From bbb739d24a448c500dbc56c9cedf262d42c7f2f4 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Tue, 11 Jul 2017 14:31:36 +0100
Subject: Comment

---
 synapse/groups/attestations.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py
index 9ac09366d3..5ef7a12cb7 100644
--- a/synapse/groups/attestations.py
+++ b/synapse/groups/attestations.py
@@ -22,8 +22,10 @@ from synapse.util.logcontext import preserve_fn
 from signedjson.sign import sign_json
 
 
+# Default validity duration for new attestations we create
 DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
-MIN_ATTESTATION_LENGTH_MS = 1 * 60 * 60 * 1000
+
+# Start trying to update our attestations when they come this close to expiring
 UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000
 
 
@@ -58,11 +60,12 @@ class GroupAttestationSigning(object):
 
         if group_id != attestation["group_id"]:
             raise SynapseError(400, "Attestation has incorrect group_id")
-
-        # TODO:
         valid_until_ms = attestation["valid_until_ms"]
-        if valid_until_ms - self.clock.time_msec() < MIN_ATTESTATION_LENGTH_MS:
-            raise SynapseError(400, "Attestation not valid for long enough")
+
+        # TODO: We also want to check that *new* attestations that people give
+        # us to store are valid for at least a little while.
+        if valid_until_ms < self.clock.time_msec():
+            raise SynapseError(400, "Attestation expired")
 
         yield self.keyring.verify_json_for_server(server_name, attestation)
 
-- 
cgit 1.4.1