From 826e6d31a27d86ae8bd63c87b79831de8537d5b7 Mon Sep 17 00:00:00 2001 From: Tomer Shlomo Date: Wed, 22 Sep 2021 19:29:41 +0300 Subject: [PATCH] Fixed timezone offset when verifying jwt expiration --- jwthenticator/client.py | 2 +- jwthenticator/keys.py | 2 +- jwthenticator/schemas.py | 6 +++--- jwthenticator/tests/utils.py | 2 +- jwthenticator/tokens.py | 8 +++----- 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/jwthenticator/client.py b/jwthenticator/client.py index 8b08d5a..04414f0 100644 --- a/jwthenticator/client.py +++ b/jwthenticator/client.py @@ -82,7 +82,7 @@ def jwt(self, value: str) -> None: def is_jwt_expired(self) -> bool: if self._jwt_exp is None: return True - return datetime.utcnow().timestamp() >= self._jwt_exp + return datetime.now().timestamp() >= self._jwt_exp @property def refresh_token(self) -> Optional[str]: diff --git a/jwthenticator/keys.py b/jwthenticator/keys.py index 6ae11b3..47d9c59 100644 --- a/jwthenticator/keys.py +++ b/jwthenticator/keys.py @@ -31,7 +31,7 @@ async def create_key(self, key: str, identifier: UUID, expires_at: Optional[date :return: Returns True if successfull, raises exception otherwise. """ if expires_at is None: - expires_at = datetime.utcnow() + timedelta(seconds=KEY_EXPIRY) + expires_at = datetime.now() + timedelta(seconds=KEY_EXPIRY) key_hash = sha512(key.encode()).hexdigest() # If key already exists, update expiry date. diff --git a/jwthenticator/schemas.py b/jwthenticator/schemas.py index f9622d8..f8e24c2 100644 --- a/jwthenticator/schemas.py +++ b/jwthenticator/schemas.py @@ -40,7 +40,7 @@ class KeyData: key: Optional[str] = field(default=None, repr=False, metadata=dict(load_only=True)) async def is_valid(self) -> bool: - return self.expires_at > datetime.utcnow() + return self.expires_at > datetime.now() @dataclass @@ -53,7 +53,7 @@ class RefreshTokenData: key_id: int async def is_valid(self) -> bool: - return self.expires_at > datetime.utcnow() + return self.expires_at > datetime.now() # Skipping None values on dump since 'aud' is optional and can't be None/empty @@ -68,7 +68,7 @@ class JWTPayloadData: aud: Optional[List[str]] = None # JWT Audience async def is_valid(self) -> bool: - return self.exp > datetime.utcnow().timestamp() + return self.exp > datetime.now().timestamp() # Request dataclasses diff --git a/jwthenticator/tests/utils.py b/jwthenticator/tests/utils.py index 08b3433..3ffcfd8 100644 --- a/jwthenticator/tests/utils.py +++ b/jwthenticator/tests/utils.py @@ -32,7 +32,7 @@ async def hash_key(key: str) -> str: async def future_datetime(seconds: int = 0) -> datetime: - return datetime.utcnow() + timedelta(seconds=seconds) + return datetime.now() + timedelta(seconds=seconds) def backup_environment(func): # type: ignore diff --git a/jwthenticator/tokens.py b/jwthenticator/tokens.py index 5f0c172..d8433eb 100644 --- a/jwthenticator/tokens.py +++ b/jwthenticator/tokens.py @@ -51,7 +51,7 @@ async def create_access_token(self, identifier: UUID) -> str: """ if self.private_key is None: raise Exception("Private key required for JWT token creation") - now = datetime.utcnow() + now = datetime.now() payload = JWTPayloadData( token_id=uuid4(), identifier=identifier, @@ -68,8 +68,6 @@ async def load_access_token(self, token_string: str) -> JWTPayloadData: """ Load + parse an existing JWT token. Raises exception if the token is incorrectly signed. - Exp verification is disabled since it checks againt datetime.now(), and we want to - ignore the machine's timezone by using `datetime.utcnow()` everywhere. """ if not token_string: raise MissingJWTError @@ -85,8 +83,8 @@ async def create_refresh_token(self, key_id: int, expires_at: Optional[datetime] :return: The refresh token created. """ if expires_at is None: - expires_at = expires_at = datetime.utcnow() + timedelta(seconds=REFRESH_TOKEN_EXPIRY) - if expires_at <= datetime.utcnow(): + expires_at = expires_at = datetime.now() + timedelta(seconds=REFRESH_TOKEN_EXPIRY) + if expires_at <= datetime.now(): raise Exception("Refresh token can't be created in the past") refresh_token_str = sha512(uuid4().bytes).hexdigest()