ssossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

This topic contains 4 replies, has 2 voices, and was last updated by  stalxed 2 years, 3 months ago.

  • Creator
    Topic
  • #7444

    stalxed
    Participant

    We are developing a client application for the OroPlatform have found a bug.
    But! It can not be called a bug. But a few hours we spent in search of a problem.
    We use Oro Platfrom + API Rest + WSSE authentication. All this – the standard components.

    Problem in this component:
    https://github.com/escapestudios/EscapeWSSEAuthenticationBundle/blob/master/Security/Core/Authentication/Provider/Provider.php
    With this code:

    This means that the time should be perfectly synchronized!

    What could be the problem.
    I think now how to expand and improve this check(remove the time dependence).
    Or if no time, выпилить её на*** I just comment out the code above.

    What do you – you decide, but be careful!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • #7445

    stalxed
    Participant

    Between the server and the client.

    #7446

    Alexandr Smaga
    Participant

    Hey @stalxed ! As a tip I can just recommend to rely on Date HTTP header… As far as I remember, It should always send valid server date even if it’s place behind proxy or smth like that.

    #7448

    stalxed
    Participant

    Yes. Server send HTTP header:

    But you have to offer the following algorithm:
    1) Send a request that has a single purpose to get the server time.
    2) Generate WSSE HTTP Headers.
    3) Send a request that really is needed.

    Perform all three points each request!
    The number of requests to double!

    Remember the time when the first request – is not a good idea. If it desynchronizes through several days of work the client.

    Update time after each request, but will have to implement own time applications, which is updated by taking the value of the server time. It’s also not easy.

    Good solutions no 🙁

    #7449

    stalxed
    Participant

    Pay special attention to these lines of code:

    Desynchronizes on 1 second becomes a problem – authentication fails.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.