[!] Check if a token has expired before authenticating

2024-11-23 19:44:20 +00:00 · 2020-03-26 22:26:42 +01:00 · 2020-03-26 22:26:42 +01:00 · 46f6ec05aa
commit 46f6ec05aa
parent 601c673d96
2 changed files with 4 additions and 2 deletions
--- a/royalnet/backpack/tables/tokens.py
+++ b/royalnet/backpack/tables/tokens.py
@ -51,5 +51,5 @@ class Token:
        }

    @classmethod
-    async def authenticate(cls, alchemy, session, token: str) -> "Token":
+    async def find(cls, alchemy, session, token: str) -> "Token":
        return await ru.asyncify(session.query(alchemy.get(cls)).filter_by(token=token).one_or_none)
--- a/royalnet/constellation/api/apidata.py
+++ b/royalnet/constellation/api/apidata.py
@ -18,9 +18,11 @@ class ApiData(dict):
        raise MissingParameterError(f"Missing '{key}'")

    async def token(self) -> Token:
-        token = await Token.authenticate(self.star.alchemy, self.session, self["token"])
+        token = await Token.find(self.star.alchemy, self.session, self["token"])
        if token is None:
            raise ForbiddenError("'token' is invalid")
+        if token.expired:
+            raise ForbiddenError("Login token has expired")
        return token

    async def user(self) -> User: