Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Edge Case Error: Valid 1 week expiration throws error #1322
On a few projects that we upgraded to the v4 API every once and a while we get the error: "The expiration date of a signature version 4 presigned URL must be less than one week. "
This is when pass through just "1 week" to the presign function. Looking through code it appears that in certain circumstances when you pass through no start time and try to use exactly one week it can cause an error.
A somewhat simple fix could be moving the actual conversion of the timestamp of "expires" to be the line before https://github.com/aws/aws-sdk-php/blob/master/src/Signature/SignatureV4.php#L85 . This would guarantee that the expiration time is ran first, so if you do break over a second the start time would simply be 6 days, 23 hours, 59 minutes, 59 seconds from the start time, rather than what currently can happen (7 days, 0 min, 1 seconds).
Let me know what you think about this problem and that as a valid solution. I'd be happy to make a PR if it is agreed this is an edge case that should be fixed.
…mestamp for edge case of second roll overs. As described in issue aws#1322 an edge case of using exactly 1 week expiration when a second rolls between the startTimestamp calculation via time() and the expires timestamp can cause incorrect exceptions. This occurs when the second rolls over (ie 12:01:01.9999999 to 12:02:02.00000) between the startTime (time()) and endTime conversion from strtotime(). This causes the exception of the expiration must be less than a week to be thrown. By moving the endTime to be converted before startTime this guarantees that will never occur.
@imshashank On the tests the reason they are failing is because they use reflection to allow direct access to the private convertExpires method (https://github.com/aws/aws-sdk-php/blob/master/tests/Signature/SignatureV4Test.php#L98). Since I've updated the method to take the converted timestamp already they are now failing.
For now what I did was update the tests to go through the entire presign function and then ensure the URL has the proper expiration duration on it. This does encapsulate a little more than the specific duration test, since if the URL changes the tests would break, however I think it is better than adding an extra
Let me know your thoughts on this and the updated tests.