lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 02:54:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Auth) fix expiry and validity for vouchers (#3931)

Browse Source 
Always check if voucher is not expired (either
because of never expires or because of expiry
date is in the future) and ensure session timeout
will be the lowest of validity based on the first
usage, the starttime or expiry (if not never expires).
If one of those conditions is not true, reject
authentication.

Fix #3930
This commit is contained in:
xx4h 2020-02-17 08:58:23 +01:00 committed by GitHub
parent e690ff6fec
commit 7d72dbdc28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
View File

@ -421,11 +421,15 @@ class Voucher extends Base implements IAuthConnector
$row['starttime'] = time();
$this->setStartTime($username, $row['starttime']);
}
if ($row['expirytime'] > 0 && $row['expirytime'] > time()) {
$this->lastAuthProperties['session_timeout'] = $row['expirytime'] - time();
return true;
} elseif (time() - $row['starttime'] < $row['validity']) {
$this->lastAuthProperties['session_timeout'] = $row['validity'] - (time() - $row['starttime']);
$is_never_expire = ($row['expirytime'] === 0);
$is_not_expired = ($row['expirytime'] > 0 && $row['expirytime'] > time());
$is_valid = (time() - $row['starttime'] < $row['validity']);
if (($is_never_expire || $is_not_expired) && $is_valid) {
$this->lastAuthProperties['session_timeout'] = min(
// use PHP_INT_MAX as "never expire" for session_timeout
$row['validity'] - (time() - $row['starttime']),
$row['expirytime'] > 0 ? $row['expirytime'] - time() : PHP_INT_MAX
);
return true;
}
}