fernet fix: ignore the timestamp entirely when no ttl is set

Previously if the token claimed to have been generated more than 60 seconds in the future we would raise InvalidToken even if ttl was set to None.
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-01-21 08:54:59 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-01-21 08:54:59 -0600
commit: a418e96e08537e77b86c7eff8975e0c76b251797 (patch)
tree: e358b7def421ef7c2414e13897f4b124934efa1d /src
parent: f0546c66551099b69a69b6d3db9b439aeb8bea08 (diff)
download: cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.tar.gz
cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.tar.bz2
cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/cryptography/fernet.py b/src/cryptography/fernet.py
index 6fbe9f27..99eb10e5 100644
--- a/src/cryptography/fernet.py
+++ b/src/cryptography/fernet.py
@@ -91,8 +91,10 @@ class Fernet(object):
         if ttl is not None:
             if timestamp + ttl < current_time:
                 raise InvalidToken
-        if current_time + _MAX_CLOCK_SKEW < timestamp:
-            raise InvalidToken
+
+            if current_time + _MAX_CLOCK_SKEW < timestamp:
+                raise InvalidToken
+
         h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
         h.update(data[:-32])
         try:
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-01-21 08:54:59 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-01-21 08:54:59 -0600
commit	a418e96e08537e77b86c7eff8975e0c76b251797 (patch)
tree	e358b7def421ef7c2414e13897f4b124934efa1d /src
parent	f0546c66551099b69a69b6d3db9b439aeb8bea08 (diff)
download	cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.tar.gz cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.tar.bz2 cryptography-a418e96e08537e77b86c7eff8975e0c76b251797.zip