python-oauth2 _check_timestamp() doesn't raise error when timestamp is greater than current time

_check_timestamp() doesn't raise error when timestamp is greater than current time

Open vmm opened this issue 14 years ago • 0 comments

Looks like this method doesn't really care if the timestamp is pointing to distant future.

def _check_timestamp(self, timestamp):
    """Verify that timestamp is recentish."""
    timestamp = int(timestamp)
    now = int(time.time())
    lapsed = now - timestamp
    if lapsed > self.timestamp_threshold:
        raise Error('Expired timestamp: given %d and now %s has a '
            'greater difference than threshold %d' % (timestamp, now,
                self.timestamp_threshold))

If the timestamp is greater than current time, 'lapsed' variable will be negative, and therefore always false.

500 > 300 True -500 > 300 False

I fixed it like this to my code:

if abs(lapsed) > self.timestamp_threshold:

Jun 16 '11 12:06 vmm

python-oauth2 python-oauth2 copied to clipboard

_check_timestamp() doesn't raise error when timestamp is greater than current time

python-oauth2
python-oauth2 copied to clipboard