This topic contains 4 replies, has 2 voices, and was last updated by stalxed 9 years, 4 months ago.
- Topic
We are developing a client application for the OroPlatform have found a bug.
But! It can not be called a bug. But a few hours we spent in search of a problem.
We use Oro Platfrom + API Rest + WSSE authentication. All this – the standard components.Problem in this component:
https://github.com/escapestudios/EscapeWSSEAuthenticationBundle/blob/master/Security/Core/Authentication/Provider/Provider.php
With this code:1234567891011//check whether timestamp is not in the futureif($this->isTokenFromFuture($created)){throw new BadCredentialsException('Future token detected.');}//expire timestamp after specified lifetimeif(strtotime($this->getCurrentTime()) - strtotime($created) > $this->lifetime){throw new CredentialsExpiredException('Token has expired.');}This means that the time should be perfectly synchronized!
What could be the problem.
I think now how to expand and improve this check(remove the time dependence).
Or if no time,выпилить её на***I just comment out the code above.What do you – you decide, but be careful!
The forum ‘OroPlatform – Installation/Technical Issues or Problems’ is closed to new topics and replies.