OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

This topic contains 4 replies, has 2 voices, and was last updated by  stalxed 9 years, 3 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #35123

    stalxed
    Participant

    We are developing a client application for the OroPlatform have found a bug.
    But! It can not be called a bug. But a few hours we spent in search of a problem.
    We use Oro Platfrom + API Rest + WSSE authentication. All this – the standard components.

    Problem in this component:
    https://github.com/escapestudios/EscapeWSSEAuthenticationBundle/blob/master/Security/Core/Authentication/Provider/Provider.php
    With this code:

    This means that the time should be perfectly synchronized!

    What could be the problem.
    I think now how to expand and improve this check(remove the time dependence).
    Or if no time, выпилить её на*** I just comment out the code above.

    What do you – you decide, but be careful!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • #35124

    stalxed
    Participant

    Between the server and the client.

    #35125

    Alexandr Smaga
    Participant

    Hey @stalxed ! As a tip I can just recommend to rely on Date HTTP header… As far as I remember, It should always send valid server date even if it’s place behind proxy or smth like that.

    #35126

    stalxed
    Participant

    Yes. Server send HTTP header:

    But you have to offer the following algorithm:
    1) Send a request that has a single purpose to get the server time.
    2) Generate WSSE HTTP Headers.
    3) Send a request that really is needed.

    Perform all three points each request!
    The number of requests to double!

    Remember the time when the first request – is not a good idea. If it desynchronizes through several days of work the client.

    Update time after each request, but will have to implement own time applications, which is updated by taking the value of the server time. It’s also not easy.

    Good solutions no :(

    #35127

    stalxed
    Participant

    Pay special attention to these lines of code:

    Desynchronizes on 1 second becomes a problem – authentication fails.

Viewing 4 replies - 1 through 4 (of 4 total)

The forum ‘OroPlatform – Installation/Technical Issues or Problems’ is closed to new topics and replies.

Back to top