vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

[Fix] OAuth2 Token validation (#3694)

Browse source 
Convert token expiration time to utc and compare with utcnow
This commit is contained in:
Revant Nandgaonkar 2017-07-17 11:49:03 +05:30 committed by Rushabh Mehta
parent 983be1e506
commit 9fb5839f5c
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
frappe/oauth.py
View file

@ -1,5 +1,6 @@
from __future__ import print_function
import frappe, urllib
import pytz
from frappe import _
from urlparse import parse_qs, urlparse
@ -227,8 +228,10 @@ class OAuthWebRequestValidator(RequestValidator):
def validate_bearer_token(self, token, scopes, request):
# Remember to check expiration and scope membership
otoken = frappe.get_doc("OAuth Bearer Token", token) #{"access_token": str(token)})
is_token_valid = (frappe.utils.datetime.datetime.now() < otoken.expiration_time) \
otoken = frappe.get_doc("OAuth Bearer Token", token)
token_expiration_local = otoken.expiration_time.replace(tzinfo=pytz.timezone(frappe.utils.get_time_zone()))
token_expiration_utc = token_expiration_local.astimezone(pytz.utc)
is_token_valid = (frappe.utils.datetime.datetime.utcnow().replace(tzinfo=pytz.utc) < token_expiration_utc) \
and otoken.status != "Revoked"
client_scopes = frappe.db.get_value("OAuth Client", otoken.client, 'scopes').split(get_url_delimiter())
are_scopes_valid = True