providers/oauth2: don't rely on expiry task for access codes and refresh tokens

closes #1911

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-18 17:42:41 +01:00
parent d4ce0e8e41
commit b6ff04694f
1 changed files with 12 additions and 0 deletions

View File

@ -95,6 +95,12 @@ class TokenParams:
self.refresh_token = RefreshToken.objects.get( self.refresh_token = RefreshToken.objects.get(
refresh_token=raw_token, provider=self.provider refresh_token=raw_token, provider=self.provider
) )
if self.refresh_token.is_expired:
LOGGER.warning(
"Refresh token is expired",
token=raw_token,
)
raise TokenError("invalid_grant")
# https://tools.ietf.org/html/rfc6749#section-6 # https://tools.ietf.org/html/rfc6749#section-6
# Fallback to original token's scopes when none are given # Fallback to original token's scopes when none are given
if not self.scope: if not self.scope:
@ -138,6 +144,12 @@ class TokenParams:
try: try:
self.authorization_code = AuthorizationCode.objects.get(code=raw_code) self.authorization_code = AuthorizationCode.objects.get(code=raw_code)
if self.authorization_code.is_expired:
LOGGER.warning(
"Code is expired",
token=raw_code,
)
raise TokenError("invalid_grant")
except AuthorizationCode.DoesNotExist: except AuthorizationCode.DoesNotExist:
LOGGER.warning("Code does not exist", code=raw_code) LOGGER.warning("Code does not exist", code=raw_code)
raise TokenError("invalid_grant") raise TokenError("invalid_grant")