Skip to content

Commit

Permalink
Make challenge expire as sessions do
Browse files Browse the repository at this point in the history
  • Loading branch information
@NHAS
NHAS committed Jun 10, 2024
1 parent 009ff48 commit 47f85c0
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions internal/router/session_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,15 @@ func (c *Challenger) Challenge(address string) error {
return fmt.Errorf("failed to get device address for ws challenge: %s", err)
}

maxLifetimeMinutes, err := data.GetSessionLifetimeMinutes()
if err != nil {
return fmt.Errorf("failed max lifetime: %s", err)
}

if time.Now().After(deviceDetails.Authorised.Add(time.Duration(maxLifetimeMinutes) * time.Minute)) {
return fmt.Errorf("challenge came from expired session")
}

if subtle.ConstantTimeCompare([]byte(deviceDetails.Challenge), []byte(msg.Challenge)) != 1 {
return fmt.Errorf("challenge does not match")
}
Expand Down

0 comments on commit 47f85c0

Please sign in to comment.