providers/oauth2: only set expiry on user when it was freshly created

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00 · 2022-05-25 23:02:33 +02:00 · 972868c15c
parent 0bc57f571b
commit 972868c15c
1 changed files with 18 additions and 12 deletions
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -302,18 +302,7 @@ class TokenParams:
            raise TokenError("invalid_grant")

        self.__check_policy_access(app, request, oauth_jwt=token)
-
-        self.user, _ = User.objects.update_or_create(
-            username=f"{self.provider.name}-{token.get('sub')}",
-            defaults={
-                "attributes": {
-                    USER_ATTRIBUTE_GENERATED: True,
-                    USER_ATTRIBUTE_EXPIRES: token.get("exp"),
-                },
-                "last_login": now(),
-                "name": f"Autogenerated user from application {app.name} (client credentials JWT)",
-            },
-        )
+        self.__create_user_from_jwt(token, app)

        Event.new(
            action=EventAction.LOGIN,
@ -324,6 +313,23 @@ class TokenParams:
            PLAN_CONTEXT_APPLICATION=app,
        ).from_http(request, user=self.user)

+    def __create_user_from_jwt(self, token: dict[str, Any], app: Application):
+        """Create user from JWT"""
+        exp = token.get("exp")
+        self.user, created = User.objects.update_or_create(
+            username=f"{self.provider.name}-{token.get('sub')}",
+            defaults={
+                "attributes": {
+                    USER_ATTRIBUTE_GENERATED: True,
+                },
+                "last_login": now(),
+                "name": f"Autogenerated user from application {app.name} (client credentials JWT)",
+            },
+        )
+        if created and exp:
+            self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp
+            self.user.save()
+

 class TokenView(View):
    """Generate tokens for clients"""