From 1f21d7053f1175100b9b6c46d0b126932abbcfdd Mon Sep 17 00:00:00 2001
From: Master Jumblespeed <sctigercat1@gmail.com>
Date: Sun, 16 Aug 2015 15:12:23 -0400
Subject: [PATCH] tokens: add some token checks

---
 toontown/uberdog/ClientServicesManagerUD.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/toontown/uberdog/ClientServicesManagerUD.py b/toontown/uberdog/ClientServicesManagerUD.py
index 9402d17e..f9e91a8e 100755
--- a/toontown/uberdog/ClientServicesManagerUD.py
+++ b/toontown/uberdog/ClientServicesManagerUD.py
@@ -241,7 +241,12 @@ class RemoteAccountDB:
             Token = BASE64(H + X)
         '''
 
+        cookie_check = executeHttpRequest('cookie', cookie=token)
+
         try:
+            check = json.loads(cookie_check)
+            if check['success'] is not True:
+                raise ValueError(check['error'])
             token = token.decode('base64')
             hash, token = token[:hashSize], token[hashSize:]
             correctHash = hashAlgo(token + accountServerSecret).digest()
@@ -256,6 +261,9 @@ class RemoteAccountDB:
                 raise ValueError('Invalid hash.')
 
             token = json.loads(token.decode('base64')[::-1].decode('rot13'))
+
+            if token['notAfter'] < int(time.time()):
+                raise ValueError('Expired token.')
         except:
             resp = {'success': False}
             callback(resp)