diff --git a/auth.py b/auth.py index 22b3d52..ab4c594 100755 --- a/auth.py +++ b/auth.py @@ -38,6 +38,9 @@ except KeyError: class NoUserException(Exception): pass +class RefreshTokenExpiredException(Exception): + pass + class NoTokenException(Exception): pass @@ -323,7 +326,8 @@ def refreshTokens(**args): refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY) logger.info(str(refreshTokenObj)) - # FIXME: token expiry check + if refreshTokenObj["exp"] < int(time.time()): + throw RefreshTokenExpiredException() checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"]) @@ -336,6 +340,9 @@ def refreshTokens(**args): except JWTError as e: logger.error("jwt.decode failed: {}".format(e)) raise werkzeug.exceptions.Unauthorized() + except RefreshTokenExpiredException: + logger.error("refresh token expired") + raise werkzeug.exceptions.Unauthorized() except NoTokenException: logger.error("no token created/found") raise werkzeug.exceptions.Unauthorized()