Skip to content

Commit 90a238c

Browse files
const-cloudinaryconst-cloudinary
committed
Set default signature algorithm to SHA-256 
1 parent 5b7d548 commit 90a238c

File tree

6 files changed

+28
-12
lines changed

6 files changed

+28
-12
lines changed

src/Configuration/CloudConfig.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ class CloudConfig extends BaseConfigSection
2929

3030
public const CONFIG_NAME = 'cloud';
3131

32-
public const DEFAULT_SIGNATURE_ALGORITHM = Utils::ALGO_SHA1;
32+
public const DEFAULT_SIGNATURE_ALGORITHM = Utils::ALGO_SHA256;
3333
public const DEFAULT_SIGNATURE_VERSION = 2;
3434

3535
// Supported parameters

src/Configuration/UrlConfig.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
* non-secure HTTP pages.
1818
* @property bool $forceVersion By default, set to self::DEFAULT_FORCE_VERSION.
1919
* @property mixed $responsiveWidthTransformation The transformation to use with responsive width.
20+
* @property bool $longUrlSignature Whether to use long URL signature.
2021
*
2122
* @api
2223
*/
@@ -54,6 +55,11 @@ class UrlConfig extends BaseConfigSection
5455
*/
5556
public const DEFAULT_SECURE = true;
5657

58+
/**
59+
* Default value for long URL signature.
60+
*/
61+
public const DEFAULT_LONG_URL_SIGNATURE = true;
62+
5763
/**
5864
* Default value for forcing version.
5965
*/
@@ -155,7 +161,7 @@ class UrlConfig extends BaseConfigSection
155161
*
156162
* @see https://cloudinary.com/documentation/advanced_url_delivery_options#generating_delivery_url_signatures
157163
*/
158-
public ?bool $longUrlSignature = null;
164+
protected ?bool $longUrlSignature = null;
159165

160166
/**
161167
* Set to true to use shorten asset type.

tests/Unit/Asset/AssetAuthTokenTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Cloudinary\Asset\Image;
1515
use Cloudinary\Asset\DeliveryType;
1616
use Cloudinary\Transformation\Scale;
17+
use Cloudinary\Utils;
1718
use UnexpectedValueException;
1819

1920
/**
@@ -94,6 +95,8 @@ public function testNullToken()
9495
$this->image->authToken->config->key = null;
9596

9697
$this->image->cloud->apiSecret = 'b';
98+
$this->image->cloud->signatureAlgorithm = Utils::ALGO_SHA1;
99+
$this->image->urlConfig->longUrlSignature = false;
97100

98101
self::assertImageUrl(
99102
's--v2fTPYTu--/'.self::EXPECTED_VERSIONED_PATH,

tests/Unit/Asset/DistributionTest.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Cloudinary\Configuration\Configuration;
1717
use Cloudinary\Configuration\UrlConfig;
1818
use Cloudinary\Exception\ConfigurationException;
19+
use Cloudinary\Utils;
1920

2021
/**
2122
* Class DistributionTest
@@ -215,8 +216,11 @@ public function testCNameSubDomain()
215216
);
216217
}
217218

218-
public function testSignature()
219+
public function testShortSignatureWithSHA1()
219220
{
221+
$this->image->urlConfig->longUrlSignature = false;
222+
$this->image->cloud->signatureAlgorithm = Utils::ALGO_SHA1;
223+
220224
self::assertImageUrl('s--MDvxhRxa--/' . self::IMAGE_NAME, $this->image->signUrl());
221225
}
222226

@@ -226,7 +230,6 @@ public function testSignature()
226230
public function testLongSignature()
227231
{
228232
$this->image->urlConfig->signUrl = true;
229-
$this->image->urlConfig->longUrlSignature = true;
230233

231234
self::assertImageUrl('s--RVsT3IpYGITMIc0RjCpde9T9Uujc2c1X--/' . self::IMAGE_NAME, $this->image);
232235
}

tests/Unit/Asset/MediaFromParamsTest.php

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -472,6 +472,9 @@ public function testMediaSignedUrl($options, $expectedPath)
472472

