Merge pull request #6 from SoapBox/bugfix/respect-tolerance-values

Jaspaul · web-flow · commit c728583fdfd3 · 2017-05-04T09:51:54.000-04:00
[Bugfix] Respect tolerance values
diff --git a/src/Middlewares/VerifySignature.php b/src/Middlewares/VerifySignature.php
@@ -73,7 +73,7 @@ public function handle(Request $request, Closure $next)
 
         $tolerance = $this->configurations->get('signed-requests.request-replay.tolerance');
 
-        if (false == $this->configurations->get('signed-requests.request-replay.allow')) {
+        if (true !== $this->configurations->get('signed-requests.request-replay.allow')) {
             $isExpired = $signed->isExpired($tolerance);
 
             if ($isExpired || $this->cache->has($key)) {
diff --git a/src/Requests/Verifier.php b/src/Requests/Verifier.php
@@ -189,7 +189,7 @@ public function isExpired(int $tolerance) : bool
         $issuedAt =
             Carbon::parse($this->headers->get('X-SIGNED-TIMESTAMP', '1901-01-01 12:00:00'));
 
-        return Carbon::now()->diffInSeconds($issuedAt) > 60;
+        return Carbon::now()->diffInSeconds($issuedAt) > $tolerance;
     }
 
     /**
diff --git a/tests/Requests/VerifierTest.php b/tests/Requests/VerifierTest.php
@@ -194,7 +194,7 @@ public function a_signed_request_is_valid_if_the_signature_matches_the_signature
      */
     public function is_expired_returns_true_if_no_timestamp_is_provided_on_the_request()
     {
-        $tolerance = 60;
+        $tolerance = 10;
 
         $id = "363c60de-9024-4915-99a9-88d63167665e";
 
@@ -208,7 +208,7 @@ public function is_expired_returns_true_if_no_timestamp_is_provided_on_the_reque
      */
     public function is_expired_returns_false_if_the_timestamp_is_within_the_tolerance_window()
     {
-        $tolerance = 60;
+        $tolerance = 100;
 
         $id = "363c60de-9024-4915-99a9-88d63167665e";
 
@@ -224,7 +224,7 @@ public function is_expired_returns_false_if_the_timestamp_is_within_the_toleranc
      */
     public function is_expired_returns_true_if_the_timestamp_is_outside_the_tolerance_window()
     {
-        $tolerance = 60;
+        $tolerance = 1000;
 
         $id = "363c60de-9024-4915-99a9-88d63167665e";
 
@@ -240,7 +240,7 @@ public function is_expired_returns_true_if_the_timestamp_is_outside_the_toleranc
      */
     public function is_expired_returns_false_if_the_timestamp_is_in_the_future_but_within_the_tolerance()
     {
-        $tolerance = 60;
+        $tolerance = 10000;
 
         $id = "363c60de-9024-4915-99a9-88d63167665e";
 
@@ -256,7 +256,7 @@ public function is_expired_returns_false_if_the_timestamp_is_in_the_future_but_w
      */
     public function is_expired_returns_if_the_timestamp_is_in_the_future_outside_of_the_tolerance()
     {
-        $tolerance = 60;
+        $tolerance = 100000;
 
         $id = "363c60de-9024-4915-99a9-88d63167665e";
 

Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,7 @@ public function isExpired(int $tolerance) : bool`
`189`	`189`	`$issuedAt =`
`190`	`190`	`Carbon::parse($this->headers->get('X-SIGNED-TIMESTAMP', '1901-01-01 12:00:00'));`
`191`	`191`
`192`		`- return Carbon::now()->diffInSeconds($issuedAt) > 60;`
	`192`	`+ return Carbon::now()->diffInSeconds($issuedAt) > $tolerance;`
`193`	`193`	`}`
`194`	`194`
`195`	`195`	`/**`