mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-23 15:22:41 +01:00
Improve error message for bad timestamps
Summary: Ref T3031. While we should probably do more than this, provide a more useful error message so I don't have to make users run `date` and such. Test Plan: Added `|| true` and ran `arc list`: $ arc list --conduit-uri=http://local.aphront.com:8080/ Exception ERR-INVALID-TOKEN: The request you submitted is signed with a timestamp, but that timestamp is not within 15 m of the current time. The signed timestamp is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700), and the current server time is 1375454102 (Fri, 02 Aug 2013 07:35:02 -0700). This is a differnce of 0 seconds, but the timestamps must differ from the server time by no more than 900 seconds. Your client or server clock may not be set correctly. (Run with --trace for a full exception trace.) Reviewers: btrahan, chad Reviewed By: chad CC: aran Maniphest Tasks: T3031 Differential Revision: https://secure.phabricator.com/D6653
This commit is contained in:
parent
6c7f36f6b8
commit
f0857e4fd8
1 changed files with 20 additions and 2 deletions
|
@ -117,8 +117,26 @@ final class ConduitAPI_conduit_connect_Method extends ConduitAPIMethod {
|
|||
|
||||
$session_key = null;
|
||||
if ($token && $signature) {
|
||||
if (abs($token - time()) > 60 * 15) {
|
||||
throw new ConduitException('ERR-INVALID-TOKEN');
|
||||
$threshold = 60 * 15;
|
||||
$now = time();
|
||||
if (abs($token - $now) > $threshold) {
|
||||
throw id(new ConduitException('ERR-INVALID-TOKEN'))
|
||||
->setErrorDescription(
|
||||
pht(
|
||||
"The request you submitted is signed with a timestamp, but that ".
|
||||
"timestamp is not within %s of the current time. The ".
|
||||
"signed timestamp is %s (%s), and the current server time is ".
|
||||
"%s (%s). This is a difference of %s seconds, but the ".
|
||||
"timestamp must differ from the server time by no more than ".
|
||||
"%s seconds. Your client or server clock may not be set ".
|
||||
"correctly.",
|
||||
phabricator_format_relative_time($threshold),
|
||||
$token,
|
||||
date('r', $token),
|
||||
$now,
|
||||
date('r', $now),
|
||||
($token - $now),
|
||||
$threshold));
|
||||
}
|
||||
$valid = sha1($token.$user->getConduitCertificate());
|
||||
if ($valid != $signature) {
|
||||
|
|
Loading…
Reference in a new issue