forked from sr2/cloud-api
feat: sua expiry handling
This commit is contained in:
parent
294baadcb7
commit
ec572aa4c1
3 changed files with 25 additions and 13 deletions
17
src/utils.py
17
src/utils.py
|
|
@ -1,3 +1,4 @@
|
|||
from datetime import datetime, timezone
|
||||
from joserfc import jwt, jwk, errors
|
||||
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
|
|
@ -21,6 +22,22 @@ async def decode_jwt(encoded):
|
|||
raise UnauthorizedException("Invalid JWS")
|
||||
|
||||
|
||||
async def verify_email_token(user_model, token):
|
||||
email_claims = await decode_jwt(token)
|
||||
|
||||
claimed_email = email_claims["email"]
|
||||
|
||||
expiry = datetime.fromtimestamp(email_claims["exp"], timezone.utc)
|
||||
|
||||
if expiry < datetime.now(timezone.utc):
|
||||
raise UnauthorizedException("Invitation expired.")
|
||||
|
||||
if user_model.email != claimed_email:
|
||||
raise UnauthorizedException("The logged in user and email do not match.")
|
||||
|
||||
return email_claims
|
||||
|
||||
|
||||
async def send_email(recipient: str, subject: str, body: str):
|
||||
print(recipient)
|
||||
print(subject)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue