Fixed timezone offset when verifying jwt expiration

claroty · Sep 22, 2021 · 826e6d3 · 826e6d3
1 parent c6b77c3
commit 826e6d3
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 11 deletions.
diff --git a/jwthenticator/client.py b/jwthenticator/client.py
@@ -82,7 +82,7 @@ def jwt(self, value: str) -> None:
     def is_jwt_expired(self) -> bool:
         if self._jwt_exp is None:
             return True
-        return datetime.utcnow().timestamp() >= self._jwt_exp
+        return datetime.now().timestamp() >= self._jwt_exp
 
     @property
     def refresh_token(self) -> Optional[str]:

diff --git a/jwthenticator/keys.py b/jwthenticator/keys.py
@@ -31,7 +31,7 @@ async def create_key(self, key: str, identifier: UUID, expires_at: Optional[date
         :return: Returns True if successfull, raises exception otherwise.
         """
         if expires_at is None:
-            expires_at = datetime.utcnow() + timedelta(seconds=KEY_EXPIRY)
+            expires_at = datetime.now() + timedelta(seconds=KEY_EXPIRY)
         key_hash = sha512(key.encode()).hexdigest()
 
         # If key already exists, update expiry date.

diff --git a/jwthenticator/schemas.py b/jwthenticator/schemas.py
@@ -40,7 +40,7 @@ class KeyData:
     key: Optional[str] = field(default=None, repr=False, metadata=dict(load_only=True))
 
     async def is_valid(self) -> bool:
-        return self.expires_at > datetime.utcnow()
+        return self.expires_at > datetime.now()
 
 
 @dataclass
@@ -53,7 +53,7 @@ class RefreshTokenData:
     key_id: int
 
     async def is_valid(self) -> bool:
-        return self.expires_at > datetime.utcnow()
+        return self.expires_at > datetime.now()
 
 
 # Skipping None values on dump since 'aud' is optional and can't be None/empty
@@ -68,7 +68,7 @@ class JWTPayloadData:
     aud: Optional[List[str]] = None   # JWT Audience
 
     async def is_valid(self) -> bool:
-        return self.exp > datetime.utcnow().timestamp()
+        return self.exp > datetime.now().timestamp()
 
 
 # Request dataclasses

diff --git a/jwthenticator/tests/utils.py b/jwthenticator/tests/utils.py
@@ -32,7 +32,7 @@ async def hash_key(key: str) -> str:
 
 
 async def future_datetime(seconds: int = 0) -> datetime:
-    return datetime.utcnow() + timedelta(seconds=seconds)
+    return datetime.now() + timedelta(seconds=seconds)
 
 
 def backup_environment(func):  # type: ignore

diff --git a/jwthenticator/tokens.py b/jwthenticator/tokens.py
@@ -51,7 +51,7 @@ async def create_access_token(self, identifier: UUID) -> str:
         """
         if self.private_key is None:
             raise Exception("Private key required for JWT token creation")
-        now = datetime.utcnow()
+        now = datetime.now()
         payload = JWTPayloadData(
             token_id=uuid4(),
             identifier=identifier,
@@ -68,8 +68,6 @@ async def load_access_token(self, token_string: str) -> JWTPayloadData:
         """
         Load + parse an existing JWT token.
         Raises exception if the token is incorrectly signed.
-        Exp verification is disabled since it checks againt datetime.now(), and we want to
-            ignore the machine's timezone by using `datetime.utcnow()` everywhere.
         """
         if not token_string:
             raise MissingJWTError
@@ -85,8 +83,8 @@ async def create_refresh_token(self, key_id: int, expires_at: Optional[datetime]
         :return: The refresh token created.
         """
         if expires_at is None:
-            expires_at = expires_at = datetime.utcnow() + timedelta(seconds=REFRESH_TOKEN_EXPIRY)
-        if expires_at <= datetime.utcnow():
+            expires_at = expires_at = datetime.now() + timedelta(seconds=REFRESH_TOKEN_EXPIRY)
+        if expires_at <= datetime.now():
             raise Exception("Refresh token can't be created in the past")
 
         refresh_token_str = sha512(uuid4().bytes).hexdigest()