providers/oauth2: don't rely on expiry task for access codes and refresh tokens
closes #1911 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
d4ce0e8e41
commit
b6ff04694f
|
@ -95,6 +95,12 @@ class TokenParams:
|
||||||
self.refresh_token = RefreshToken.objects.get(
|
self.refresh_token = RefreshToken.objects.get(
|
||||||
refresh_token=raw_token, provider=self.provider
|
refresh_token=raw_token, provider=self.provider
|
||||||
)
|
)
|
||||||
|
if self.refresh_token.is_expired:
|
||||||
|
LOGGER.warning(
|
||||||
|
"Refresh token is expired",
|
||||||
|
token=raw_token,
|
||||||
|
)
|
||||||
|
raise TokenError("invalid_grant")
|
||||||
# https://tools.ietf.org/html/rfc6749#section-6
|
# https://tools.ietf.org/html/rfc6749#section-6
|
||||||
# Fallback to original token's scopes when none are given
|
# Fallback to original token's scopes when none are given
|
||||||
if not self.scope:
|
if not self.scope:
|
||||||
|
@ -138,6 +144,12 @@ class TokenParams:
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.authorization_code = AuthorizationCode.objects.get(code=raw_code)
|
self.authorization_code = AuthorizationCode.objects.get(code=raw_code)
|
||||||
|
if self.authorization_code.is_expired:
|
||||||
|
LOGGER.warning(
|
||||||
|
"Code is expired",
|
||||||
|
token=raw_code,
|
||||||
|
)
|
||||||
|
raise TokenError("invalid_grant")
|
||||||
except AuthorizationCode.DoesNotExist:
|
except AuthorizationCode.DoesNotExist:
|
||||||
LOGGER.warning("Code does not exist", code=raw_code)
|
LOGGER.warning("Code does not exist", code=raw_code)
|
||||||
raise TokenError("invalid_grant")
|
raise TokenError("invalid_grant")
|
||||||
|
|
Reference in a new issue