Invalid Exception in function requestToken of OauthServer

Question

Invalid Exception in function requestToken of OauthServer

Opened this issue 10 years ago · 2 comments

GoogleCodeExporter commented 10 years ago

What steps will reproduce the problem?
1.one user request the token with a wrong timestamp 
( > MAX(osn_timestamp) + max_timestamp_skew).
2.All other users receive the exception "Timestamp is out of sequence"

What is the expected output? What do you see instead?
the expected output is the token,  the library return exception instead.

What version of the product are you using? On what operating system?
175

Please provide any additional information below.

When a user requests the token the library check the server nonce, but the user 
doesn't have it yet. In the sql table of the server nonce appear a row with a 
nonce 0.
All other user, during login action, have the same token (0) and one wrong 
timestamp make impossible to require the initial token for all.

Original issue reported on code.google.com by vittorio...@nealab.it on 17 May 2011 at 2:55

Answer 1 · 2015-03-19T22:03:48.000Z

I have fix this bug adding if($this->getParam('oauth_token')) before to 
$this->store->checkServerNonce( $this->urldecode($consumer_key),
                                            $this->urldecode($token),
                                            $this->getParam('oauth_timestamp', true),
                                            $this->getParam('oauth_nonce', true));

in function verifyExtended (class OauthRequestVerifier)

Original comment by vittorio...@nealab.it on 17 May 2011 at 3:27

Attachments:

OAuthRequestVerifier.php

Answer 2 · 2015-03-19T22:03:48.000Z

Please fix this! This is a major problem.

(And thanks for the bug fix. Saved my day.)

Original comment by matthias...@gmail.com on 3 Apr 2012 at 7:47