From 6c3e8a6e6bb4a586b12543da4baafbe4daa20cf4 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 17 Jul 2024 11:39:33 -0500 Subject: Fix premature session expiration With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while. --- gn2/wqflask/oauth2/client.py | 7 +------ gn2/wqflask/oauth2/session.py | 7 ------- 2 files changed, 1 insertion(+), 13 deletions(-) (limited to 'gn2/wqflask/oauth2') diff --git a/gn2/wqflask/oauth2/client.py b/gn2/wqflask/oauth2/client.py index 876ecf6b..770777b5 100644 --- a/gn2/wqflask/oauth2/client.py +++ b/gn2/wqflask/oauth2/client.py @@ -31,12 +31,7 @@ def oauth2_clientsecret(): def user_logged_in(): """Check whether the user has logged in.""" suser = session.session_info()["user"] - if suser["logged_in"]: - if session.expired(): - session.clear_session_info() - return False - return suser["token"].is_right() - return False + return suser["logged_in"] and suser["token"].is_right() def oauth2_client(): diff --git a/gn2/wqflask/oauth2/session.py b/gn2/wqflask/oauth2/session.py index 2ef534e2..eec48a7f 100644 --- a/gn2/wqflask/oauth2/session.py +++ b/gn2/wqflask/oauth2/session.py @@ -64,13 +64,6 @@ def session_info() -> SessionInfo: "masquerading": None })) -def expired(): - the_session = session_info() - def __expired__(token): - return datetime.now() > datetime.fromtimestamp(token["expires_at"]) - return the_session["user"]["token"].either( - lambda left: False, - __expired__) def set_user_token(token: str) -> SessionInfo: """Set the user's token.""" -- cgit v1.2.3