From 2406fc4efeade10fa9836cf43dbc720d128a3ca1 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <daniel.friesel@uos.de>
Date: Fri, 3 Mar 2023 15:05:43 +0100
Subject: token: do not expose full checkin timestamp

---
 lib/Travelynx/Controller/Traveling.pm | 4 ++--
 templates/_checked_in.html.ep         | 2 +-
 templates/journey.html.ep             | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index fcc95ed..8cf1722 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -471,7 +471,7 @@ sub status_token_ok {
 	$ts2 //= $ts2_ext;
 
 	if (    $eva == $status->{dep_eva}
-		and $ts == $status->{timestamp}->epoch
+		and $ts == $status->{timestamp}->epoch % 337
 		and $ts2 == $status->{sched_departure}->epoch )
 	{
 		return 1;
@@ -491,7 +491,7 @@ sub journey_token_ok {
 	$ts2 //= $ts2_ext;
 
 	if (    $eva == $journey->{from_eva}
-		and $ts == $journey->{checkin_ts}
+		and $ts == $journey->{checkin_ts} % 337
 		and $ts2 == $journey->{sched_dep_ts} )
 	{
 		return 1;
diff --git a/templates/_checked_in.html.ep b/templates/_checked_in.html.ep
index 8e1fd1d..0ead240 100644
--- a/templates/_checked_in.html.ep
+++ b/templates/_checked_in.html.ep
@@ -286,7 +286,7 @@
 						data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>"
 					% }
 					% elsif ($journey_visibility eq 'travelynx' or $journey_visibility eq 'unlisted') {
-						data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch %>"
+						data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch % 337 %>"
 					% }
 					>
 					<i class="material-icons left" aria-hidden="true">share</i> Teilen
diff --git a/templates/journey.html.ep b/templates/journey.html.ep
index ee5d008..6ed204f 100644
--- a/templates/journey.html.ep
+++ b/templates/journey.html.ep
@@ -250,7 +250,7 @@
 							data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>"
 						% }
 						% else {
-							data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} %>-<%= $journey->{sched_dep_ts} %>"
+							data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} % 337 %>-<%= $journey->{sched_dep_ts} %>"
 						% }
 						data-text="<%= stash('share_text') %>"
 						>
-- 
cgit v1.2.3