lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2019-03-03T08:23:08Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1662id_token validity not correctly evaluated2019-03-03T08:23:08Zdcoutadeur dcoutadeurid_token validity not correctly evaluatedHi,
id_token validity not correctly evaluated:
in `Portal/Lib/OpenIDConnect.pm`
before:
```
sub checkIDTokenValidity {
[...]
my $auth_time = $id_token->{auth_time};
if ($max_age) {
unless ($auth_time) {
$s...Hi,
id_token validity not correctly evaluated:
in `Portal/Lib/OpenIDConnect.pm`
before:
```
sub checkIDTokenValidity {
[...]
my $auth_time = $id_token->{auth_time};
if ($max_age) {
unless ($auth_time) {
$self->logger->error("Auth time was not returned by OP $op");
return 0;
}
if ( $auth_time + $max_age > time ) {
```
after:
```
sub checkIDTokenValidity {
[...]
my $auth_time = $id_token->{auth_time};
if ($max_age) {
unless ($auth_time) {
$self->logger->error("Auth time was not returned by OP $op");
return 0;
}
if ( time > $auth_time + $max_age ) {
```
Explanation: the current time should be before the max_time (max_time = $auth_time + $max_age)
The test above is the error case, so we should test the contrary.1.9.19dcoutadeur dcoutadeurdcoutadeur dcoutadeur