fix: Simpler oauth token validity checks
The code is currently 1. Getting token expiry time (in system tz) 2. Adding system tz to make it tz aware 3. Converting it to UTC 4. Getting current UTC time and comparing. We can just get current system tz time and compare directly.
This commit is contained in:
Ankush Menat
parent
e8fe3b2166
commit
884e980526
1 changed files with 2 additions and 8 deletions
|
|
@ -11,7 +11,7 @@ from oauthlib.openid import RequestValidator
|
|||
|
||||
import frappe
|
||||
from frappe.auth import LoginManager
|
||||
from frappe.utils.data import get_system_timezone
|
||||
from frappe.utils.data import get_system_timezone, now_datetime
|
||||
|
||||
|
||||
class OAuthWebRequestValidator(RequestValidator):
|
||||
|
|
@ -240,13 +240,7 @@ class OAuthWebRequestValidator(RequestValidator):
|
|||
def validate_bearer_token(self, token, scopes, request):
|
||||
# Remember to check expiration and scope membership
|
||||
otoken = frappe.get_doc("OAuth Bearer Token", token)
|
||||
token_expiration_local = otoken.expiration_time.replace(
|
||||
tzinfo=pytz.timezone(get_system_timezone())
|
||||
)
|
||||
token_expiration_utc = token_expiration_local.astimezone(pytz.utc)
|
||||
is_token_valid = (
|
||||
datetime.datetime.now(pytz.UTC) < token_expiration_utc
|
||||
) and otoken.status != "Revoked"
|
||||
is_token_valid = (now_datetime() < otoken.expiration_time) and otoken.status != "Revoked"
|
||||
client_scopes = frappe.db.get_value("OAuth Client", otoken.client, "scopes").split(
|
||||
get_url_delimiter()
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue