diff options
author | vnugent <public@vaughnnugent.com> | 2023-01-14 16:32:04 -0500 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2023-01-14 16:32:04 -0500 |
commit | 1ce9119c2571b1e03f7e7b69fb3ef2e63ade97a6 (patch) | |
tree | 11ea3fafdc1f7e88319a3f3a174c2a89b69dbd48 /plugins/VNLib.Plugins.Essentials.Accounts/src/MFA | |
parent | 551066ed9a255bd47c1c5789ec1998fda64bd5aa (diff) |
AccountUtil + client token upgrade
Diffstat (limited to 'plugins/VNLib.Plugins.Essentials.Accounts/src/MFA')
-rw-r--r-- | plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs index 1ec9953..ee623e2 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs @@ -112,7 +112,7 @@ namespace VNLib.Plugins.Essentials.Accounts.MFA return false; } //Alloc buffer with zero o - using UnsafeMemoryHandle<byte> buffer = Memory.UnsafeAlloc<byte>(base32Secret.Length, true); + using UnsafeMemoryHandle<byte> buffer = MemoryUtil.UnsafeAlloc<byte>(base32Secret.Length, true); ERRNO count = VnEncoding.TryFromBase32Chars(base32Secret, buffer); //Verify the TOTP using the decrypted secret return count && VerifyTOTP(code, buffer.AsSpan(0, count), config); @@ -273,9 +273,11 @@ namespace VNLib.Plugins.Essentials.Accounts.MFA //Verifies a jwt stored signature against the actual signature static bool VerifyStoredSig(ReadOnlySpan<char> base64string, ReadOnlySpan<byte> signature) { - using UnsafeMemoryHandle<byte> buffer = Memory.UnsafeAlloc<byte>(base64string.Length, true); + using UnsafeMemoryHandle<byte> buffer = MemoryUtil.UnsafeAlloc<byte>(base64string.Length, true); + //Recover base64 ERRNO count = VnEncoding.TryFromBase64Chars(base64string, buffer.Span); + //Compare return CryptographicOperations.FixedTimeEquals(signature, buffer.Span[..(int)count]); } @@ -300,8 +302,10 @@ namespace VNLib.Plugins.Essentials.Accounts.MFA //get request body using JsonDocument doc = jwt.GetPayload(); + //Recover issued at time DateTimeOffset iat = DateTimeOffset.FromUnixTimeMilliseconds(doc.RootElement.GetProperty("iat").GetInt64()); + //Verify its not timed out if (iat.Add(config.UpgradeValidFor) < DateTimeOffset.UtcNow) { |