Refactor token validity check.

This commit is contained in:
crudo 2017-09-25 21:22:41 +02:00
parent 6b159b6eda
commit 14cc8ec7c4
2 changed files with 8 additions and 6 deletions

View File

@ -165,3 +165,10 @@ class AccessToken(Base):
default=(datetime.now() + timedelta(days=2))) default=(datetime.now() + timedelta(days=2)))
user = relationship('User', lazy='joined') user = relationship('User', lazy='joined')
def is_valid(self):
return all([
self.is_active,
self.created_at < datetime.now(),
self.expires_at > datetime.now()
])

View File

@ -1,4 +1,3 @@
from datetime import datetime
from functools import wraps from functools import wraps
from aiohttp.web import json_response from aiohttp.web import json_response
from pos.database import User, ProductCategory, AccessToken from pos.database import User, ProductCategory, AccessToken
@ -26,11 +25,7 @@ def auth_required(func):
return json_response({'err': 'unauthorized', return json_response({'err': 'unauthorized',
'msg': 'The token is not valid.'}, 'msg': 'The token is not valid.'},
status=401) status=401)
elif ( elif not token.is_valid():
not token.is_active or
token.created_at > datetime.now() or
token.expires_at < datetime.now()
):
return json_response({'err': 'forbidden', return json_response({'err': 'forbidden',
'msg': 'The token has expired.'}, 'msg': 'The token has expired.'},
status=403) status=403)