Commits

Anonymous committed 47e3757

Fixed time checking bug, provider time is always UTC

  • Participants
  • Parent commits 6b63bd4

Comments (0)

Files changed (1)

File openid2rp/django/auth.py

 
 from django.conf import settings
 from django.contrib.auth.models import User
-from openid2rp.django.models import UserOpenID, OpenIDSession
+from openid2rp.django.models import UserOpenID, OpenIDSession, OpenIDNonce
 from django.http import HttpResponse
 from django.db.models import Q
 from django.contrib.auth.models import AnonymousUser
 def cleanup():
 	try:
 		# delete all expired nonces 
-		entries=OpenIDNonce.objects.filter(Q(expiration_date__lt = datetime.datetime.now()))
+		entries=OpenIDNonce.objects.filter(Q(expiration_date__lt = datetime.datetime.utcnow()))
 		for e in entries:
 			e.delete()
 	except:
 		pass
 	try:
 		# delete all expired sessions
-		entries=OpenIDSession.objects.filter(Q(expiration_date__lt = datetime.datetime.now()))
+		entries=OpenIDSession.objects.filter(Q(expiration_date__lt = datetime.datetime.utcnow()))
 		for e in entries:
 			e.delete()
 	except:
 	global maxNonceTransmission
 	db = OpenIDNonce()
 	db.nonce=nonce
-	db.expiration_date = datetime.datetime.now() + maxNonceTransmission
+	db.expiration_date = datetime.datetime.utcnow() + maxTimeShift
 	db.save()
 	
 def knownNonce(n):
 	db.ns=session['ns']
 	db.claimedId=claim
 	# Expire session in provider-given amount of seconds, consider possible shift
-	db.expiration_date = datetime.datetime.now() + datetime.timedelta(seconds=long(session['expires_in'])) - maxTimeShift
+	db.expiration_date = datetime.datetime.utcnow() + datetime.timedelta(seconds=long(session['expires_in'])) - maxTimeShift
 	db.save()
 
 def getSessionByHandle(handle):
 
 		if not ("request" in credentials and "claim" in credentials):
 			raise TypeError
-		
-		import pdb; pdb.set_trace()
-		
+
 		request=credentials['request']
 		claimedId=credentials['claim']
 		
 		nonce = request.GET['openid.response_nonce']
 		timestamp = openid2rp.parse_nonce(nonce)		
 		# provider timestamp was signed (=not forged), with replay, it would be too old; consider time shift
-		if timestamp < datetime.datetime.now() - maxTimeShift: # ???
+		if timestamp < datetime.datetime.utcnow() - maxTimeShift: 
 			raise ReplayAttackError()
 		elif knownNonce(nonce):
 			raise ReplayAttackError()