From: Stas Kravets <skravets@internal-rfc1918.hn.nnov.stream.ru>
Date: Wed, 19 Jan 2011 14:01:00 +0000 (+0300)
Subject: Added expiration time check for VKontakte.
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=aef5b159b270f8e43be5325302d1f7d4d4022743;p=django-social-auth.git

Added expiration time check for VKontakte.
---

diff --git a/social_auth/backends/contrib/vkontakte.py b/social_auth/backends/contrib/vkontakte.py
index f38158d..ee830df 100644
--- a/social_auth/backends/contrib/vkontakte.py
+++ b/social_auth/backends/contrib/vkontakte.py
@@ -9,6 +9,7 @@ from django.conf import settings
 from django.contrib.auth import authenticate
 from urllib import unquote
 from hashlib import md5
+from time import time
 
 from social_auth.backends import SocialAuthBackend, BaseAuth, USERNAME
 
@@ -60,7 +61,7 @@ class VKontakteAuth(BaseAuth):
         
         hash = md5(check_str + settings.VKONTAKTE_APP_SECRET).hexdigest()
         
-        if hash != cookie_dict['sig']:
+        if hash != cookie_dict['sig'] or int(cookie_dict['expire']) < time() :
             raise ValueError('VKontakte authentication failed: invalid hash')       
         else:
             kwargs.update({'response': self.request, self.AUTH_BACKEND.name: True})