473473
Configuration::instance()->cloud->apiSecret = 'b';
474474

475+
Configuration::instance()->cloud->signatureAlgorithm = Utils::ALGO_SHA1;
476+
Configuration::instance()->url->longUrlSignature = false;
477+
475478
$deliveryType = ArrayUtils::get($options, 'type', DeliveryType::UPLOAD);
476479

477480
self::assertMediaFromParamsUrl(
@@ -490,17 +493,18 @@ public function testMediaSignedUrl($options, $expectedPath)
490493
public function expectedFileSignatures()
491494
{
492495
return [
493-
'Should sign an URL with a short signature by default' => [
496+
'Should sign an URL with a short signature if long_url_signature is false' => [
494497
[
495498
'sign_url' => true,
496499
'source' => 'sample.jpg',
500+
'long_url_signature' => false,
501+
'signature_algorithm' => Utils::ALGO_SHA1,
497502
],
498503
's--v2fTPYTu--',
499504
],
500-
'Should sign an URL with a long signature if long_url_signature is true' => [
505+
'Should sign an URL with a long signature by default' => [
501506
[
502507
'sign_url' => true,
503-
'long_url_signature' => true,
504508
'source' => 'sample.jpg',
505509
],
506510
's--2hbrSMPOjj5BJ4xV7SgFbRDevFaQNUFf--',

tests/Unit/Utils/ApiUtilsTest.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -320,13 +320,13 @@ public function testApiSignRequestWithGlobalConfig()
320320

321321
$params = $initialParams;
322322
Configuration::instance()->cloud->apiSecret = self::API_SIGN_REQUEST_TEST_SECRET;
323-
Configuration::instance()->cloud->signatureAlgorithm = Utils::ALGO_SHA256;
323+
Configuration::instance()->cloud->signatureAlgorithm = null;
324324
ApiUtils::signRequest($params, Configuration::instance()->cloud);
325325
$expected = '45ddaa4fa01f0c2826f32f669d2e4514faf275fe6df053f1a150e7beae58a3bd';
326326
self::assertEquals($expected, $params['signature']);
327327

328328
$params = $initialParams;
329-
Configuration::instance()->cloud->signatureAlgorithm = null;
329+
Configuration::instance()->cloud->signatureAlgorithm = Utils::ALGO_SHA1;
330330
ApiUtils::signRequest($params, Configuration::instance()->cloud);
331331
$expectedSha1 = '14c00ba6d0dfdedbc86b316847d95b9e6cd46d94';
332332
self::assertEquals($expectedSha1, $params['signature']);
@@ -382,11 +382,11 @@ public function testApiSignRequestPreventsParameterSmuggling()
382382
'Signatures should be different to prevent parameter smuggling');
383383

384384
// Verify the expected signature for the properly encoded case
385-
$expectedSignature = '4fdf465dd89451cc1ed8ec5b3e314e8a51695704';
385+
$expectedSignature = '6c3d31a5b591c5afb8a37e31764171324de3f57421301e87503e5ceeabad0bbd';
386386
self::assertEquals($expectedSignature, $signatureWithAmpersand);
387387

388388
// Verify the expected signature for the smuggled parameters case
389-
$expectedSmuggledSignature = '7b4e3a539ff1fa6e6700c41b3a2ee77586a025f9';
389+
$expectedSmuggledSignature = 'a764c945d130e8c894342711d373606cd39df91fe91dbc4559e778e0b47e7730';
390390
self::assertEquals($expectedSmuggledSignature, $signatureSmugggled);
391391
}
392392

@@ -420,7 +420,7 @@ public function testConfiguredSignatureVersionIsApplied()
420420
'Signature versions should produce different results');
421421

422422
// Version 2 should match the expected encoded signature
423-
$expectedV2Signature = '4fdf465dd89451cc1ed8ec5b3e314e8a51695704';
423+
$expectedV2Signature = '6c3d31a5b591c5afb8a37e31764171324de3f57421301e87503e5ceeabad0bbd';
424424
self::assertEquals($expectedV2Signature, $signatureV2,
425425
'Version 2 should match expected encoded signature');
426426
}

0 commit comments

Comments
 (0)