removed panic on exp field with wrong unix timestamp (kilork#31)

transparencies · Nov 28, 2022 · 9e1c298 · 9e1c298
1 parent b9aa277
commit 9e1c298
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/src/error.rs b/src/error.rs
@@ -239,6 +239,8 @@ pub enum Expiry {
     Expires(::chrono::naive::NaiveDateTime),
     #[error("Token is too old: {0}")]
     MaxAge(::chrono::Duration),
+    #[error("Token exp is not valid UNIX timestamp: {0}")]
+    NotUnix(i64),
 }
 
 #[derive(Debug, Error)]

diff --git a/src/provider/microsoft.rs b/src/provider/microsoft.rs
@@ -37,6 +37,7 @@ pub async fn authenticate<C: CompactJson + Claims, P: Provider + Configurable>(
 /// - Validation::Mismatch::AuthorizedParty if the azp is not the client_id
 /// - Validation::Expired::Expires if the current time is past the expiration time
 /// - Validation::Expired::MaxAge is the token is older than the provided max_age
+/// - Validation::Expired::NotUnix if the expiration time is not valid UNIX timestamp
 /// - Validation::Missing::Authtime if a max_age was given and the token has no auth time
 pub fn validate_token<C: CompactJson + Claims, P: Provider + Configurable>(
     client: &Client<P, C>,

diff --git a/src/validation.rs b/src/validation.rs
@@ -67,10 +67,13 @@ pub fn validate_token_exp<C: Claims>(claims: &C, max_age: Option<&Duration>) ->
     if now.timestamp() < 1504758600 {
         panic!("chrono::Utc::now() can never be before this was written!")
     }
-    if claims.exp() <= now.timestamp() {
-        return Err(Validation::Expired(Expiry::Expires(
-            chrono::naive::NaiveDateTime::from_timestamp(claims.exp(), 0),
-        ))
+    let exp = claims.exp();
+    if exp <= now.timestamp() {
+        return Err(Validation::Expired(
+            chrono::naive::NaiveDateTime::from_timestamp_opt(exp, 0)
+                .map(Expiry::Expires)
+                .unwrap_or_else(|| Expiry::NotUnix(exp)),
+        )
         .into());
     }