From 6fae2e41158dc802ff771512c30417d3fe05b42f Mon Sep 17 00:00:00 2001 From: Max Erenberg Date: Thu, 9 Jun 2022 01:23:04 -0400 Subject: [PATCH] use quote_plus for signing CloudStack API requests --- ceod/model/CloudStackService.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/ceod/model/CloudStackService.py b/ceod/model/CloudStackService.py index 6bf7a29..0d99cef 100644 --- a/ceod/model/CloudStackService.py +++ b/ceod/model/CloudStackService.py @@ -2,7 +2,7 @@ from base64 import b64encode import hashlib import hmac from typing import Dict -from urllib.parse import quote +from urllib.parse import quote_plus import requests from zope import component @@ -26,21 +26,20 @@ class CloudStackService: self._cached_domain_id = None def _create_url(self, params: Dict[str, str]) -> str: - # See https://docs.cloudstack.apache.org/en/latest/developersguide/dev.html#the-cloudstack-api - if 'apiKey' not in params and 'apikey' not in params: - params['apiKey'] = self.api_key + # See https://docs.cloudstack.apache.org/en/4.16.0.0/developersguide/dev.html#the-cloudstack-api + params['apiKey'] = self.api_key params['response'] = 'json' request_str = '&'.join( - key + '=' + quote(val) + key + '=' + quote_plus(val) for key, val in params.items() ) sig_str = '&'.join( - key.lower() + '=' + quote(val).lower() + key.lower() + '=' + quote_plus(val).lower().replace('+', '%20') for key, val in sorted(params.items()) ) sig = hmac.new(self.secret_key.encode(), sig_str.encode(), hashlib.sha1).digest() encoded_sig = b64encode(sig).decode() - url = self.base_url + '?' + request_str + '&signature=' + quote(encoded_sig) + url = self.base_url + '?' + request_str + '&signature=' + quote_plus(encoded_sig) return url def _get_domain_id(self) -> str: