This patch is for revision 130491 of the 2.9.x maintenance branch. It may work against earlier or later versions, I don't know. I also don't know when the issue it resolves first appeared in the Samigo code.
The patch is for samigo-app. It resolves an issue with the SecureDeliveryService (SDS). The SDS is described in samigo-2.9.x/docs/locked_browser/README.txt. The patch fixes a bug associated with Timed Tests that was exposed whenever the Samigo code was changed to initialize the timer based on the original attempt creation date/time. The symptom is that the attempt timer is started even when access to the test is denied by the SDS. The fix is to add a secondary access check to the DeliveryListener's that prevents attempt creation or continuation if the SDS denies access to the test. This is similar to the way that the validation checks for password and IP address are performed in both places.
This patch also fixes a bug in DeliveryBean introduced whenever the Samigo attempt validation code was changed to position the timer stop check prior to the SDS access check, which prevented the timer from being stopped if access to the test was denied. The fix is to restore the SDS access check to a position prior to the time stop check, and to ensure that the timer stop check gets executed regardless of the outcome of the SDS access check.