From 5fbf34a84e7df84ac058da9d234f332fde0d1e58 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 11 Jan 2021 13:21:40 -0700
Subject: [PATCH] removes expiration verification for the setup flow to prevent
 clock skew from failing registration

---
 agent/src/Handler/Hosts.hs | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/agent/src/Handler/Hosts.hs b/agent/src/Handler/Hosts.hs
index 364d2dca8..73af73a15 100644
--- a/agent/src/Handler/Hosts.hs
+++ b/agent/src/Handler/Hosts.hs
@@ -7,7 +7,6 @@ import           Startlude               hiding ( ask )
 import           Control.Carrier.Lift           ( runM )
 import           Data.Conduit
 import qualified Data.Conduit.Binary           as CB
-import           Data.Time.ISO8601
 import           Yesod.Core              hiding ( expiresAt )
 
 import           Foundation
@@ -32,7 +31,6 @@ getHostsR = handleS9ErrT $ do
     hostParams <- extractHostsQueryParams
 
     verifyHmac productKey hostParams
-    verifyTimestampNotExpired $ hostsParamsExpiration hostParams
 
     mClaimedAt <- checkExistingPasswordRegistration rootAccountName
     case mClaimedAt of
@@ -50,15 +48,6 @@ verifyHmac productKey params = do
         HostsParams { hostsParamsHmac, hostsParamsExpiration, hostsParamsSalt } = params
         unauthorizedHmac = ClientCryptographyE "Unauthorized hmac"
 
-verifyTimestampNotExpired :: MonadIO m => Text -> S9ErrT m ()
-verifyTimestampNotExpired expirationTimestamp = do
-    now <- liftIO getCurrentTime
-    case parseISO8601 . toS $ expirationTimestamp of
-        Nothing         -> throwE $ TTLExpirationE "invalid timestamp"
-        Just expiration -> when (expiration < now) (throwE $ TTLExpirationE "expired")
-
-
-
 getCertificateR :: Handler TypedContent
 getCertificateR = do
     base <- getsYesod $ appFilesystemBase . appSettings