trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: only set expiry on user when it was freshly created 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-05-25 23:02:33 +02:00
parent 0e0dd2437b
commit 5da47b69dd
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
authentik/providers/oauth2/views/token.py
View File

@ -333,18 +333,7 @@ class TokenParams:
raise TokenError("invalid_grant") raise TokenError("invalid_grant")
self.__check_policy_access(app, request, oauth_jwt=token) self.__check_policy_access(app, request, oauth_jwt=token)
self.__create_user_from_jwt(token, app)
self.user, _ = User.objects.update_or_create(
username=f"{self.provider.name}-{token.get('sub')}",
defaults={
"attributes": {
USER_ATTRIBUTE_GENERATED: True,
USER_ATTRIBUTE_EXPIRES: token.get("exp"),
},
"last_login": now(),
"name": f"Autogenerated user from application {app.name} (client credentials JWT)",
},
)
method_args = { method_args = {
"jwt": token, "jwt": token,
@ -360,6 +349,23 @@ class TokenParams:
PLAN_CONTEXT_APPLICATION=app, PLAN_CONTEXT_APPLICATION=app,
).from_http(request, user=self.user) ).from_http(request, user=self.user)
def __create_user_from_jwt(self, token: dict[str, Any], app: Application):
"""Create user from JWT"""
exp = token.get("exp")
self.user, created = User.objects.update_or_create(
username=f"{self.provider.name}-{token.get('sub')}",
defaults={
"attributes": {
USER_ATTRIBUTE_GENERATED: True,
},
"last_login": now(),
"name": f"Autogenerated user from application {app.name} (client credentials JWT)",
},
)
if created and exp:
self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp
self.user.save()
class TokenView(View): class TokenView(View):
"""Generate tokens for clients""" """Generate tokens for clients"""