[10.x] Do not add token to AWS credentials without validating it first (

laravel#48297) * Remove token from config options when making a new DynamoDB client - including this creates an error with the `AwsClient` (which `DynamoDbClient` extends) in recent versions of the AWS PHP SDK: ```Invalid configuration value provided for "token"...``` * Do not add `token` value to the `credentials` array element _unless it was already present_ within the config. Adding a blank `token` value into this array element - simply because two other values (`key` and `secret`) happened to be found within the config - can break the `AwsClient`/`S3Client` being built by these managers. It is also cleaner to have a separate check for this `token` value - rather than assume that because you found two other values, you may as well go ahead and add this third value into the mix too, without having validated it first. --------- Co-authored-by: Michael Mehmet <>
robchett · Sep 5, 2023 · 909ea24 · 909ea24
1 parent abe8656
commit 909ea24
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/src/Illuminate/Cache/CacheManager.php b/src/Illuminate/Cache/CacheManager.php
@@ -260,10 +260,14 @@ protected function newDynamodbClient(array $config)
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
             $dynamoConfig['credentials'] = Arr::only(
-                $config, ['key', 'secret', 'token']
+                $config, ['key', 'secret']
             );
         }
 
+        if (! empty($config['token'])) {
+            $dynamoConfig['credentials']['token'] = $config['token'];
+        }
+
         return new DynamoDbClient($dynamoConfig);
     }
 

diff --git a/src/Illuminate/Filesystem/FilesystemManager.php b/src/Illuminate/Filesystem/FilesystemManager.php
@@ -263,7 +263,11 @@ protected function formatS3Config(array $config)
         $config += ['version' => 'latest'];
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
-            $config['credentials'] = Arr::only($config, ['key', 'secret', 'token']);
+            $config['credentials'] = Arr::only($config, ['key', 'secret']);
+        }
+
+        if (! empty($config['token'])) {
+            $config['credentials']['token'] = $config['token'];
         }
 
         return Arr::except($config, ['token']);