1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 15:22:41 +01:00

Improve error message for bad timestamps

Summary: Ref T3031. While we should probably do more than this, provide a more useful error message so I don't have to make users run `date` and such.

Test Plan:
Added `|| true` and ran `arc list`:

  $ arc list --conduit-uri=http://local.aphront.com:8080/
  Exception
  ERR-INVALID-TOKEN: The request you submitted is signed with a timestamp, but that timestamp is not within 15 m of the current time. The signed timestamp is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700), and the current server time is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700). This is a differnce of 0 seconds, but the timestamps must differ from the server time by no more than 900 seconds. Your client or server clock may not be set correctly.
  (Run with --trace for a full exception trace.)

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3031

Differential Revision: https://secure.phabricator.com/D6653
This commit is contained in:
epriestley 2013-08-02 07:38:59 -07:00
parent 6c7f36f6b8
commit f0857e4fd8

View file

@ -117,8 +117,26 @@ final class ConduitAPI_conduit_connect_Method extends ConduitAPIMethod {
$session_key = null;
if ($token && $signature) {
if (abs($token - time()) > 60 * 15) {
throw new ConduitException('ERR-INVALID-TOKEN');
$threshold = 60 * 15;
$now = time();
if (abs($token - $now) > $threshold) {
throw id(new ConduitException('ERR-INVALID-TOKEN'))
->setErrorDescription(
pht(
"The request you submitted is signed with a timestamp, but that ".
"timestamp is not within %s of the current time. The ".
"signed timestamp is %s (%s), and the current server time is ".
"%s (%s). This is a difference of %s seconds, but the ".
"timestamp must differ from the server time by no more than ".
"%s seconds. Your client or server clock may not be set ".
"correctly.",
phabricator_format_relative_time($threshold),
$token,
date('r', $token),
$now,
date('r', $now),
($token - $now),
$threshold));
}
$valid = sha1($token.$user->getConduitCertificate());
if ($valid != $signature) {