objectCheckAuth(WebContext ctx, Bucket bucket, String key) {
                 return false;
             }
         }
-        if (bucket.isPrivate() && !ctx.get("noAuth").isFilled() && hash == null) {
+        if (bucket.isPrivate() && !ctx.get("noAuth").isFilled() && Strings.isEmpty(hash)) {
             errorSynthesizer.synthesiseError(ctx,
                                              bucket.getName(),
                                              key,