Skip to content

Commit

Permalink
Reject jwt associated with revoked refresh token
Browse files Browse the repository at this point in the history
  • Loading branch information
SeaweedbrainCY committed Nov 8, 2024
1 parent a3ef496 commit 073de62
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 6 additions & 2 deletions api/CryptoClasses/jwt_func.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
from flask import jsonify, request
import logging
from connexion.exceptions import Forbidden, Unauthorized

from database.refresh_token_repo import RefreshTokenRepo
ALG = 'HS256'
ISSUER = conf.environment.frontend_URI + "/api/v1"

# Verification performed by openAPI
def verify_jwt(jwt_token, verify_exp=True):
def verify_jwt(jwt_token, verify_exp=True, verify_revoked=True):
try:
data = jwt.decode(jwt_token,
conf.api.jwt_secret,
Expand All @@ -24,6 +24,10 @@ def verify_jwt(jwt_token, verify_exp=True):
"verify_nbf": True,
"verify_exp": verify_exp,
"verify_iat":True})
if verify_revoked:
associated_refresh_token = RefreshTokenRepo().get_refresh_token_by_jti(data["jti"])
if associated_refresh_token.revoke_timestamp is not None:
raise Forbidden("Token revoked")
return data
except jwt.ExpiredSignatureError as e:
raise Unauthorized("API key expired")
Expand Down
3 changes: 3 additions & 0 deletions api/database/refresh_token_repo.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ def create_refresh_token(self, user_id, jti, hashed_token, expiration=-1):

def get_refresh_token_by_hash(self, hashed_token):
return RefreshToken.query.filter_by(hashed_token=hashed_token).first()

def get_refresh_token_by_jti(self, jti):
return RefreshToken.query.filter_by(jti=jti).first()

def revoke(self, id):
rt = RefreshToken.query.filter_by(id=id).first()
Expand Down

0 comments on commit 073de62

Please sign in to comment.