From 7163db9ce9b82483f5ef3470fd9f5749cfe830c6 Mon Sep 17 00:00:00 2001 From: Wolfgang Ludger Hottgenroth Date: Mon, 6 Sep 2021 18:19:39 +0200 Subject: [PATCH] used instead of valid, token expiry check --- auth.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/auth.py b/auth.py index 18187b7..22b3d52 100755 --- a/auth.py +++ b/auth.py @@ -297,19 +297,18 @@ def checkAndInvalidateRefreshToken(login, xid, xal): ' WHERE t.id = %s AND ' + ' t.salt = %s AND ' + ' t."user" = u.id AND ' + - ' u.login = %s AND ' + - ' t.valid = true', + ' u.login = %s', (xid, xal, login)) tokenObj = cur.fetchone() logger.debug("tokenObj: {}".format(tokenObj)) if not tokenObj: - raise NoValidTokenException() + raise NoTokenException() invObj = cur.fetchone() if invObj: raise ManyTokensException() with conn.cursor() as cur: - cur.execute('UPDATE token_t SET valid = false WHERE id = %s', + cur.execute('UPDATE token_t SET used = used + 1 WHERE id = %s', [ xid ]) except psycopg2.Error as err: raise Exception("Error when connecting to database: {}".format(err)) @@ -324,6 +323,8 @@ def refreshTokens(**args): refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY) logger.info(str(refreshTokenObj)) + # FIXME: token expiry check + checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"]) authToken = _makeSimpleToken(refreshTokenObj["xap"], refreshTokenObj["sub"], "", refresh=True) @@ -336,7 +337,7 @@ def refreshTokens(**args): logger.error("jwt.decode failed: {}".format(e)) raise werkzeug.exceptions.Unauthorized() except NoTokenException: - logger.error("no token created") + logger.error("no token created/found") raise werkzeug.exceptions.Unauthorized() except NoValidTokenException: logger.error("no valid token found")