Skip to content

Commit

Permalink
do not return a valid access token when it expires within 5 minutes
Browse files Browse the repository at this point in the history
  • Loading branch information
tarzan committed Feb 18, 2024
1 parent 7e282d0 commit d4ef4f5
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/ex_oauth2_provider/access_tokens/access_tokens.ex
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ defmodule ExOauth2Provider.AccessTokens do

queryable
|> where([a], is_nil(a.revoked_at))
|> where([a], is_nil(a.expires_in) or datetime_add(a.inserted_at, a.expires_in, "second") > ^now)
|> where([a], is_nil(a.expires_in) or datetime_add(a.inserted_at, a.expires_in, "second") > datetime_add(^now, 5, "minute"))
|> order_by([a], desc: a.inserted_at, desc: :id)
|> Config.repo(config).all()
|> Enum.filter(&is_accessible?/1)
Expand Down
11 changes: 11 additions & 0 deletions test/ex_oauth2_provider/access_tokens/access_tokens_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,17 @@ defmodule ExOauth2Provider.AccessTokensTest do

refute AccessTokens.get_application_token_for(Fixtures.application(uid: "application-2"), nil, otp_app: :ex_oauth2_provider)
end

test "does not get the token when it expires within 5 minutes", %{application: application} do
{:ok, %{expires_in: expires_in} = access_token} =
AccessTokens.create_application_token(application, %{}, otp_app: :ex_oauth2_provider)

inserted_at = QueryHelpers.timestamp(OauthAccessToken, :inserted_at, seconds: -1 * expires_in + 299)
# the token will expire in 4min 59s
QueryHelpers.change!(access_token, inserted_at: inserted_at)

refute AccessTokens.get_application_token_for(application, nil, otp_app: :ex_oauth2_provider)
end
end

test "get_authorized_tokens_for/2", %{user: user, application: application} do
Expand Down

0 comments on commit d4ef4f5

Please sign in to comment.