winzer/elwig-rest-backend
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

elwig-backend: Invalidate non-existend users

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-05-01 19:48:00 +02:00
parent fbb1a62284
commit 0145ca02b0
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/elwig-backend
View File

@ -20,7 +20,7 @@ import hashlib
import hmac
VERSION: str = '0.0.6'
VERSION: str = '0.0.7'
CNX: sqlite3.Cursor
USER_FILE: str
@ -227,7 +227,9 @@ class ElwigApi(BaseHTTPRequestHandler):
raise UnauthorizedError('JWT token not yet valid')
elif payload['iat'] < JWT_INVALIDATE_BEFORE:
raise UnauthorizedError('Invalidated JWT token')
elif payload['iat'] < JWT_USER_INVALIDATE_BEFORE.get(payload['sub'], 0):
elif payload['sub'] not in JWT_USER_INVALIDATE_BEFORE:
raise UnauthorizedError('Invalidated JWT token')
elif payload['iat'] < JWT_USER_INVALIDATE_BEFORE[payload['sub']]:
raise UnauthorizedError('Invalidated JWT token')
return payload['sub'], payload['rol']
except Exception: