removes expiration verification for the setup flow to prevent clock skew from failing registration

2026-03-26 10:21:52 +00:00 · 2021-01-11 13:21:40 -07:00
parent 271dd3e12d
commit 5fbf34a84e
1 changed files with 0 additions and 11 deletions
--- a/agent/src/Handler/Hosts.hs
+++ b/agent/src/Handler/Hosts.hs
@@ -7,7 +7,6 @@ import           Startlude               hiding ( ask )
 import           Control.Carrier.Lift           ( runM )
 import           Data.Conduit
 import qualified Data.Conduit.Binary           as CB
-import           Data.Time.ISO8601
 import           Yesod.Core              hiding ( expiresAt )

 import           Foundation
@@ -32,7 +31,6 @@ getHostsR = handleS9ErrT $ do
    hostParams <- extractHostsQueryParams

    verifyHmac productKey hostParams
-    verifyTimestampNotExpired $ hostsParamsExpiration hostParams

    mClaimedAt <- checkExistingPasswordRegistration rootAccountName
    case mClaimedAt of
@@ -50,15 +48,6 @@ verifyHmac productKey params = do
        HostsParams { hostsParamsHmac, hostsParamsExpiration, hostsParamsSalt } = params
        unauthorizedHmac = ClientCryptographyE "Unauthorized hmac"

-verifyTimestampNotExpired :: MonadIO m => Text -> S9ErrT m ()
-verifyTimestampNotExpired expirationTimestamp = do
-    now <- liftIO getCurrentTime
-    case parseISO8601 . toS $ expirationTimestamp of
-        Nothing         -> throwE $ TTLExpirationE "invalid timestamp"
-        Just expiration -> when (expiration < now) (throwE $ TTLExpirationE "expired")
-
-
-
 getCertificateR :: Handler TypedContent
 getCertificateR = do
    base <- getsYesod $ appFilesystemBase . appSettings