Fix TTL calculation for API keys

2021-02-16 17:54:57 -08:00 · 2021-02-16 17:54:57 -08:00 · e9860ee72a
parent 9f4e26a961
commit e9860ee72a
1 changed files with 3 additions and 4 deletions
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@ -75,7 +75,7 @@ def create_token(user, aid=None, ttl=None):
        if ttl == -1:
            del payload["exp"]
        else:
-            payload["exp"] = ttl
+            payload["exp"] = datetime.utcnow() + timedelta(days=ttl)
    token = jwt.encode(payload, current_app.config["LEMUR_TOKEN_SECRET"])
    return token

@ -116,9 +116,8 @@ def login_required(f):
                return dict(message="Token has been revoked"), 403
            if access_key.ttl != -1:
                current_time = datetime.utcnow()
-                expired_time = datetime.fromtimestamp(
-                    access_key.issued_at + access_key.ttl
-                )
+                # API key uses days
+                expired_time = datetime.fromtimestamp(access_key.issued_at) + timedelta(days=access_key.ttl)
                if current_time >= expired_time:
                    return dict(message="Token has expired"), 403