Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Static Stability) use provided expires_in in presigned url when credentials are expired #2933

Merged
merged 2 commits into from
Oct 24, 2023

Conversation

alextwoods
Copy link
Contributor

See #2673 for original change.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

  1. To make sure we include your contribution in the release notes, please make sure to add description entry for your changes in the "unreleased changes" section of the CHANGELOG.md file (at corresponding gem). For the description entry, please make sure it lives in one line and starts with Feature or Issue in the correct format.

  2. For generated code changes, please checkout below instructions first:
    https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md

Thank you for your contribution!

@alextwoods alextwoods requested a review from mullermp October 23, 2023 22:44
@@ -423,7 +423,7 @@ def presign_url(options)
params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
params['X-Amz-Credential'] = credential(creds, date)
params['X-Amz-Date'] = datetime
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration, Time.strptime(datetime, "%Y%m%dT%H%M%S%Z")).to_s
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see passing in datetime, but why does it need to be formatted? It's used for arithmetic.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thats was a bit confusing and I believe actually broken previously. The datetime above is use for the x-amz-date header and must be the formatted string. But it can be sourced from a few places, either the passed in header or options[:time] or fallback to Time.now (but in all of those cases it must be formatted as a string). I'm now passing in that datetime so that the expire_at vs expiration is computed consistently when either the header or options[:time] is provided.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I think you can just pass datetime to Time.parse? You can possibly do that parsing inside the private method when calculating expiration seconds, and just pass datetime into the method here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was trying to avoid branching in the private method on the class of datetime. in CRT it is a Time. In non-CRT it is a string. The header needs to be the string. And you can provide the header as an input and we will use that which complicates this code a bit.

I could use Time.parse but wanted to be explicit about the format.

@alextwoods alextwoods changed the title (Static Stability) use provided expired_at in presigned url when credentials are expired (Static Stability) use provided expires_in in presigned url when credentials are expired Oct 24, 2023
@alextwoods alextwoods merged commit e6d4276 into version-3 Oct 24, 2023
@alextwoods alextwoods deleted the static_stability_presigned branch October 24, 2023 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants