Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 13:07:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use java.time classes for stored verification code expiration; add tests.

Browse Source
This commit is contained in:
Jon Chambers
2021-06-18 11:50:28 -04:00
committed by Jon Chambers
parent ce3fb7fa99
commit 111f5ba024
2 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java
View File

@@ -8,12 +8,14 @@ package org.whispersystems.textsecuregcm.auth;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import org.whispersystems.textsecuregcm.util.Util;
import javax.annotation.Nullable;
import java.security.MessageDigest;
import java.time.Duration;
import java.time.Instant;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
public class StoredVerificationCode {
@@ -30,6 +32,8 @@ public class StoredVerificationCode {
@Nullable
private final String twilioVerificationSid;
public static final Duration EXPIRATION = Duration.ofMinutes(10);
@JsonCreator
public StoredVerificationCode(
@JsonProperty("code") final String code,
@@ -60,7 +64,12 @@ public class StoredVerificationCode {
}
public boolean isValid(String theirCodeString) {
if (timestamp + TimeUnit.MINUTES.toMillis(10) < System.currentTimeMillis()) {
return isValid(theirCodeString, Instant.now());
}
@VisibleForTesting
boolean isValid(String theirCodeString, Instant currentTime) {
if (Instant.ofEpochMilli(timestamp).plus(EXPIRATION).isBefore(currentTime)) {
return false;
}