X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dbe165bbb3d6eda37d9579f1ac767599f9055607..7e925c3c00cc5944fc743faf9d1509fcd30df55d:/app/models/oauth_nonce.rb?ds=sidebyside diff --git a/app/models/oauth_nonce.rb b/app/models/oauth_nonce.rb index 4d615dd5d..5f0920a96 100644 --- a/app/models/oauth_nonce.rb +++ b/app/models/oauth_nonce.rb @@ -1,13 +1,31 @@ +# == Schema Information +# +# Table name: oauth_nonces +# +# id :integer not null, primary key +# nonce :string +# timestamp :integer +# created_at :datetime +# updated_at :datetime +# +# Indexes +# +# index_oauth_nonces_on_nonce_and_timestamp (nonce,timestamp) UNIQUE +# + # Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique. # Thus you can use the same nonce with a different timestamp and viceversa. -class OauthNonce < ActiveRecord::Base +class OauthNonce < ApplicationRecord validates :timestamp, :presence => true validates :nonce, :presence => true, :uniqueness => { :scope => :timestamp } # Remembers a nonce and it's associated timestamp. It returns false if it has already been used def self.remember(nonce, timestamp) - oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp) + return false if Time.now.to_i - timestamp.to_i > 86400 + + oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp.to_i) return false if oauth_nonce.new_record? + oauth_nonce end end