providers/oauth2: make exp optional on jwt client_credentials flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-10 17:02:25 +02:00
parent f8f8a9bbb9
commit f977bf61eb
2 changed files with 9 additions and 6 deletions

View file

@ -60,6 +60,8 @@ def clean_temporary_users(self: MonitoredTask):
messages = []
deleted_users = 0
for user in User.objects.filter(**{f"attributes__{USER_ATTRIBUTE_GENERATED}": True}):
if USER_ATTRIBUTE_EXPIRES not in user.attributes:
continue
delta: timedelta = _now - datetime.fromtimestamp(
user.attributes.get(USER_ATTRIBUTE_EXPIRES)
)

View file

@ -280,11 +280,12 @@ class TokenParams:
if not token:
raise TokenError("invalid_grant")
exp = datetime.fromtimestamp(token["exp"])
# Non-timezone aware check since we assume `exp` is in UTC
if datetime.now() >= exp:
LOGGER.info("JWT token expired")
raise TokenError("invalid_grant")
if "exp" in token:
exp = datetime.fromtimestamp(token["exp"])
# Non-timezone aware check since we assume `exp` is in UTC
if datetime.now() >= exp:
LOGGER.info("JWT token expired")
raise TokenError("invalid_grant")
app = Application.objects.filter(provider=self.provider).first()
if not app or not app.provider:
@ -298,7 +299,7 @@ class TokenParams:
defaults={
"attributes": {
USER_ATTRIBUTE_GENERATED: True,
USER_ATTRIBUTE_EXPIRES: token["exp"],
USER_ATTRIBUTE_EXPIRES: token.get("exp"),
},
"last_login": now(),
"name": f"Autogenerated user from application {app.name} (client credentials JWT)",