add a check on created date in the future

erivello · weaverryan · commit 9cfd1637bd0f · 2013-02-24T16:12:27.000-08:00
diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
@@ -219,6 +219,11 @@ the ``PasswordDigest`` header value matches with the user's password.
 
         protected function validateDigest($digest, $nonce, $created, $secret)
         {
+            // Check created time is not in the future
+            if (strtotime($created) > time()) {
+                return false;
+            }
+
             // Expire timestamp after 5 minutes
             if (time() - strtotime($created) > 300) {
                 return false;
