refresh token expiry check
This commit is contained in:
parent
7163db9ce9
commit
e29ce48971
9
auth.py
9
auth.py
@ -38,6 +38,9 @@ except KeyError:
|
||||
class NoUserException(Exception):
|
||||
pass
|
||||
|
||||
class RefreshTokenExpiredException(Exception):
|
||||
pass
|
||||
|
||||
class NoTokenException(Exception):
|
||||
pass
|
||||
|
||||
@ -323,7 +326,8 @@ def refreshTokens(**args):
|
||||
refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY)
|
||||
logger.info(str(refreshTokenObj))
|
||||
|
||||
# FIXME: token expiry check
|
||||
if refreshTokenObj["exp"] < int(time.time()):
|
||||
throw RefreshTokenExpiredException()
|
||||
|
||||
checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"])
|
||||
|
||||
@ -336,6 +340,9 @@ def refreshTokens(**args):
|
||||
except JWTError as e:
|
||||
logger.error("jwt.decode failed: {}".format(e))
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except RefreshTokenExpiredException:
|
||||
logger.error("refresh token expired")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except NoTokenException:
|
||||
logger.error("no token created/found")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
|
Loading…
x
Reference in New Issue
Block a user