Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-31 04:23:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

removes expiration verification for the setup flow to prevent clock skew from failing registration

Browse Source
This commit is contained in:
Keagan McClelland
2021-01-11 13:21:40 -07:00
committed by Aiden McClelland
parent 271dd3e12d
commit 5fbf34a84e
1 changed files with 0 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
agent/src/Handler/Hosts.hs
View File

@@ -7,7 +7,6 @@ import Startlude hiding ( ask )
import Control.Carrier.Lift ( runM ) import Control.Carrier.Lift ( runM )
import Data.Conduit import Data.Conduit
import qualified Data.Conduit.Binary as CB import qualified Data.Conduit.Binary as CB
import Data.Time.ISO8601
import Yesod.Core hiding ( expiresAt ) import Yesod.Core hiding ( expiresAt )
import Foundation import Foundation
@@ -32,7 +31,6 @@ getHostsR = handleS9ErrT $ do
hostParams <- extractHostsQueryParams hostParams <- extractHostsQueryParams
verifyHmac productKey hostParams verifyHmac productKey hostParams
verifyTimestampNotExpired $ hostsParamsExpiration hostParams
mClaimedAt <- checkExistingPasswordRegistration rootAccountName mClaimedAt <- checkExistingPasswordRegistration rootAccountName
case mClaimedAt of case mClaimedAt of
@@ -50,15 +48,6 @@ verifyHmac productKey params = do
HostsParams { hostsParamsHmac, hostsParamsExpiration, hostsParamsSalt } = params HostsParams { hostsParamsHmac, hostsParamsExpiration, hostsParamsSalt } = params
unauthorizedHmac = ClientCryptographyE "Unauthorized hmac" unauthorizedHmac = ClientCryptographyE "Unauthorized hmac"
verifyTimestampNotExpired :: MonadIO m => Text -> S9ErrT m ()
verifyTimestampNotExpired expirationTimestamp = do
now <- liftIO getCurrentTime
case parseISO8601 . toS $ expirationTimestamp of
Nothing -> throwE $ TTLExpirationE "invalid timestamp"
Just expiration -> when (expiration < now) (throwE $ TTLExpirationE "expired")
getCertificateR :: Handler TypedContent getCertificateR :: Handler TypedContent
getCertificateR = do getCertificateR = do
base <- getsYesod $ appFilesystemBase . appSettings base <- getsYesod $ appFilesystemBase . appSettings