From 6576d619e5af383242a6d6d0563d578631fb5707 Mon Sep 17 00:00:00 2001 From: Kraiem Taha Yassine Date: Wed, 8 Nov 2023 18:11:42 +0100 Subject: [PATCH] Api v1.15.0 (#1631) * fix(chalice): fixed invalid instant JWT --------- Co-authored-by: Alexander Co-authored-by: Shekar Siri Co-authored-by: nick-delirium --- api/chalicelib/core/users.py | 8 ++++---- ee/api/chalicelib/core/users.py | 9 ++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/api/chalicelib/core/users.py b/api/chalicelib/core/users.py index c2503db6d..036bb05ce 100644 --- a/api/chalicelib/core/users.py +++ b/api/chalicelib/core/users.py @@ -578,9 +578,9 @@ def refresh_auth_exists(user_id, jwt_jti=None): def change_jwt_iat_jti(user_id): with pg_client.PostgresClient() as cur: query = cur.mogrify(f"""UPDATE public.users - SET jwt_iat = timezone('utc'::text, now()-INTERVAL '2s'), + SET jwt_iat = timezone('utc'::text, now()-INTERVAL '10s'), jwt_refresh_jti = 0, - jwt_refresh_iat = timezone('utc'::text, now()-INTERVAL '2s') + jwt_refresh_iat = timezone('utc'::text, now()-INTERVAL '10s') WHERE user_id = %(user_id)s RETURNING EXTRACT (epoch FROM jwt_iat)::BIGINT AS jwt_iat, jwt_refresh_jti, @@ -594,12 +594,12 @@ def change_jwt_iat_jti(user_id): def refresh_jwt_iat_jti(user_id): with pg_client.PostgresClient() as cur: query = cur.mogrify(f"""UPDATE public.users - SET jwt_iat = timezone('utc'::text, now()-INTERVAL '2s'), + SET jwt_iat = timezone('utc'::text, now()-INTERVAL '10s'), jwt_refresh_jti = jwt_refresh_jti + 1 WHERE user_id = %(user_id)s RETURNING EXTRACT (epoch FROM jwt_iat)::BIGINT AS jwt_iat, jwt_refresh_jti, - EXTRACT (epoch FROM jwt_refresh_iat)::BIGINT AS jwt_refresh_iat""", + EXTRACT (epoch FROM jwt_refresh_iat)::BIGINT AS jwt_refresh_iat;""", {"user_id": user_id}) cur.execute(query) row = cur.fetchone() diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py index f3fdbf8e0..c0fcaa7c8 100644 --- a/ee/api/chalicelib/core/users.py +++ b/ee/api/chalicelib/core/users.py @@ -651,9 +651,9 @@ def refresh_auth_exists(user_id, tenant_id, jwt_jti=None): def change_jwt_iat_jti(user_id): with pg_client.PostgresClient() as cur: query = cur.mogrify(f"""UPDATE public.users - SET jwt_iat = timezone('utc'::text, now()-INTERVAL '2s'), + SET jwt_iat = timezone('utc'::text, now()-INTERVAL '10s'), jwt_refresh_jti = 0, - jwt_refresh_iat = timezone('utc'::text, now()-INTERVAL '2s') + jwt_refresh_iat = timezone('utc'::text, now()-INTERVAL '10s') WHERE user_id = %(user_id)s RETURNING EXTRACT (epoch FROM jwt_iat)::BIGINT AS jwt_iat, jwt_refresh_jti, @@ -667,7 +667,7 @@ def change_jwt_iat_jti(user_id): def refresh_jwt_iat_jti(user_id): with pg_client.PostgresClient() as cur: query = cur.mogrify(f"""UPDATE public.users - SET jwt_iat = timezone('utc'::text, now()-INTERVAL '2s'), + SET jwt_iat = timezone('utc'::text, now()-INTERVAL '10s'), jwt_refresh_jti = jwt_refresh_jti + 1 WHERE user_id = %(user_id)s RETURNING EXTRACT (epoch FROM jwt_iat)::BIGINT AS jwt_iat, @@ -730,8 +730,7 @@ def authenticate(email, password, for_change_password=False) -> dict | bool | No return {"errors": ["must sign-in with SSO, enforced by admin"]} jwt_iat, jwt_r_jti, jwt_r_iat = change_jwt_iat_jti(user_id=r['userId']) - # jwt_iat = TimeUTC.datetime_to_timestamp(jwt_iat) - # jwt_r_iat = TimeUTC.datetime_to_timestamp(jwt_r_iat) + return { "jwt": authorizers.generate_jwt(user_id=r['userId'], tenant_id=r['tenantId'], iat=jwt_iat, aud=f"front:{helper.get_stage_name()}"),