From 3e20a080fedf26a875120c535d2c8285b0a5b794 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Wed, 12 Oct 2016 18:50:48 -0700 Subject: [PATCH] server: fix auth request expiry --- server/handlers.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/server/handlers.go b/server/handlers.go index 02c1881b..fe7a1928 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -143,6 +143,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) { s.renderError(w, http.StatusInternalServerError, err.Type, err.Description) return } + authReq.Expiry = s.now().Add(time.Minute * 30) if err := s.storage.CreateAuthRequest(authReq); err != nil { log.Printf("Failed to create authorization request: %v", err) s.renderError(w, http.StatusInternalServerError, errServerError, "") @@ -342,7 +343,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) { } func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest) { - if authReq.Expiry.After(s.now()) { + if s.now().After(authReq.Expiry) { s.renderError(w, http.StatusBadRequest, errInvalidRequest, "Authorization request period has expired.") return } @@ -373,7 +374,7 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe Nonce: authReq.Nonce, Scopes: authReq.Scopes, Claims: authReq.Claims, - Expiry: s.now().Add(time.Minute * 5), + Expiry: s.now().Add(time.Minute * 30), RedirectURI: authReq.RedirectURI, } if err := s.storage.CreateAuthCode(code); err != nil {