Clock synchronization #5
Description
I've been using this component for over a year without any issue until today. Today I ran into an issue where the server was out-of-sync with the UTC clock by 10 seconds -- 10 seconds behind. This created an issue of failures because the token provided by the user was the next token as far as the component was concerned. I corrected this by adjusting the verifyGoogleToken function:
/**
* Verifies the submitted value from the user against the user secret, with optional grace for the last few
* token values
*
* @param base32secret the Base32 encoded shared secret key
* @param userValue the value that the user submitted
* @param grace the amount of previous tokens to allow (1 means allow the current, next, and last token value)
* @return a boolean whether the token was valid or not
*/
public boolean function verifyGoogleToken (required string base32Secret, required string userValue, numeric grace = 0)
{
var result = false;
for (var i = 0; i <= grace; i++)
{
result = result
or (getGoogleToken(base32Secret, -i) == userValue)
or (getGoogleToken(base32Secret, -i-120) == userValue) // DST switch-over adjustment - an hour ago
or (getGoogleToken(base32Secret, -i+120) == userValue); // DST switch-over adjustment - an hour from now
}
if(!result)
{
// check for next token in case of clocks not being synchronized to the exact UTC millisecond - only kicks in if grace>0
for (var i = 1; i <= grace; i++)
{
result = result
or (getGoogleToken(base32Secret, i) == userValue)
or (getGoogleToken(base32Secret, i-120) == userValue) // DST switch-over adjustment - an hour ago
or (getGoogleToken(base32Secret, i+120) == userValue); // DST switch-over adjustment - an hour from now
}
}
return result;
}