providers/oauth2: make exp optional on jwt client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
f8f8a9bbb9
commit
f977bf61eb
|
@ -60,6 +60,8 @@ def clean_temporary_users(self: MonitoredTask):
|
|||
messages = []
|
||||
deleted_users = 0
|
||||
for user in User.objects.filter(**{f"attributes__{USER_ATTRIBUTE_GENERATED}": True}):
|
||||
if USER_ATTRIBUTE_EXPIRES not in user.attributes:
|
||||
continue
|
||||
delta: timedelta = _now - datetime.fromtimestamp(
|
||||
user.attributes.get(USER_ATTRIBUTE_EXPIRES)
|
||||
)
|
||||
|
|
|
@ -280,11 +280,12 @@ class TokenParams:
|
|||
if not token:
|
||||
raise TokenError("invalid_grant")
|
||||
|
||||
exp = datetime.fromtimestamp(token["exp"])
|
||||
# Non-timezone aware check since we assume `exp` is in UTC
|
||||
if datetime.now() >= exp:
|
||||
LOGGER.info("JWT token expired")
|
||||
raise TokenError("invalid_grant")
|
||||
if "exp" in token:
|
||||
exp = datetime.fromtimestamp(token["exp"])
|
||||
# Non-timezone aware check since we assume `exp` is in UTC
|
||||
if datetime.now() >= exp:
|
||||
LOGGER.info("JWT token expired")
|
||||
raise TokenError("invalid_grant")
|
||||
|
||||
app = Application.objects.filter(provider=self.provider).first()
|
||||
if not app or not app.provider:
|
||||
|
@ -298,7 +299,7 @@ class TokenParams:
|
|||
defaults={
|
||||
"attributes": {
|
||||
USER_ATTRIBUTE_GENERATED: True,
|
||||
USER_ATTRIBUTE_EXPIRES: token["exp"],
|
||||
USER_ATTRIBUTE_EXPIRES: token.get("exp"),
|
||||
},
|
||||
"last_login": now(),
|
||||
"name": f"Autogenerated user from application {app.name} (client credentials JWT)",
|
||||
|
|
Reference in a new issue