From 25f50e4019a17089cfd06ebae9fe949b6b8ff9d5 Mon Sep 17 00:00:00 2001 From: adam Date: Thu, 23 Sep 2004 07:04:06 +0000 Subject: [PATCH] threaded current date through Confirmation for prevaylers use darcs-hash:20040923070406-5007d-7bc9dde1a193fc0b0748d98ebc32ddead0fa7b9b.gz --- src/org/ibex/mail/Confirmation.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/org/ibex/mail/Confirmation.java b/src/org/ibex/mail/Confirmation.java index 9fa487f..c5e0022 100644 --- a/src/org/ibex/mail/Confirmation.java +++ b/src/org/ibex/mail/Confirmation.java @@ -83,14 +83,14 @@ public abstract class Confirmation implements Externalizable { } } - public void signAndSend(long secret) throws IOException, Message.Malformed { + public void signAndSend(long secret, Date now) throws IOException, Message.Malformed { SMTP.Outgoing.accept(new Message(new Stream("From: " + FROM + "\r\n" + "To: " + who.toString(true) + "\r\n" + "Subject: confirm " + getDescription() + "\r\n" + "\r\n" + "Please click the link below to " + getDescription() + "\r\n" + sign(secret)), - new Message.Envelope(FROM, who, new Date()) + new Message.Envelope(FROM, who, now) ) ); } @@ -112,14 +112,13 @@ public abstract class Confirmation implements Externalizable { return sb.toString(); } - public static Confirmation decode(String encoded, long secret) { + public static Confirmation decode(String encoded, long secret, Date now) { try { - // FIXME: not prevayler-safe! String payload = encoded.substring(0, encoded.indexOf('.')); ObjectInputStream ois = new ObjectInputStream(new InflaterInputStream(new Base64.InputStream(payload))); Confirmation cve = (Confirmation)ois.readObject(); if (!cve.sign(secret).equals(encoded)) throw new InvalidSignature(); - if (System.currentTimeMillis() > cve.expiration) throw new Expired(); + if (now.getTime() > cve.expiration) throw new Expired(); return cve; } catch (ClassNotFoundException e) { Log.error(Confirmation.class, e); -- 1.7.10.4