simplify nonce creation and extraction

* time() library supports leap seconds also
This commit is contained in:
chris meyers
2020-04-02 16:42:53 -04:00
parent 299497ea12
commit 79c5a62279

View File

@@ -1,6 +1,6 @@
import json import json
import logging import logging
import datetime import time
import hmac import hmac
import asyncio import asyncio
@@ -29,7 +29,7 @@ class WebsocketSecretAuthHelper:
@classmethod @classmethod
def construct_secret(cls): def construct_secret(cls):
nonce_serialized = "{}".format(int((datetime.datetime.utcnow() - datetime.datetime.fromtimestamp(0)).total_seconds())) nonce_serialized = f"{int(time.time())}"
payload_dict = { payload_dict = {
'secret': settings.BROADCAST_WEBSOCKET_SECRET, 'secret': settings.BROADCAST_WEBSOCKET_SECRET,
'nonce': nonce_serialized 'nonce': nonce_serialized
@@ -70,10 +70,12 @@ class WebsocketSecretAuthHelper:
raise ValueError("Invalid secret") raise ValueError("Invalid secret")
# Avoid timing attack and check the nonce after all the heavy lifting # Avoid timing attack and check the nonce after all the heavy lifting
now = datetime.datetime.utcnow() now = int(time.time())
nonce_parsed = datetime.datetime.fromtimestamp(int(nonce_parsed)) nonce_parsed = int(nonce_parsed)
if (now - nonce_parsed).total_seconds() > nonce_tolerance: nonce_diff = now - nonce_parsed
raise ValueError("Potential replay attack or machine(s) time out of sync.") if abs(nonce_diff) > nonce_tolerance:
logger.warn(f"Potential replay attack or machine(s) time out of sync by {nonce_diff} seconds.")
raise ValueError("Potential replay attack or machine(s) time out of sync by {nonce_diff} seconds.")
return True return True
@@ -94,7 +96,7 @@ class BroadcastConsumer(AsyncJsonWebsocketConsumer):
WebsocketSecretAuthHelper.is_authorized(self.scope) WebsocketSecretAuthHelper.is_authorized(self.scope)
except Exception: except Exception:
# TODO: log ip of connected client # TODO: log ip of connected client
logger.warn("Broadcast client failed to authorize.") logger.warn("Broadcast client failed to authorize for reason.")
await self.close() await self.close()
return return