From ef47f6a5a90617863436389fa24fbf477f1f8649 Mon Sep 17 00:00:00 2001
From: Robert Chettleburgh <rob@evosite.co.uk>
Date: Fri, 22 Nov 2024 16:40:48 +0000
Subject: [PATCH] [10.x] Fix: Prevent invalid AWS credentials options being
 created Improves on 909ea24597b86cfc7a49ce41074280d0347bf6a3 which could
 create credentials arrays with only a token

---
 src/Illuminate/Bus/BusServiceProvider.php        | 8 ++++----
 src/Illuminate/Cache/CacheManager.php            | 7 +++----
 src/Illuminate/Filesystem/FilesystemManager.php  | 7 +++----
 src/Illuminate/Mail/MailManager.php              | 5 ++++-
 src/Illuminate/Queue/Connectors/SqsConnector.php | 5 ++++-
 src/Illuminate/Queue/QueueServiceProvider.php    | 7 ++++---
 6 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/Illuminate/Bus/BusServiceProvider.php b/src/Illuminate/Bus/BusServiceProvider.php
index 4031e15f441c..ae0c3625e613 100644
--- a/src/Illuminate/Bus/BusServiceProvider.php
+++ b/src/Illuminate/Bus/BusServiceProvider.php
@@ -69,10 +69,10 @@ protected function registerBatchServices()
             ];
 
             if (! empty($config['key']) && ! empty($config['secret'])) {
-                $dynamoConfig['credentials'] = Arr::only(
-                    $config,
-                    ['key', 'secret', 'token']
-                );
+                $dynamoConfig['credentials'] = Arr::only($config, ['key', 'secret']);
+                if (! empty($config['token'])) {
+                    $dynamoConfig['credentials']['token'] = $config['token'];
+                }
             }
 
             return new DynamoBatchRepository(
diff --git a/src/Illuminate/Cache/CacheManager.php b/src/Illuminate/Cache/CacheManager.php
index e5c9049997d0..a3eef6cb35cc 100755
--- a/src/Illuminate/Cache/CacheManager.php
+++ b/src/Illuminate/Cache/CacheManager.php
@@ -262,10 +262,9 @@ protected function newDynamodbClient(array $config)
             $dynamoConfig['credentials'] = Arr::only(
                 $config, ['key', 'secret']
             );
-        }
-
-        if (! empty($config['token'])) {
-            $dynamoConfig['credentials']['token'] = $config['token'];
+            if (! empty($config['token'])) {
+                $dynamoConfig['credentials']['token'] = $config['token'];
+            }
         }
 
         return new DynamoDbClient($dynamoConfig);
diff --git a/src/Illuminate/Filesystem/FilesystemManager.php b/src/Illuminate/Filesystem/FilesystemManager.php
index d81b31ff6e91..403bd051cc80 100644
--- a/src/Illuminate/Filesystem/FilesystemManager.php
+++ b/src/Illuminate/Filesystem/FilesystemManager.php
@@ -264,10 +264,9 @@ protected function formatS3Config(array $config)
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
             $config['credentials'] = Arr::only($config, ['key', 'secret']);
-        }
-
-        if (! empty($config['token'])) {
-            $config['credentials']['token'] = $config['token'];
+            if (! empty($config['token'])) {
+                $config['credentials']['token'] = $config['token'];
+            }
         }
 
         return Arr::except($config, ['token']);
diff --git a/src/Illuminate/Mail/MailManager.php b/src/Illuminate/Mail/MailManager.php
index 0c54fa23b316..0b2d2b63764a 100644
--- a/src/Illuminate/Mail/MailManager.php
+++ b/src/Illuminate/Mail/MailManager.php
@@ -286,7 +286,10 @@ protected function createSesV2Transport(array $config)
     protected function addSesCredentials(array $config)
     {
         if (! empty($config['key']) && ! empty($config['secret'])) {
-            $config['credentials'] = Arr::only($config, ['key', 'secret', 'token']);
+            $config['credentials'] = Arr::only($config, ['key', 'secret']);
+            if (! empty($config['token'])) {
+                $config['credentials']['token'] = $config['token'];
+            }
         }
 
         return Arr::except($config, ['token']);
diff --git a/src/Illuminate/Queue/Connectors/SqsConnector.php b/src/Illuminate/Queue/Connectors/SqsConnector.php
index d70bd8e5f9c4..950b2888dbd0 100755
--- a/src/Illuminate/Queue/Connectors/SqsConnector.php
+++ b/src/Illuminate/Queue/Connectors/SqsConnector.php
@@ -19,7 +19,10 @@ public function connect(array $config)
         $config = $this->getDefaultConfiguration($config);
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
-            $config['credentials'] = Arr::only($config, ['key', 'secret', 'token']);
+            $config['credentials'] = Arr::only($config, ['key', 'secret']);
+            if (! empty($config['token'])) {
+                $config['credentials']['token'] = $config['token'];
+            }
         }
 
         return new SqsQueue(
diff --git a/src/Illuminate/Queue/QueueServiceProvider.php b/src/Illuminate/Queue/QueueServiceProvider.php
index 478352ae7e76..ce52b9e5c116 100755
--- a/src/Illuminate/Queue/QueueServiceProvider.php
+++ b/src/Illuminate/Queue/QueueServiceProvider.php
@@ -312,9 +312,10 @@ protected function dynamoFailedJobProvider($config)
         ];
 
         if (! empty($config['key']) && ! empty($config['secret'])) {
-            $dynamoConfig['credentials'] = Arr::only(
-                $config, ['key', 'secret', 'token']
-            );
+            $dynamoConfig['credentials'] = Arr::only($config, ['key', 'secret']);
+            if (! empty($config['token'])) {
+                $dynamoConfig['credentials']['token'] = $config['token'];
+            }
         }
 
         return new DynamoDbFailedJobProvider(