From 173e2bddcc95a6b321e8b957ec1345c29109e48d Mon Sep 17 00:00:00 2001 From: Jonathan Styles Date: Sat, 24 Aug 2024 17:53:13 -0400 Subject: [PATCH] Added api_key field to JWT to ignore expiry --- app/util/authentication.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/app/util/authentication.py b/app/util/authentication.py index 1612755..a93c3fc 100644 --- a/app/util/authentication.py +++ b/app/util/authentication.py @@ -39,6 +39,7 @@ async def wrapper(request: Request, token: Optional[str], *args, **kwargs): ) is_admin: bool = user_jwt.get("sudo", False) creation_date: float = user_jwt.get("issued", -1) + api_key: bool = user_jwt.get("api_key", False) except Exception as e: if isinstance(e, jwt.JWTError) or isinstance(e, jwt.JWTClaimsError): tr = Errors.generate( @@ -58,15 +59,15 @@ async def wrapper(request: Request, token: Optional[str], *args, **kwargs): "You are not a sudoer.", essay="If you think this is an error, please try logging in again.", ) - - if time.time() > creation_date + Settings().jwt.lifetime_sudo: - return Errors.generate( - request, - 403, - "Session not new enough to verify sudo status.", - essay="Unlike normal log-in, non-bot sudoer sessions only last a day. This is to ensure the security of Hack@UCF member PII. " - "Simply re-log into Onboard to continue.", - ) + if not api_key: + if time.time() > creation_date + Settings().jwt.lifetime_sudo: + return Errors.generate( + request, + 403, + "Session not new enough to verify sudo status.", + essay="Unlike normal log-in, non-bot sudoer sessions only last a day. This is to ensure the security of Hack@UCF member PII. " + "Simply re-log into Onboard to continue.", + ) return await func(request, token, *args, **kwargs)