Take into account expiration for AuthCode and OauthToken
This commit is contained in:
parent
2693ba5838
commit
3a0f0ca780
|
@ -47,6 +47,11 @@ def token():
|
||||||
auth_code: AuthorizationCode = AuthorizationCode.filter_by(code=code).first()
|
auth_code: AuthorizationCode = AuthorizationCode.filter_by(code=code).first()
|
||||||
if not auth_code:
|
if not auth_code:
|
||||||
return jsonify(error=f"no such authorization code {code}"), 400
|
return jsonify(error=f"no such authorization code {code}"), 400
|
||||||
|
elif auth_code.is_expired():
|
||||||
|
AuthorizationCode.delete(auth_code.id)
|
||||||
|
db.session.commit()
|
||||||
|
LOG.d("delete expired authorization code:%s", auth_code)
|
||||||
|
return jsonify(error=f"{code} already expired"), 400
|
||||||
|
|
||||||
if auth_code.client_id != client.id:
|
if auth_code.client_id != client.id:
|
||||||
return jsonify(error=f"are you sure this code belongs to you?"), 400
|
return jsonify(error=f"are you sure this code belongs to you?"), 400
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
from flask import request, jsonify
|
from flask import request, jsonify
|
||||||
from flask_cors import cross_origin
|
from flask_cors import cross_origin
|
||||||
|
|
||||||
|
from app.extensions import db
|
||||||
|
from app.log import LOG
|
||||||
from app.models import OauthToken, ClientUser
|
from app.models import OauthToken, ClientUser
|
||||||
from app.oauth.base import oauth_bp
|
from app.oauth.base import oauth_bp
|
||||||
|
|
||||||
|
@ -22,6 +24,11 @@ def user_info():
|
||||||
oauth_token: OauthToken = OauthToken.get_by(access_token=access_token)
|
oauth_token: OauthToken = OauthToken.get_by(access_token=access_token)
|
||||||
if not oauth_token:
|
if not oauth_token:
|
||||||
return jsonify(error="Invalid access token"), 400
|
return jsonify(error="Invalid access token"), 400
|
||||||
|
elif oauth_token.is_expired():
|
||||||
|
LOG.d("delete oauth token %s", oauth_token)
|
||||||
|
OauthToken.delete(oauth_token.id)
|
||||||
|
db.session.commit()
|
||||||
|
return jsonify(error="Expired access token"), 400
|
||||||
|
|
||||||
client_user = ClientUser.get_or_create(
|
client_user = ClientUser.get_or_create(
|
||||||
client_id=oauth_token.client_id, user_id=oauth_token.user_id
|
client_id=oauth_token.client_id, user_id=oauth_token.user_id
|
||||||
|
|
Loading…
Reference in New Issue