From e9860ee72ae773f316bae6d0161e28ae1b29825a Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Tue, 16 Feb 2021 17:54:57 -0800
Subject: [PATCH] Fix TTL calculation for API keys

---
 lemur/auth/service.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lemur/auth/service.py b/lemur/auth/service.py
index 1705e0c9..6ce9a5b6 100644
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@@ -75,7 +75,7 @@ def create_token(user, aid=None, ttl=None):
         if ttl == -1:
             del payload["exp"]
         else:
-            payload["exp"] = ttl
+            payload["exp"] = datetime.utcnow() + timedelta(days=ttl)
     token = jwt.encode(payload, current_app.config["LEMUR_TOKEN_SECRET"])
     return token
 
@@ -116,9 +116,8 @@ def login_required(f):
                 return dict(message="Token has been revoked"), 403
             if access_key.ttl != -1:
                 current_time = datetime.utcnow()
-                expired_time = datetime.fromtimestamp(
-                    access_key.issued_at + access_key.ttl
-                )
+                # API key uses days
+                expired_time = datetime.fromtimestamp(access_key.issued_at) + timedelta(days=access_key.ttl)
                 if current_time >= expired_time:
                     return dict(message="Token has expired"), 403