From 454ec2d421609fd07b9a79b3fe4512630f4a5756 Mon Sep 17 00:00:00 2001 From: Scurrra Date: Sat, 20 Jul 2024 21:15:58 +0300 Subject: [PATCH 1/4] JWT expiration check in OAuth2Backend.authenticate and datetime.utcnow() deprecation --- src/fastapi_oauth2/middleware.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 8b91e32..71c4997 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -1,5 +1,6 @@ from datetime import datetime from datetime import timedelta +from datetime import UTC from typing import Any from typing import Awaitable from typing import Callable @@ -27,6 +28,7 @@ from .claims import Claims from .config import OAuth2Config from .core import OAuth2Core +from .exceptions import OAuth2AuthenticationError class Auth(AuthCredentials): @@ -51,7 +53,7 @@ def jwt_decode(cls, token: str) -> dict: @classmethod def jwt_create(cls, token_data: dict) -> str: - expire = datetime.utcnow() + timedelta(seconds=cls.expires) + expire = datetime.now(UTC) + timedelta(seconds=cls.expires) return cls.jwt_encode({**token_data, "exp": expire}) @@ -106,7 +108,11 @@ async def authenticate(self, request: Request) -> Optional[Tuple[Auth, User]]: if not scheme or not param: return Auth(), User() - user = User(Auth.jwt_decode(param)) + token_data = Auth.jwt_decode(param) + if token_data["exp"] and token_data["exp"] < int(datetime.now(UTC).timestamp()): + raise OAuth2AuthenticationError(401, "Token expired") + + user = User(token_data) auth = Auth(user.pop("scope", [])) auth.provider = auth.clients.get(user.get("provider")) claims = auth.provider.claims if auth.provider else {} From 2ff519676521d9b5023f3979d886b0657da46709 Mon Sep 17 00:00:00 2001 From: Ilya Borowski <40835268+Scurrra@users.noreply.github.com> Date: Sun, 21 Jul 2024 16:40:02 +0300 Subject: [PATCH 2/4] Update src/fastapi_oauth2/middleware.py Co-authored-by: Artyom Vancyan <44609997+ArtyomVancyan@users.noreply.github.com> --- src/fastapi_oauth2/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 71c4997..aafeea1 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -53,7 +53,7 @@ def jwt_decode(cls, token: str) -> dict: @classmethod def jwt_create(cls, token_data: dict) -> str: - expire = datetime.now(UTC) + timedelta(seconds=cls.expires) + expire = datetime.now(timezone.utc) + timedelta(seconds=cls.expires) return cls.jwt_encode({**token_data, "exp": expire}) From 6dbfd40187961bbbaf2f5d69a7ff94c37b2df50d Mon Sep 17 00:00:00 2001 From: Ilya Borowski <40835268+Scurrra@users.noreply.github.com> Date: Sun, 21 Jul 2024 16:40:19 +0300 Subject: [PATCH 3/4] Update src/fastapi_oauth2/middleware.py Co-authored-by: Artyom Vancyan <44609997+ArtyomVancyan@users.noreply.github.com> --- src/fastapi_oauth2/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index aafeea1..6148338 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -1,6 +1,6 @@ from datetime import datetime from datetime import timedelta -from datetime import UTC +from datetime import timezone from typing import Any from typing import Awaitable from typing import Callable From fc60e7d7741bb9304a38d0867f18ff8141e4ca2a Mon Sep 17 00:00:00 2001 From: Ilya Borowski <40835268+Scurrra@users.noreply.github.com> Date: Sun, 21 Jul 2024 16:40:31 +0300 Subject: [PATCH 4/4] Update src/fastapi_oauth2/middleware.py Co-authored-by: Artyom Vancyan <44609997+ArtyomVancyan@users.noreply.github.com> --- src/fastapi_oauth2/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 6148338..8481947 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -109,7 +109,7 @@ async def authenticate(self, request: Request) -> Optional[Tuple[Auth, User]]: return Auth(), User() token_data = Auth.jwt_decode(param) - if token_data["exp"] and token_data["exp"] < int(datetime.now(UTC).timestamp()): + if token_data["exp"] and token_data["exp"] < int(datetime.now(timezone.utc).timestamp()): raise OAuth2AuthenticationError(401, "Token expired") user = User(token_data)