only consider non expired tokens

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-05 20:05:08 +02:00 · 2023-10-05 20:05:08 +02:00 · 01cebcfcec
parent e176e11b82
commit 01cebcfcec
1 changed files with 1 additions and 1 deletions
--- a/authentik/stages/authenticator_mobile/api/auth.py
+++ b/authentik/stages/authenticator_mobile/api/auth.py
@ -18,7 +18,7 @@ class MobileDeviceTokenAuthentication(BaseAuthentication):
        """Token-based authentication using HTTP Bearer authentication"""
        auth = get_authorization_header(request)
        raw_token = validate_auth(auth)
-        device_token: MobileDeviceToken = MobileDeviceToken.objects.filter(token=raw_token).first()
+        device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired(token=raw_token).first()
        if not device_token:
            return None
        CTX_AUTH_VIA.set("mobile_token")