core: don't rotate non-api tokens

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 19:16:50 +01:00 · 2021-12-16 19:16:50 +01:00 · 14c159500d
parent 03da87991f
commit 14c159500d
2 changed files with 11 additions and 1 deletions
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -456,6 +456,14 @@ class Token(ManagedModel, ExpiringModel):
        """Handler which is called when this object is expired."""
        from authentik.events.models import Event, EventAction

+        if self.intent in [
+            TokenIntents.INTENT_RECOVERY,
+            TokenIntents.INTENT_VERIFICATION,
+            TokenIntents.INTENT_APP_PASSWORD,
+        ]:
+            super().expire_action(*args, **kwargs)
+            return
+
        self.key = default_token_key()
        self.expires = default_token_duration()
        self.save(*args, **kwargs)
--- a/authentik/core/tests/test_token_api.py
+++ b/authentik/core/tests/test_token_api.py
@ -54,7 +54,9 @@ class TestTokenAPI(APITestCase):

    def test_token_expire(self):
        """Test Token expire task"""
-        token: Token = Token.objects.create(expires=now(), user=get_anonymous_user())
+        token: Token = Token.objects.create(
+            expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
+        )
        key = token.key
        clean_expired_models.delay().get()
        token.refresh_from_db()