AAWS "Request Authentication" must be implemented by August 15, 2009
rfay - May 18, 2009 - 00:59
| Project: | Amazon Module |
| Version: | 6.x-1.0-beta5 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Description
Amazon has a new requirement for authentication and they will deny any requests that do not provide authentication after August 15, 2009.
Docs on the new requirement are here.
#1
hi,
isn't this requierment fullfiled with the Amazon API key on the setting page? Or does amazon requiere a further key?
Regards
#2
That is possible, but they sent a stern warning to all Amazon Associates telling them that they had to *change* their code and start this authentication with the signature.
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/
It's possible that this has been done all along, but I certainly read into it that it was a new requirement.
#3
In the mail Amazon sent out it reads: "In addition to the new name, signatures will be necessary to authenticate each call to the Product Advertising API. " In the latest version of the Amazon module requests do not contain a signature.
#4
Here is a patch to provide the Request Authentication. This works now but is absolutely required as of August 15. Amazon's Product Advertising API (which is what amazon module uses) will reject any requests made after that date that do not do Request Authentication.
This patch
Please test the patch and report your results here. You will need to sign up for an Amazon AWS account to get the keys required.
#5
Sorry I had left the text out of the patch posting. I've edited it now.
#6
Hey Rfay!
Sorry, I'm a total noob. Do I paste this over the entire content of the amazon.admin.inc file, or does it need to go in a specific place? I've not yet patched anything, and, while there's an abundance of patch-related posts, I just feel better getting this info from the horse's mouth, so to speak! :)
Thanks!!
JIM
#7
Instructions on how to apply a patch are at http://drupal.org/patch/apply
In this case, you download the patch, go to amazon directory, and use the command
patch < [full-path-to]/amazon_module_request_authentication_patch.txtOf course you have to have the patch command for that. The full gory details of everything about patching are at http://drupal.org/patch.
#8
Thanks!!
Dear God, this looks terrifying....
I'm looking at these command line instructions and breaking out into cold sweats! LOL
I see there are a wide variety of programs to use to do this, none of which I've ever heard of. Seeing as how I have Vista 64, any suggestions on which would be right for me?
Cheers!
JIM
#9
I found some problems with the way I'd rolled the patch; I had been working with a version of Amazon module that had another patch, and so this one did not cleanly apply. In the process of sorting that out I found some other issues while testing.
Attached is a re-roll of the patch that I think is a lot better.
[Note to Eaton: I had a conflict between this patch and #419766: hook_amazon_request doesn't work; patch provided. So I rolled that one into this one, and I'll mark that one as such. It wasn't really possible to handle them separately]
#10
@horrorview: Attached is a patched version of amazon module. It is 6.x-1.0-beta5 with just this patch.
#11
Oh man, rfay, you are AWESOME!! I was so dreading the attempt at a patch! LOL. Lord knows I've had enough setbacks with this project :)
Thanks again. That was truly kind of you :)
JIM
#12
Thanks for the work on this!
I'm taking a close look at the code now and things are looking great. I was worried by the hash_hmac() for a moment, but it does look like it's good for all versions of PHP that amazon module already requires. I"m going to run this through a bit more testing and commit it for the next rev shortly.
#13
Committed to the dev branch, will be rolled into the next release. Thanks!
#14
#15
Automatically closed -- issue fixed for 2 weeks with no activity.