From: adam Date: Thu, 23 Sep 2004 07:04:06 +0000 (+0000) Subject: threaded current date through Confirmation for prevaylers use X-Git-Url: http://git.megacz.com/?a=commitdiff_plain;h=25f50e4019a17089cfd06ebae9fe949b6b8ff9d5;p=org.ibex.mail.git threaded current date through Confirmation for prevaylers use darcs-hash:20040923070406-5007d-7bc9dde1a193fc0b0748d98ebc32ddead0fa7b9b.gz --- diff --git a/src/org/ibex/mail/Confirmation.java b/src/org/ibex/mail/Confirmation.java index 9fa487f..c5e0022 100644 --- a/src/org/ibex/mail/Confirmation.java +++ b/src/org/ibex/mail/Confirmation.java @@ -83,14 +83,14 @@ public abstract class Confirmation implements Externalizable { } } - public void signAndSend(long secret) throws IOException, Message.Malformed { + public void signAndSend(long secret, Date now) throws IOException, Message.Malformed { SMTP.Outgoing.accept(new Message(new Stream("From: " + FROM + "\r\n" + "To: " + who.toString(true) + "\r\n" + "Subject: confirm " + getDescription() + "\r\n" + "\r\n" + "Please click the link below to " + getDescription() + "\r\n" + sign(secret)), - new Message.Envelope(FROM, who, new Date()) + new Message.Envelope(FROM, who, now) ) ); } @@ -112,14 +112,13 @@ public abstract class Confirmation implements Externalizable { return sb.toString(); } - public static Confirmation decode(String encoded, long secret) { + public static Confirmation decode(String encoded, long secret, Date now) { try { - // FIXME: not prevayler-safe! String payload = encoded.substring(0, encoded.indexOf('.')); ObjectInputStream ois = new ObjectInputStream(new InflaterInputStream(new Base64.InputStream(payload))); Confirmation cve = (Confirmation)ois.readObject(); if (!cve.sign(secret).equals(encoded)) throw new InvalidSignature(); - if (System.currentTimeMillis() > cve.expiration) throw new Expired(); + if (now.getTime() > cve.expiration) throw new Expired(); return cve; } catch (ClassNotFoundException e) { Log.error(Confirmation.class, e);