From 36e7ccdb8406a693c07c2317bfaa65225c200d16 Mon Sep 17 00:00:00 2001
From: beawolf <mustafatulun@gmail.com>
Date: Mon, 5 Oct 2020 22:06:29 +0300
Subject: [PATCH] Fixed time tolerance calculation in case API server time is
 behind the client server time.

---
 .../Filters/HMACAuthenticationAttribute.cs                     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/HMACAuthentication.WebApi/Filters/HMACAuthenticationAttribute.cs b/HMACAuthentication.WebApi/Filters/HMACAuthenticationAttribute.cs
index 18c6da3..b581c0d 100644
--- a/HMACAuthentication.WebApi/Filters/HMACAuthenticationAttribute.cs
+++ b/HMACAuthentication.WebApi/Filters/HMACAuthenticationAttribute.cs
@@ -151,8 +151,9 @@ private bool isReplayRequest(string nonce, string requestTimeStamp)
 
             var serverTotalSeconds = Convert.ToUInt64(currentTs.TotalSeconds);
             var requestTotalSeconds = Convert.ToUInt64(requestTimeStamp);
+            ulong difference = serverTotalSeconds > requestTotalSeconds ? serverTotalSeconds - requestTotalSeconds : requestTotalSeconds - serverTotalSeconds;
 
-            if ((serverTotalSeconds - requestTotalSeconds) > requestMaxAgeInSeconds)
+            if (difference > requestMaxAgeInSeconds)
             {
                 return true;
             }