Fix URL signing api for URLs containing special characters by ErykKul · Pull Request #12435 · IQSS/dataverse

ErykKul · 2026-06-04T13:15:11Z

What this PR does / why we need it:
Bug fix; URL signing for URLs containing special characters broken in 6.10, this PR fixes the introduced bug.

Which issue(s) this PR closes:
Issue not created, bug fixed directly here.

Special notes for your reviewer:
Added tests to prevent regression. Also, API requires now the signing secret to be set, otherwise it will not work.

Suggestions on how to test this:
No special testing needed, the unit tests should be sufficient.

Does this PR introduce a user interface change? If mockups are available, please link/include them here:
No

Is there a release notes update needed for this change?:
Yes, included.

Additional documentation:
No

coveralls · 2026-06-04T13:24:54Z

coverage: 25.029% (+0.004%) from 25.025% — fix-url-signing-special-characters into develop

github-actions · 2026-06-04T14:26:48Z

Test Results

403 tests ±0 388 ✅ ±0 38m 0s ⏱️ + 4m 23s
55 suites ±0 15 💤 ±0
55 files ±0 0 ❌ ±0

Results for commit 4bbb576. ± Comparison against base commit 670f82f.

♻️ This comment has been updated with latest results.

pdurbin · 2026-06-08T15:48:14Z

@ErykKul sorry, we bumped this to 6.12 given our capacity and how you said you're probably the only person using this API. 😄

stevenwinship · 2026-06-15T20:50:28Z

+            return error(Response.Status.INTERNAL_SERVER_ERROR,
+                    "Requesting signed URLs requires a signing secret to be configured. Please set the dataverse.api.signing-secret JVM option.");
+        }
+


My concern with this being here is that it doesn't cover the URL signing when requesting a file download with a guestbook response. Those APIs still work without the secret. (See Access.java) These APIs all call UrlSignerUtil.signUrl, which should have this code to return an error if no signing-secret exists.

{
"status": "OK",
"data": {
"signedUrl": "http://localhost:8080/api/v1/access/dataset/4?gbrecs=true&gbrids=12&until=2026-06-15T20:36:32.302&user=usere7c863fd&method=GET&token=c99c3f9393be5ddedbd72829b6a8b29de3310b06f6692b77286351ba079c82af177c0e8c8df237afe7d6611b7c044e79cc7e402042bf07aa1f9cbbb9cf855298"
}
}

github-actions · 2026-06-16T09:04:13Z

📦 Pushed preview images as

ghcr.io/gdcc/dataverse:fix-url-signing-special-characters

ghcr.io/gdcc/configbaker:fix-url-signing-special-characters

🚢 See on GHCR. Use by referencing with full name as printed above, mind the registry name.

Fix URL signing api for URLs containing special characters

f911647

ErykKul requested review from pdurbin and poikilotherm as code owners June 4, 2026 13:15

ErykKul added this to IQSS Dataverse Project Jun 4, 2026

ErykKul added Size: 3 A percentage of a sprint. 2.1 hours. Type: Bug - Blocker Bug is blocking user work, no workaround available labels Jun 4, 2026

ErykKul added this to the 6.11 milestone Jun 4, 2026

Merge branch 'develop' into fix-url-signing-special-characters

2c94dc8

ErykKul moved this to Ready for Review ⏩ in IQSS Dataverse Project Jun 4, 2026