lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 01:19:11 +00:00
Code Issues Activity

Token mechanism fixes

Browse Source
This commit is contained in:
Lauri Võsandi
2017-04-24 20:33:55 +03:00
parent 9658d8cc83
commit d5edbe50c5
8 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
certidude/api/bootstrap.py
View File

@@ -10,5 +10,5 @@ class BootstrapResource(object):
def on_get(self, req, resp):
resp.body = Template(open(config.BOOTSTRAP_TEMPLATE).read()).render(
authority = const.FQDN,
servers = [cn for cn, path, buf, cert, server in authority.list_signed() if server])
servers = authority.list_server_names())

5
certidude/api/token.py
View File

@@ -35,11 +35,12 @@ class TokenResource(object):
csum.update(username)
csum.update(str(timestamp))
margin = 300 # Tolerate 5 minute clock skew as Kerberos does
if csum.hexdigest() != req.get_param("c", required=True):
raise falcon.HTTPUnauthorized("Forbidden", "Invalid token supplied, did you copy-paste link correctly?")
if now < timestamp:
if now < timestamp - margin:
raise falcon.HTTPUnauthorized("Forbidden", "Token not valid yet, are you sure server clock is correct?")
if now > timestamp + config.TOKEN_LIFETIME:
if now > timestamp + margin + config.TOKEN_LIFETIME:
raise falcon.HTTPUnauthorized("Forbidden", "Token expired")
# At this point consider token to be legitimate