# HG changeset patch
# User JC Brand <jc@opkode.com>
# Date 1556788047 -7200
# Node ID 6b3181fe561747f5eafcf0b03d169e5be6432af3
# Parent  179424d557f219d43f384c8d450201b34b877a6e
mod_auth_token: Timezone fix for TOTP checking

luatz.time() returns milliseconds since epoch which is in UTC time, so we don't
need to convert to UTC with gmtime.

By calling gmtime, TOTP validation was failing when this module wasn't running
on machine set to UTC time.

diff -r 179424d557f2 -r 6b3181fe5617 mod_auth_token/token_auth_utils.lib.lua
--- a/mod_auth_token/token_auth_utils.lib.lua	Tue Apr 30 10:45:00 2019 +0100
+++ b/mod_auth_token/token_auth_utils.lib.lua	Thu May 02 11:07:27 2019 +0200
@@ -48,7 +48,7 @@
 	local signature = base64.decode(string.match(password, " (.+)"))
 	local jid = username.."@"..realm
 
-	if totp:verify(otp, OTP_DEVIATION, luatz.gmtime(luatz.time())) then
+	if totp:verify(otp, OTP_DEVIATION, luatz.time()) then
 		log("debug", "The TOTP was verified");
 		local hmac_ctx = hmac.new(token_secret, DIGEST_TYPE)
 		if signature == hmac_ctx:final(otp..nonce..jid) then