Mercurial > prosody-modules
comparison mod_auth_token/token_auth_utils.lib.lua @ 3568:6b3181fe5617
mod_auth_token: Timezone fix for TOTP checking
luatz.time() returns milliseconds since epoch which is in UTC time, so we don't
need to convert to UTC with gmtime.
By calling gmtime, TOTP validation was failing when this module wasn't running
on machine set to UTC time.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Thu, 02 May 2019 11:07:27 +0200 |
| parents | ac1f63cdb6d6 |
| children | 0fb12a4b6106 |
comparison
equal
deleted
inserted
replaced
| 3567:179424d557f2 | 3568:6b3181fe5617 |
|---|---|
| 46 local otp = token:sub(1,8) | 46 local otp = token:sub(1,8) |
| 47 local nonce = token:sub(9) | 47 local nonce = token:sub(9) |
| 48 local signature = base64.decode(string.match(password, " (.+)")) | 48 local signature = base64.decode(string.match(password, " (.+)")) |
| 49 local jid = username.."@"..realm | 49 local jid = username.."@"..realm |
| 50 | 50 |
| 51 if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then | 51 if totp:verify(otp, OTP_DEVIATION, luatz.time()) then |
| 52 log("debug", "The TOTP was verified"); | 52 log("debug", "The TOTP was verified"); |
| 53 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) | 53 local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE) |
| 54 if signature == hmac_ctx:final(otp..nonce..jid) then | 54 if signature == hmac_ctx:final(otp..nonce..jid) then |
| 55 log("debug", "The key was verified"); | 55 log("debug", "The key was verified"); |
| 56 if check_nonce(jid, otp, nonce) then | 56 if check_nonce(jid, otp, nonce) then |