diff options
Diffstat (limited to 'src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs')
-rw-r--r-- | src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs b/src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs index 05e0f13..98b93ff 100644 --- a/src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs +++ b/src/DotNetOAuth/Messaging/Bindings/NonceMemoryStore.cs @@ -56,6 +56,12 @@ namespace DotNetOAuth.Messaging.Bindings { /// <see cref="StandardExpirationBindingElement.MaximumMessageAge"/> property.
/// </remarks>
public bool StoreNonce(string nonce, DateTime timestamp) {
+ if (timestamp.ToUniversalTime() + this.maximumMessageAge < DateTime.UtcNow) {
+ // The expiration binding element should have taken care of this, but perhaps
+ // it's at the boundary case. We should fail just to be safe.
+ return false;
+ }
+
// TODO: implement actual nonce checking.
Logger.Warn("Nonce checking not implemented yet.");
return true;
|