wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 983256 - Change the client generated expiration time in FxA assertions to be 'forever'. r=jedp

Browse Source
This commit is contained in:
Chris Karlof 2014-03-14 14:50:19 -07:00
parent 771132da31
commit eab2e0d39d
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/fxaccounts/FxAccounts.jsm
View File

@ -398,7 +398,7 @@ FxAccountsInternal.prototype = {
getAssertion: function getAssertion(audience) {
log.debug("enter getAssertion()");
let currentState = this.currentAccountState;
let mustBeValidUntil = this.now() + ASSERTION_LIFETIME;
let mustBeValidUntil = this.now() + ASSERTION_USE_PERIOD;
return currentState.getUserAccountData().then(data => {
if (!data) {
// No signed-in user
@ -540,6 +540,7 @@ FxAccountsInternal.prototype = {
let payload = {};
let d = Promise.defer();
let options = {
duration: ASSERTION_LIFETIME,
localtimeOffsetMsec: this.localtimeOffsetMsec,
now: this.now()
};

9
services/fxaccounts/FxAccountsCommon.js
View File

@ -33,7 +33,14 @@ this.DATA_FORMAT_VERSION = 1;
this.DEFAULT_STORAGE_FILENAME = "signedInUser.json";
// Token life times.
this.ASSERTION_LIFETIME = 1000 * 60 * 5; // 5 minutes
// Having this parameter be short has limited security value and can cause
// spurious authentication values if the client's clock is skewed and
// we fail to adjust. See Bug 983256.
this.ASSERTION_LIFETIME = 1000 * 3600 * 24 * 365 * 25; // 25 years
// This is a time period we want to guarantee that the assertion will be
// valid after we generate it (e.g., the signed cert won't expire in this
// period).
this.ASSERTION_USE_PERIOD = 1000 * 60 * 5; // 5 minutes
this.CERT_LIFETIME = 1000 * 3600 * 6; // 6 hours
this.KEY_LIFETIME = 1000 * 3600 * 12; // 12 hours

8
services/fxaccounts/tests/xpcshell/test_accounts.js
View File

@ -418,7 +418,7 @@ add_task(function test_getAssertion() {
_("delta: " + Date.parse(payload.exp - start) + "\n");
let exp = Number(payload.exp);
do_check_eq(exp, now + TWO_MINUTES_MS);
do_check_eq(exp, now + ASSERTION_LIFETIME);
// Reset for next call.
fxa.internal._d_signCertificate = Promise.defer();
@ -430,7 +430,7 @@ add_task(function test_getAssertion() {
// There were no additional calls - same number of getcert calls as before
do_check_eq(fxa.internal._getCertificateSigned_calls.length, 1);
// Wait an hour; assertion expires, but not the certificate
// Wait an hour; assertion use period expires, but not the certificate
now += ONE_HOUR_MS;
fxa.internal._now_is = now;
@ -456,7 +456,7 @@ add_task(function test_getAssertion() {
do_check_eq(keyPair.validUntil, start + KEY_LIFETIME);
do_check_eq(cert.validUntil, start + CERT_LIFETIME);
exp = Number(payload.exp);
do_check_eq(exp, now + TWO_MINUTES_MS);
do_check_eq(exp, now + ASSERTION_LIFETIME);
// Now we wait even longer, and expect both assertion and cert to expire. So
// we will have to get a new keypair and cert.
@ -479,7 +479,7 @@ add_task(function test_getAssertion() {
do_check_eq(cert.validUntil, now + CERT_LIFETIME);
exp = Number(payload.exp);
do_check_eq(exp, now + TWO_MINUTES_MS);
do_check_eq(exp, now + ASSERTION_LIFETIME);
_("----- DONE ----\n");
});