tokens: add some token checks

This commit is contained in:
Master Jumblespeed 2015-08-16 15:12:23 -04:00
parent 398ede7a85
commit 1f21d7053f

View file

@ -241,7 +241,12 @@ class RemoteAccountDB:
Token = BASE64(H + X) Token = BASE64(H + X)
''' '''
cookie_check = executeHttpRequest('cookie', cookie=token)
try: try:
check = json.loads(cookie_check)
if check['success'] is not True:
raise ValueError(check['error'])
token = token.decode('base64') token = token.decode('base64')
hash, token = token[:hashSize], token[hashSize:] hash, token = token[:hashSize], token[hashSize:]
correctHash = hashAlgo(token + accountServerSecret).digest() correctHash = hashAlgo(token + accountServerSecret).digest()
@ -256,6 +261,9 @@ class RemoteAccountDB:
raise ValueError('Invalid hash.') raise ValueError('Invalid hash.')
token = json.loads(token.decode('base64')[::-1].decode('rot13')) token = json.loads(token.decode('base64')[::-1].decode('rot13'))
if token['notAfter'] < int(time.time()):
raise ValueError('Expired token.')
except: except:
resp = {'success': False} resp = {'success': False}
callback(resp) callback(resp)