Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Expires time is calculated twice when using expires_in and can cause signature authentication problems #54

Open
wants to merge 2 commits into from

1 participant

@loe
loe commented

@bmo figured this out, I'm just the messenger.

The build method in QueryString calls #expires, and so does #encoded_canonical.

 # Keep in alphabetical order
 def build
   "AWSAccessKeyId=#{access_key_id}&Expires=#{expires}&Signature=#{encoded_canonical}"
 end

If these calls lie on separate sides of a second tick the signature will be wrong. The solution is to memoize the first call so encoded_canonical uses the same value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 1, 2012
  1. @loe

    Memoize the expires time.

    loe authored
  2. @loe

    Style.

    loe authored
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/aws/s3/authentication.rb
View
4 lib/aws/s3/authentication.rb
@@ -115,7 +115,7 @@ def initialize(*args)
# 3) The current time in seconds since the epoch plus the default number of seconds (60 seconds)
def expires
return options[:expires] if options[:expires]
- date.to_i + expires_in
+ @expires ||= date.to_i + expires_in
end
def expires_in
@@ -218,4 +218,4 @@ def only_path
end
end
end
-end
+end
Something went wrong with that request. Please try again.