sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: sua expiry handling

Browse source
This commit is contained in:
Chris Milne 2026-06-10 14:14:22 +01:00
parent 294baadcb7
commit ec572aa4c1
3 changed files with 25 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/iam/router.py
View file

@ -75,7 +75,7 @@ from src.iam.schemas import (
IAMPutGroupInvitationRequest,
IAMPutGroupInvitationAcceptRequest,
)
from src.utils import decode_jwt
from src.utils import verify_email_token
router = APIRouter(
tags=["IAM"],
@ -373,11 +373,9 @@ async def accept_invitation(
user_model: user_model_claims_dependency,
request_model: IAMPutGroupInvitationAcceptRequest,
):
email_claims = await decode_jwt(request_model.jwt)
claimed_email = email_claims["email"]
if user_model.email != claimed_email:
raise UnauthorizedException("The logged in user and email do not match.")
email_claims = await verify_email_token(
token=request_model.jwt, user_model=user_model
)
org_model = db.get(Org, email_claims["org_id"])
if org_model is None: