From 040324e8ab247f87cb160f6f8371ba0e8f4c1943 Mon Sep 17 00:00:00 2001
From: kobim <kobi.m@claroty.com>
Date: Mon, 31 Jan 2022 14:42:00 +0200
Subject: [PATCH] unify all time handlings to use utc naive

---
 jwthenticator/client.py      |  2 +-
 jwthenticator/keys.py        |  2 +-
 jwthenticator/models.py      |  4 ++--
 jwthenticator/schemas.py     |  6 +++---
 jwthenticator/tests/utils.py |  2 +-
 jwthenticator/tokens.py      | 10 +++++-----
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/jwthenticator/client.py b/jwthenticator/client.py
index 04414f0..8b08d5a 100644
--- a/jwthenticator/client.py
+++ b/jwthenticator/client.py
@@ -82,7 +82,7 @@ def jwt(self, value: str) -> None:
     def is_jwt_expired(self) -> bool:
         if self._jwt_exp is None:
             return True
-        return datetime.now().timestamp() >= self._jwt_exp
+        return datetime.utcnow().timestamp() >= self._jwt_exp
 
     @property
     def refresh_token(self) -> Optional[str]:
diff --git a/jwthenticator/keys.py b/jwthenticator/keys.py
index 47d9c59..6ae11b3 100644
--- a/jwthenticator/keys.py
+++ b/jwthenticator/keys.py
@@ -31,7 +31,7 @@ async def create_key(self, key: str, identifier: UUID, expires_at: Optional[date
         :return: Returns True if successfull, raises exception otherwise.
         """
         if expires_at is None:
-            expires_at = datetime.now() + timedelta(seconds=KEY_EXPIRY)
+            expires_at = datetime.utcnow() + timedelta(seconds=KEY_EXPIRY)
         key_hash = sha512(key.encode()).hexdigest()
 
         # If key already exists, update expiry date.
diff --git a/jwthenticator/models.py b/jwthenticator/models.py
index 2c46e0b..756303a 100644
--- a/jwthenticator/models.py
+++ b/jwthenticator/models.py
@@ -21,7 +21,7 @@
 class KeyInfo(Base):
     __tablename__ = "keys"
     id = Column(Integer, primary_key=True, autoincrement=True)
-    created = Column(DateTime, default=datetime.now)
+    created = Column(DateTime, default=datetime.utcnow())
     expires_at = Column(DateTime)
     key_hash = Column(String(256), unique=True)
     identifier = Column(UUIDType(binary=False), nullable=False)
@@ -30,7 +30,7 @@ class KeyInfo(Base):
 class RefreshTokenInfo(Base):
     __tablename__ = "refresh_tokens"
     id = Column(Integer, primary_key=True, autoincrement=True)
-    created = Column(DateTime, default=datetime.now)
+    created = Column(DateTime, default=datetime.utcnow())
     expires_at = Column(DateTime)
     token = Column(String(512))
     key_id = Column(Integer, ForeignKey("keys.id"))
diff --git a/jwthenticator/schemas.py b/jwthenticator/schemas.py
index f8e24c2..f9622d8 100644
--- a/jwthenticator/schemas.py
+++ b/jwthenticator/schemas.py
@@ -40,7 +40,7 @@ class KeyData:
     key: Optional[str] = field(default=None, repr=False, metadata=dict(load_only=True))
 
     async def is_valid(self) -> bool:
-        return self.expires_at > datetime.now()
+        return self.expires_at > datetime.utcnow()
 
 
 @dataclass
@@ -53,7 +53,7 @@ class RefreshTokenData:
     key_id: int
 
     async def is_valid(self) -> bool:
-        return self.expires_at > datetime.now()
+        return self.expires_at > datetime.utcnow()
 
 
 # Skipping None values on dump since 'aud' is optional and can't be None/empty
@@ -68,7 +68,7 @@ class JWTPayloadData:
     aud: Optional[List[str]] = None   # JWT Audience
 
     async def is_valid(self) -> bool:
-        return self.exp > datetime.now().timestamp()
+        return self.exp > datetime.utcnow().timestamp()
 
 
 # Request dataclasses
diff --git a/jwthenticator/tests/utils.py b/jwthenticator/tests/utils.py
index 3ffcfd8..08b3433 100644
--- a/jwthenticator/tests/utils.py
+++ b/jwthenticator/tests/utils.py
@@ -32,7 +32,7 @@ async def hash_key(key: str) -> str:
 
 
 async def future_datetime(seconds: int = 0) -> datetime:
-    return datetime.now() + timedelta(seconds=seconds)
+    return datetime.utcnow() + timedelta(seconds=seconds)
 
 
 def backup_environment(func):  # type: ignore
diff --git a/jwthenticator/tokens.py b/jwthenticator/tokens.py
index 124b02f..e108145 100644
--- a/jwthenticator/tokens.py
+++ b/jwthenticator/tokens.py
@@ -50,12 +50,12 @@ async def create_access_token(self, identifier: UUID) -> str:
         """
         if self.private_key is None:
             raise Exception("Private key required for JWT token creation")
-        now = datetime.now()
+        utc_now = datetime.utcnow()
         payload = JWTPayloadData(
             token_id=uuid4(),
             identifier=identifier,
-            iat=int(now.timestamp()),
-            exp=int((now + timedelta(seconds=self.jwt_lease_time)).timestamp()),
+            iat=int(utc_now.timestamp()),
+            exp=int((utc_now + timedelta(seconds=self.jwt_lease_time)).timestamp()),
             aud=self.jwt_audience
         )
         encoded_payload = self.jwt_payload_data_schema.dump(payload)
@@ -82,8 +82,8 @@ async def create_refresh_token(self, key_id: int, expires_at: Optional[datetime]
         :return: The refresh token created.
         """
         if expires_at is None:
-            expires_at = expires_at = datetime.now() + timedelta(seconds=REFRESH_TOKEN_EXPIRY)
-        if expires_at <= datetime.now():
+            expires_at = expires_at = datetime.utcnow() + timedelta(seconds=REFRESH_TOKEN_EXPIRY)
+        if expires_at <= datetime.utcnow():
             raise Exception("Refresh token can't be created in the past")
 
         refresh_token_str = sha512(uuid4().bytes).hexdigest()