From 5cca187e89d8054043bf81aa87af1d27ac8485d1 Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Tue, 30 Nov 2010 07:44:55 +0100 Subject: [PATCH] Add the timeout and unique checks. --- framework/Token/lib/Horde/Token/Base.php | 13 +++++++++-- framework/Token/test/Horde/Token/Unit/FileTest.php | 26 ++++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/framework/Token/lib/Horde/Token/Base.php b/framework/Token/lib/Horde/Token/Base.php index 7be77b077..865ecff0c 100644 --- a/framework/Token/lib/Horde/Token/Base.php +++ b/framework/Token/lib/Horde/Token/Base.php @@ -124,11 +124,12 @@ abstract class Horde_Token_Base * @param string $token The signed token. * @param string $seed The unique ID of the token. * @param int $timeout Timout of the token in seconds. - * @param boolean $unique Can the token be used more than once? + * Values below zero represent no timeout. + * @param boolean $unique Should validation of the token succeed only once? * * @return boolean True if the token was valid. */ - public function validate($token, $seed = '', $timeout = 0, $unique = false) + public function validate($token, $seed = '', $timeout = -1, $unique = false) { $b = Horde_Url::uriB64Decode($token); $nonce = substr($b, 0, 6); @@ -136,6 +137,14 @@ abstract class Horde_Token_Base if ($hash != $this->_hash($nonce . $seed)) { return false; } + $timestamp = unpack('N', substr($nonce, 0, 4)); + $timestamp = array_pop($timestamp); + if ($timeout >= 0 && $timestamp + $timeout >= time()) { + return false; + } + if ($unique) { + return $this->verify($nonce); + } return true; } diff --git a/framework/Token/test/Horde/Token/Unit/FileTest.php b/framework/Token/test/Horde/Token/Unit/FileTest.php index a458bed9f..623a29efb 100644 --- a/framework/Token/test/Horde/Token/Unit/FileTest.php +++ b/framework/Token/test/Horde/Token/Unit/FileTest.php @@ -75,6 +75,32 @@ class Horde_Token_Unit_Storage_FileTest extends PHPUnit_Framework_TestCase $this->assertFalse($t->validate($t->get('a'), 'b')); } + public function testImmediateTimeout() + { + $t = new Horde_Token_File(array('secret' => 'abc')); + $this->assertFalse($t->validate($t->get('a'), 'a', 1)); + } + + public function testTimeoutAfterOneSecond() + { + $t = new Horde_Token_File(array('secret' => 'abc')); + sleep(1); + $this->assertFalse($t->validate($t->get('a'), 'a', 1)); + } + + public function testUniqueToken() + { + $t = new Horde_Token_File( + array( + 'secret' => 'abc', + 'token_dir' => $this->_getTemporaryDirectory() + ) + ); + $token = $t->get('a'); + $t->validate($token, 'a', -1, true); + $this->assertFalse($t->validate($token, 'a', -1, true)); + } + public function testNonces() { $t = new Horde_Token_File(array('secret' => 'abc')); -- 2.11.0