[10.x] Do not add token to AWS credentials without validating it first (#48297)

mmehmet · web-flow · commit 909ea24597b8 · 2023-09-05T09:23:09.000-05:00
* Remove token from config options when making a new DynamoDB client - including this creates an error with the `AwsClient` (which `DynamoDbClient` extends) in recent versions of the AWS PHP SDK:

```Invalid configuration value provided for "token"...```

* Do not add `token` value to the `credentials` array element _unless it was already present_ within the config.

Adding a blank `token` value into this array element - simply because two other values (`key` and `secret`) happened to be found within the config - can break the `AwsClient`/`S3Client` being built by these managers.

It is also cleaner to have a separate check for this `token` value - rather than assume that because you found two other values, you may as well go ahead and add this third value into the mix too, without having validated it first.

---------

Co-authored-by: Michael Mehmet &lt;&gt;
diff --git a/src/Illuminate/Cache/CacheManager.php b/src/Illuminate/Cache/CacheManager.php
@@ -260,10 +260,14 @@ protected function newDynamodbClient(array $config)
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
             $dynamoConfig['credentials'] = Arr::only(
-                $config, ['key', 'secret', 'token']
+                $config, ['key', 'secret']
             );
         }
 
+        if (! empty($config['token'])) {
+            $dynamoConfig['credentials']['token'] = $config['token'];
+        }
+
         return new DynamoDbClient($dynamoConfig);
     }
 
diff --git a/src/Illuminate/Filesystem/FilesystemManager.php b/src/Illuminate/Filesystem/FilesystemManager.php
@@ -263,7 +263,11 @@ protected function formatS3Config(array $config)
         $config += ['version' => 'latest'];
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
-            $config['credentials'] = Arr::only($config, ['key', 'secret', 'token']);
+            $config['credentials'] = Arr::only($config, ['key', 'secret']);
+        }
+
+        if (! empty($config['token'])) {
+            $config['credentials']['token'] = $config['token'];
         }
 
         return Arr::except($config, ['token']);

Original file line number	Diff line number	Diff line change
`@@ -260,10 +260,14 @@ protected function newDynamodbClient(array $config)`
`260`	`260`
`261`	`261`	`if (! empty($config['key']) && ! empty($config['secret'])) {`
`262`	`262`	`$dynamoConfig['credentials'] = Arr::only(`
`263`		`- $config, ['key', 'secret', 'token']`
	`263`	`+ $config, ['key', 'secret']`
`264`	`264`	`);`
`265`	`265`	`}`
`266`	`266`
	`267`	`+ if (! empty($config['token'])) {`
	`268`	`+ $dynamoConfig['credentials']['token'] = $config['token'];`
	`269`	`+ }`
	`270`	`+`
`267`	`271`	`return new DynamoDbClient($dynamoConfig);`
`268`	`272`	`}`
`269`	`273`