Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Expires time is calculated twice when using expires_in and can cause signature authentication problems #54

Open
wants to merge 2 commits into from

1 participant

W. Andrew Loe III
W. Andrew Loe III
loe commented

@bmo figured this out, I'm just the messenger.

The build method in QueryString calls #expires, and so does #encoded_canonical.

 # Keep in alphabetical order
 def build
   "AWSAccessKeyId=#{access_key_id}&Expires=#{expires}&Signature=#{encoded_canonical}"
 end

If these calls lie on separate sides of a second tick the signature will be wrong. The solution is to memoize the first call so encoded_canonical uses the same value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 1, 2012
  1. W. Andrew Loe III

    Memoize the expires time.

    loe authored
  2. W. Andrew Loe III

    Style.

    loe authored
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/aws/s3/authentication.rb
4 lib/aws/s3/authentication.rb
View
@@ -115,7 +115,7 @@ def initialize(*args)
# 3) The current time in seconds since the epoch plus the default number of seconds (60 seconds)
def expires
return options[:expires] if options[:expires]
- date.to_i + expires_in
+ @expires ||= date.to_i + expires_in
end
def expires_in
@@ -218,4 +218,4 @@ def only_path
end
end
end
-end
+end
Something went wrong with that request. Please try again.