diff options
author | Frederick Muriuki Muriithi | 2024-07-17 11:39:33 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-07-17 11:45:20 -0500 |
commit | 6c3e8a6e6bb4a586b12543da4baafbe4daa20cf4 (patch) | |
tree | ca00031d53e7b123343a8aff8a4fbab47f6a64e2 /gn2/wqflask | |
parent | 460feea9980664cc91926e5b3456a80dd9178703 (diff) | |
download | genenetwork2-6c3e8a6e6bb4a586b12543da4baafbe4daa20cf4.tar.gz |
Fix premature session expiration
With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
Diffstat (limited to 'gn2/wqflask')
-rw-r--r-- | gn2/wqflask/oauth2/client.py | 7 | ||||
-rw-r--r-- | gn2/wqflask/oauth2/session.py | 7 |
2 files changed, 1 insertions, 13 deletions
diff --git a/gn2/wqflask/oauth2/client.py b/gn2/wqflask/oauth2/client.py index 876ecf6b..770777b5 100644 --- a/gn2/wqflask/oauth2/client.py +++ b/gn2/wqflask/oauth2/client.py @@ -31,12 +31,7 @@ def oauth2_clientsecret(): def user_logged_in(): """Check whether the user has logged in.""" suser = session.session_info()["user"] - if suser["logged_in"]: - if session.expired(): - session.clear_session_info() - return False - return suser["token"].is_right() - return False + return suser["logged_in"] and suser["token"].is_right() def oauth2_client(): diff --git a/gn2/wqflask/oauth2/session.py b/gn2/wqflask/oauth2/session.py index 2ef534e2..eec48a7f 100644 --- a/gn2/wqflask/oauth2/session.py +++ b/gn2/wqflask/oauth2/session.py @@ -64,13 +64,6 @@ def session_info() -> SessionInfo: "masquerading": None })) -def expired(): - the_session = session_info() - def __expired__(token): - return datetime.now() > datetime.fromtimestamp(token["expires_at"]) - return the_session["user"]["token"].either( - lambda left: False, - __expired__) def set_user_token(token: str) -> SessionInfo: """Set the user's token.""" |