used instead of valid, token expiry check

This commit is contained in:
Wolfgang Hottgenroth 2021-09-06 18:19:39 +02:00
parent 629a85fc3e
commit 7163db9ce9
Signed by: wn
GPG Key ID: 6C1E5E531E0D5D7F

11
auth.py
View File

@ -297,19 +297,18 @@ def checkAndInvalidateRefreshToken(login, xid, xal):
' WHERE t.id = %s AND ' +
' t.salt = %s AND ' +
' t."user" = u.id AND ' +
' u.login = %s AND ' +
' t.valid = true',
' u.login = %s',
(xid, xal, login))
tokenObj = cur.fetchone()
logger.debug("tokenObj: {}".format(tokenObj))
if not tokenObj:
raise NoValidTokenException()
raise NoTokenException()
invObj = cur.fetchone()
if invObj:
raise ManyTokensException()
with conn.cursor() as cur:
cur.execute('UPDATE token_t SET valid = false WHERE id = %s',
cur.execute('UPDATE token_t SET used = used + 1 WHERE id = %s',
[ xid ])
except psycopg2.Error as err:
raise Exception("Error when connecting to database: {}".format(err))
@ -324,6 +323,8 @@ def refreshTokens(**args):
refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY)
logger.info(str(refreshTokenObj))
# FIXME: token expiry check
checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"])
authToken = _makeSimpleToken(refreshTokenObj["xap"], refreshTokenObj["sub"], "", refresh=True)
@ -336,7 +337,7 @@ def refreshTokens(**args):
logger.error("jwt.decode failed: {}".format(e))
raise werkzeug.exceptions.Unauthorized()
except NoTokenException:
logger.error("no token created")
logger.error("no token created/found")
raise werkzeug.exceptions.Unauthorized()
except NoValidTokenException:
logger.error("no valid token found")