Add extra timestamp checks

Check for INT and bigger than 0 (not negative)
cultuurnet · Sep 16, 2015 · 68ca77e · 68ca77e
1 parent 044b757
commit 68ca77e
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 0 deletions.
diff --git a/src/.empty b/src/.empty
diff --git a/src/NonceProvider.php b/src/NonceProvider.php
@@ -65,6 +65,28 @@ private function noncesRedisKey(ConsumerInterface $consumer, $timestamp)
      */
     public function checkNonceAndTimestampUnicity($nonce, $timestamp, ConsumerInterface $consumer)
     {
+        // Check timestamp: The timestamp value MUST be a positive integer
+        // and MUST be equal or greater than the timestamp used in previous requests.
+        // @see http://oauth.net/core/1.0/#nonce
+        if (!is_integer($timestamp)) {
+            throw new \InvalidArgumentException(
+                'Timestamp should be an integer, got ' . $this->checkPlain($timestamp)
+            );
+        }
+
+        if ($timestamp < 0) {
+            throw new \InvalidArgumentException(
+                'Timestamp should be a positive number bigger than 0, got ' . $this->checkPlain($timestamp)
+            );
+        }
+
+        //$maxTimestamp = $this->client->
+        /*if ($timestamp < $maxTimestamp) {
+            throw new \InvalidArgumentException(
+                'Timestamp must be bigger than the last timestamp we have recorded'
+            );
+        }*/
+
         $noncesRedisKey = $this->noncesRedisKey($consumer, $timestamp);
         $exists = $this->client->sismember($noncesRedisKey, $nonce);
 
@@ -82,4 +104,9 @@ public function registerNonceAndTimestamp($nonce, $timestamp, ConsumerInterface
 
         return true;
     }
+
+    protected function checkPlain($text)
+    {
+        return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
+    }
 }
diff --git a/tests/.empty b/tests/.empty
diff --git a/tests/NonceProviderTest.php b/tests/NonceProviderTest.php
@@ -124,4 +124,55 @@ public function it_only_accepts_integers_bigger_than_zero_for_ttl($invalidTTLVal
         $this->setExpectedException(\InvalidArgumentException::class);
         new NonceProvider($this->client, $invalidTTLValue);
     }
+
+    /**
+     * @test
+     */
+    public function it_throws_an_error_when_using_a_text_timestamp()
+    {
+        $this->setExpectedException(
+            'InvalidArgumentException',
+            'Timestamp should be an integer, got abcdef'
+        );
+
+        $this->nonceProvider->checkNonceAndTimestampUnicity(
+            'foo',
+            'abcdef',
+            $this->consumer
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function it_throws_an_error_when_using_a_negative_timestamp()
+    {
+        $this->setExpectedException(
+            'InvalidArgumentException',
+            'Timestamp should be a positive number bigger than 0, got -123456'
+        );
+
+        $this->nonceProvider->checkNonceAndTimestampUnicity(
+            'foo',
+            -123456,
+            $this->consumer
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function it_throws_an_error_when_using_a_decimal_timestamp()
+    {
+        $this->setExpectedException(
+            'InvalidArgumentException',
+            'Timestamp should be an integer, got 1234.56'
+        );
+
+        $this->nonceProvider->checkNonceAndTimestampUnicity(
+            'foo',
+            1234.56,
+            $this->consumer
+        );
+    }
 }