mbooali / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Invalid Exception in function requestToken of OauthServer #111

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.one user request the token with a wrong timestamp 
( > MAX(osn_timestamp) + max_timestamp_skew).
2.All other users receive the exception "Timestamp is out of sequence"

What is the expected output? What do you see instead?
the expected output is the token,  the library return exception instead.

What version of the product are you using? On what operating system?
175

Please provide any additional information below.

When a user requests the token the library check the server nonce, but the user 
doesn't have it yet. In the sql table of the server nonce appear a row with a 
nonce 0.
All other user, during login action, have the same token (0) and one wrong 
timestamp make impossible to require the initial token for all.  

Original issue reported on code.google.com by vittorio...@nealab.it on 17 May 2011 at 2:55

GoogleCodeExporter commented 9 years ago
I have fix this bug adding if($this->getParam('oauth_token')) before to 
$this->store->checkServerNonce( $this->urldecode($consumer_key),
                                            $this->urldecode($token),
                                            $this->getParam('oauth_timestamp', true),
                                            $this->getParam('oauth_nonce', true));

in function verifyExtended (class OauthRequestVerifier)

Original comment by vittorio...@nealab.it on 17 May 2011 at 3:27

Attachments:

GoogleCodeExporter commented 9 years ago
Please fix this! This is a major problem.

(And thanks for the bug fix. Saved my day.)

Original comment by matthias...@gmail.com on 3 Apr 2012 at 7:47