h4kor/owl-blogs
h4kor
/
owl-blogs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check age of auth code

This commit is contained in:
Niko Abeler 2022-11-07 19:53:32 +01:00
parent 703531834d
commit fc4f5a1623
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
user.go
View File

@ -343,7 +343,11 @@ func (user User) VerifyAuthCode(
hash := sha256.Sum256([]byte(code_verifier)) hash := sha256.Sum256([]byte(code_verifier))
return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c return c.CodeChallenge == base64.RawURLEncoding.EncodeToString(hash[:]), c
} else if c.CodeChallengeMethod == "" { } else if c.CodeChallengeMethod == "" {
return true, c // Check age of code
// A maximum lifetime of 10 minutes is recommended ( https://indieauth.spec.indieweb.org/#authorization-response)
if time.Since(c.Created) < 10*time.Minute {
return true, c
}
} }
} }
} }