D5269.id18881.diff
View Options

	diff --git a/swh/web/auth/backends.py b/swh/web/auth/backends.py
	--- a/swh/web/auth/backends.py
	+++ b/swh/web/auth/backends.py
	@@ -71,7 +71,7 @@
	user = _oidc_user_from_decoded_token(decoded_token)

	# get authentication init datetime
	- auth_datetime = datetime.fromtimestamp(decoded_token["auth_time"])
	+ auth_datetime = datetime.fromtimestamp(decoded_token["iat"])
	exp_datetime = datetime.fromtimestamp(decoded_token["exp"])

	# compute OIDC tokens expiration date
	diff --git a/swh/web/tests/auth/keycloak_mock.py b/swh/web/tests/auth/keycloak_mock.py
	--- a/swh/web/tests/auth/keycloak_mock.py
	+++ b/swh/web/tests/auth/keycloak_mock.py
	@@ -90,13 +90,13 @@
	options["verify_exp"] = False
	decoded = super().decode_token(token, options)
	# tweak auth and exp time for tests
	- expire_in = decoded["exp"] - decoded["auth_time"]
	+ expire_in = decoded["exp"] - decoded["iat"]
	if self.exp is not None:
	decoded["exp"] = self.exp
	- decoded["auth_time"] = self.exp - expire_in
	+ decoded["iat"] = self.exp - expire_in
	else:
	- decoded["auth_time"] = int(timezone.now().timestamp())
	- decoded["exp"] = decoded["auth_time"] + expire_in
	+ decoded["iat"] = int(timezone.now().timestamp())
	+ decoded["exp"] = decoded["iat"] + expire_in
	decoded["groups"] = self.user_groups
	if self.user_permissions:
	decoded["resource_access"][self.client_id] = {
	diff --git a/swh/web/tests/auth/sample_data.py b/swh/web/tests/auth/sample_data.py
	--- a/swh/web/tests/auth/sample_data.py
	+++ b/swh/web/tests/auth/sample_data.py
	@@ -19,7 +19,7 @@
	# {'acr': '1',
	# 'allowed-origins': ['*'],
	# 'aud': ['swh-web', 'account'],
	- # 'auth_time': 1592395601,
	+ # 'auth_time': 1582723101,
	# 'azp': 'swh-web',
	# 'email': 'john.doe@example.com',
	# 'email_verified': False,
	@@ -27,7 +27,7 @@
	# 'family_name': 'Doe',
	# 'given_name': 'John',
	# 'groups': ['/staff'],
	- # 'iat': 1582723101,
	+ # 'iat': 1592395601,
	# 'iss': 'http://localhost:8080/auth/realms/SoftwareHeritage',
	# 'jti': '31fc50b7-bbe5-4f51-91ef-8e3eec51331e',
	# 'name': 'John Doe',
	diff --git a/swh/web/tests/auth/test_backends.py b/swh/web/tests/auth/test_backends.py
	--- a/swh/web/tests/auth/test_backends.py
	+++ b/swh/web/tests/auth/test_backends.py
	@@ -60,7 +60,7 @@
	decoded_token = kc_oidc_mock.decode_token(user.access_token)
	_check_authenticated_user(user, decoded_token, kc_oidc_mock)

	- auth_datetime = datetime.fromtimestamp(decoded_token["auth_time"])
	+ auth_datetime = datetime.fromtimestamp(decoded_token["iat"])
	exp_datetime = datetime.fromtimestamp(decoded_token["exp"])
	refresh_exp_datetime = auth_datetime + timedelta(
	seconds=oidc_profile["refresh_expires_in"]

File Metadata

Mime Type: text/plain
Expires: Dec 20 2024, 7:54 PM (11 w, 4 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3220252

D5269.id18881.diff
No OneTemporary
Actions

D5269.id18881.diff
View Options

File Metadata

Event Timeline

D5269.id18881.diffNo OneTemporaryActions

D5269.id18881.diffView Options

File Metadata

Event Timeline

D5269.id18881.diff
No OneTemporary
Actions

D5269.id18881.diff
View Options