CLDSRV-849: don't crash if invalid Date header

[leif-scality]

Test that the arsenal bump fixed the invalid Date header crash.

Repro code:

curl -v -H "Date: BAD_DATE" -H "Authorization: AWS4-HMAC-SHA256 Credential=accessKey1/20260211/us-east-1/s3/aws4_request, SignedHeaders=host, Signature=d459d5b2a2395b4c65d8f8aa2729b22c5abb04614fafbd93ab4fe203e76d21a3" -H "X-Amz-Content-Sha256: fa8d015f89da2a769d1cea7e3bd77a5670d098d7844cda148a40c1304e5b778b" localhost:8000/leif-us-east-1/test-file.txt

2026-02-11T09:33:06.467Z: uncaughtException:
RangeError: Invalid time value
    at Date.toISOString (<anonymous>)
    at convertUTCtoISO8601 (/app/node_modules/arsenal/build/lib/auth/v4/timeUtils.js:26:43)
    at Object.check [as headers] (/app/node_modules/arsenal/build/lib/auth/v4/headerAuthCheck.js:98:57)
    at extractParams (/app/node_modules/arsenal/build/lib/auth/auth.js:122:47)
    at Object.doAuth (/app/node_modules/arsenal/build/lib/auth/auth.js:140:17)
    at /app/lib/api/api.js:238:33
    at nextTask (/app/node_modules/async/dist/async.js:5327:14)
    at Object.waterfall (/app/node_modules/async/dist/async.js:5337:5)
    at processRequest (/app/lib/api/api.js:237:22)
    at Object.callApiMethod (/app/lib/api/api.js:418:16)
{"name":"S3","time":1770802386467,"error":"Invalid time value","stack":"RangeError: Invalid time value\n    at Date.toISOString (<anonymous>)\n    at convertUTCtoISO8601 (/app/node_modules/arsenal/build/lib/auth/v4/timeUtils.js:26:43)\n    at Object.check [as headers] (/app/node_modules/arsenal/build/lib/auth/v4/headerAuthCheck.js:98:57)\n    at extractParams (/app/node_modules/arsenal/build/lib/auth/auth.js:122:47)\n    at Object.doAuth (/app/node_modules/arsenal/build/lib/auth/auth.js:140:17)\n    at /app/lib/api/api.js:238:33\n    at nextTask (/app/node_modules/async/dist/async.js:5327:14)\n    at Object.waterfall (/app/node_modules/async/dist/async.js:5337:5)\n    at processRequest (/app/lib/api/api.js:237:22)\n    at Object.callApiMethod (/app/lib/api/api.js:418:16)","level":"fatal","message":"caught error","hostname":"xps","pid":886}

[bert-e]

Hello leif-scality,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue CLDSRV-849 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.2.26

• 9.3.2

Please check the Fix Version/s of CLDSRV-849, or the target
branch of this pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.17%. Comparing base (81944ba) to head (9b836b8).
⚠️ Report is 3 commits behind head on development/9.2.
✅ All tests successful. No failed tests found.

Additional details and impacted files

see 2 files with indirect coverage changes

@@                 Coverage Diff                 @@
##           development/9.2    #6079      +/-   ##
===================================================
- Coverage            84.19%   84.17%   -0.03%     
===================================================
  Files                  204      204              
  Lines                13124    13124              
===================================================
- Hits                 11050    11047       -3     
- Misses                2074     2077       +3     

Flag	Coverage Δ
file-ft-tests	67.62% <ø> (ø)
kmip-ft-tests	28.19% <ø> (ø)
mongo-v0-ft-tests	68.86% <ø> (ø)
mongo-v1-ft-tests	68.85% <ø> (-0.07%)	⬇️
multiple-backend	35.24% <ø> (ø)
sur-tests	35.75% <ø> (-0.04%)	⬇️
sur-tests-inflights	37.60% <ø> (ø)
unit	69.71% <ø> (ø)
utapi-v2-tests	34.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bert-e]

Incorrect fix version

The Fix Version/s in issue CLDSRV-849 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.2.28

• 9.3.3

Please check the Fix Version/s of CLDSRV-849, or the target
branch of this pull request.

[BourgoisMickael]

should you have the same test with X-Amz-Date header as well ?

[leif-scality]

A bad X-Amz-Date did not crash before, but I added a test anyways

[BourgoisMickael]

To prevent duplication, you could use an array to generate the same test for 2 different date headers

['Date', 'X-Amz-Date'].forEach(
  dateHeader => it(`should return ...${dateHeader}...`, done => {
    // ...
    headers: {
      [dateHeader]: 'BAD_DATE'
    }
  }
)

[BourgoisMickael]

With the fixed date in the authorization is it going to work any other day ?

[leif-scality]

We test the Date, before the Authorization so it does not matter

[leif-scality]

We also check the error string Authentication requires a valid Date or x-amz-date header, so it we fail for another reason we would find out

[BourgoisMickael]

You can put that comment direct into code so we know when we read it next time

[bert-e]

Request integration branches

Waiting for integration branch creation to be requested by the user.

To request integration branches, please comment on this pull request with the following command:

/create_integration_branches

Alternatively, the /approve and /create_pull_requests commands will automatically
create the integration branches.

[leif-scality]

/create_integration_branches

[bert-e]

Conflict

A conflict has been raised during the creation of
integration branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header with contents from bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header
and development/9.3.

I have not created the integration branch.

Here are the steps to resolve this conflict:

 git fetch
 git checkout -B w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header origin/development/9.3
 git merge origin/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header
 # <intense conflict resolution>
 git commit
 git push -u origin w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: create_integration_branches

[leif-scality]

ping

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

The following options are set: create_integration_branches

[leif-scality]

/approve

[bert-e]

Build failed

The build for commit did not succeed in branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: approve, create_integration_branches

[bert-e]

Unknown command

I didn't understand this comment by @leif-scality:

/delete_integration_branches

I don't know what delete_integration_branches means.

Please edit or delete the corresponding comment so I can move on.

The following options are set: approve, create_integration_branches

[leif-scality]

/help

[bert-e]

Build failed

The build for commit did not succeed in branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: approve, create_integration_branches

[leif-scality]

/create_integration_branches

[leif-scality]

/create_integration_branches

[bert-e]

Conflict

A conflict has been raised during the creation of
integration branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header with contents from bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header
and development/9.3.

I have not created the integration branch.

Here are the steps to resolve this conflict:

 git fetch
 git checkout -B w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header origin/development/9.3
 git merge origin/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header
 # <intense conflict resolution>
 git commit
 git push -u origin w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: approve, create_integration_branches

[bert-e]

Build failed

The build for commit did not succeed in branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: approve, create_integration_branches

[bert-e]

Build failed

The build for commit did not succeed in branch w/9.3/bugfix/CLDSRV-849-dont-crash-if-invalid-Date-header

The following options are set: approve, create_integration_branches

[bert-e]

I have successfully merged the changeset of this pull request
into targetted development branches:

• ✔️ development/9.2

• ✔️ development/9.3

The following branches have NOT changed:

• development/7.10
• development/7.4
• development/7.70
• development/8.8
• development/9.0
• development/9.1

Please check the status of the associated issue CLDSRV-849.

Goodbye leif-scality.

The following options are set: approve, create_integration_branches