core: don't rotate non-api tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
03da87991f
commit
14c159500d
|
|
@ -456,6 +456,14 @@ class Token(ManagedModel, ExpiringModel):
|
||||||
"""Handler which is called when this object is expired."""
|
"""Handler which is called when this object is expired."""
|
||||||
from authentik.events.models import Event, EventAction
|
from authentik.events.models import Event, EventAction
|
||||||
|
|
||||||
|
if self.intent in [
|
||||||
|
TokenIntents.INTENT_RECOVERY,
|
||||||
|
TokenIntents.INTENT_VERIFICATION,
|
||||||
|
TokenIntents.INTENT_APP_PASSWORD,
|
||||||
|
]:
|
||||||
|
super().expire_action(*args, **kwargs)
|
||||||
|
return
|
||||||
|
|
||||||
self.key = default_token_key()
|
self.key = default_token_key()
|
||||||
self.expires = default_token_duration()
|
self.expires = default_token_duration()
|
||||||
self.save(*args, **kwargs)
|
self.save(*args, **kwargs)
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,9 @@ class TestTokenAPI(APITestCase):
|
||||||
|
|
||||||
def test_token_expire(self):
|
def test_token_expire(self):
|
||||||
"""Test Token expire task"""
|
"""Test Token expire task"""
|
||||||
token: Token = Token.objects.create(expires=now(), user=get_anonymous_user())
|
token: Token = Token.objects.create(
|
||||||
|
expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
|
||||||
|
)
|
||||||
key = token.key
|
key = token.key
|
||||||
clean_expired_models.delay().get()
|
clean_expired_models.delay().get()
|
||||||
token.refresh_from_db()
|
token.refresh_from_db()
|
||||||
|
|
|
||||||
Reference in a new issue