Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Edge Case Error: Valid 1 week expiration throws error #1322
On a few projects that we upgraded to the v4 API every once and a while we get the error: "The expiration date of a signature version 4 presigned URL must be less than one week. "
This is when pass through just "1 week" to the presign function. Looking through code it appears that in certain circumstances when you pass through no start time and try to use exactly one week it can cause an error.
A somewhat simple fix could be moving the actual conversion of the timestamp of "expires" to be the line before https://github.com/aws/aws-sdk-php/blob/master/src/Signature/SignatureV4.php#L85 . This would guarantee that the expiration time is ran first, so if you do break over a second the start time would simply be 6 days, 23 hours, 59 minutes, 59 seconds from the start time, rather than what currently can happen (7 days, 0 min, 1 seconds).
Let me know what you think about this problem and that as a valid solution. I'd be happy to make a PR if it is agreed this is an edge case that should be fixed.
added a commit
Jul 6, 2017
referenced this issue
Jul 6, 2017
@imshashank On the tests the reason they are failing is because they use reflection to allow direct access to the private convertExpires method (https://github.com/aws/aws-sdk-php/blob/master/tests/Signature/SignatureV4Test.php#L98). Since I've updated the method to take the converted timestamp already they are now failing.
For now what I did was update the tests to go through the entire presign function and then ensure the URL has the proper expiration duration on it. This does encapsulate a little more than the specific duration test, since if the URL changes the tests would break, however I think it is better than adding an extra
Let me know your thoughts on this and the updated tests.