aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authentication/oauth2
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-06-03 16:09:07 -0500
committerFrederick Muriuki Muriithi2024-06-03 16:09:07 -0500
commitcac3db95a11723f25f211b9349023676adf3fe29 (patch)
tree54805cf404c9e0d11341b88752a5ad240756e0ef /gn_auth/auth/authentication/oauth2
parent7e3012af451778d2d63452590f8a6f137ff4a808 (diff)
downloadgn-auth-cac3db95a11723f25f211b9349023676adf3fe29.tar.gz
Raise explicit error messages for more graceful handling.enable-sending-emails
Diffstat (limited to 'gn_auth/auth/authentication/oauth2')
-rw-r--r--gn_auth/auth/authentication/oauth2/models/jwtrefreshtoken.py18
1 files changed, 11 insertions, 7 deletions
diff --git a/gn_auth/auth/authentication/oauth2/models/jwtrefreshtoken.py b/gn_auth/auth/authentication/oauth2/models/jwtrefreshtoken.py
index dba1563..31c9147 100644
--- a/gn_auth/auth/authentication/oauth2/models/jwtrefreshtoken.py
+++ b/gn_auth/auth/authentication/oauth2/models/jwtrefreshtoken.py
@@ -16,6 +16,7 @@ from pymonad.maybe import Just, Maybe, Nothing
from pymonad.tools import monad_from_none_or_value
from gn_auth.auth.db import sqlite3 as db
+from gn_auth.auth.errors import ForbiddenAccess
from gn_auth.auth.authentication.users import User, user_by_id
from gn_auth.auth.authentication.oauth2.models.oauth2client import (
@@ -166,10 +167,13 @@ def link_child_token(conn: db.DbConnection, parenttoken: str, childtoken: str):
def is_refresh_token_valid(token: JWTRefreshToken, client: OAuth2Client) -> bool:
"""Check whether a token is valid."""
- return (
- (token.client.client_id == client.client_id)
- and
- (not token.is_expired())
- and
- (not token.revoked)
- )
+ if not token.client.client_id == client.client_id:
+ raise ForbiddenAccess("Token does not belong to client.")
+
+ if token.is_expired():
+ raise ForbiddenAccess("Token is expired.")
+
+ if token.revoked:
+ raise ForbiddenAccess("Token has previously been revoked.")
+
+ return True