core: don't rotate non-api tokens

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-16 19:16:50 +01:00
parent 03da87991f
commit 14c159500d
2 changed files with 11 additions and 1 deletions

View file

@ -456,6 +456,14 @@ class Token(ManagedModel, ExpiringModel):
"""Handler which is called when this object is expired."""
from authentik.events.models import Event, EventAction
if self.intent in [
TokenIntents.INTENT_RECOVERY,
TokenIntents.INTENT_VERIFICATION,
TokenIntents.INTENT_APP_PASSWORD,
]:
super().expire_action(*args, **kwargs)
return
self.key = default_token_key()
self.expires = default_token_duration()
self.save(*args, **kwargs)

View file

@ -54,7 +54,9 @@ class TestTokenAPI(APITestCase):
def test_token_expire(self):
"""Test Token expire task"""
token: Token = Token.objects.create(expires=now(), user=get_anonymous_user())
token: Token = Token.objects.create(
expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
)
key = token.key
clean_expired_models.delay().get()
token.refresh_from_db()