Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add minimum_valid_iat_time to subscriber table, and hook up the rest of the fxa webhook events 🛢 #222

Merged
merged 9 commits into from
Jan 12, 2024
Prev Previous commit
Next Next commit
Don't set a minimum_valid_iat_time if the user is logging out normally.
MelissaAutumn committed Jan 9, 2024
commit 8256ed947d34373706faab177c524e29b5d38dbc
9 changes: 5 additions & 4 deletions backend/src/appointment/controller/auth.py
Original file line number Diff line number Diff line change
@@ -14,11 +14,12 @@
from ..database import repo, schemas, models


def logout(db: Session, subscriber: models.Subscriber, fxa_client: FxaClient|None):
def logout(db: Session, subscriber: models.Subscriber, fxa_client: FxaClient | None, deny_previous_tokens=True):
"""Sets a minimum valid issued at time (time). This prevents access tokens issued earlier from working."""
subscriber.minimum_valid_iat_time = datetime.datetime.now(datetime.UTC)
db.add(subscriber)
db.commit()
if deny_previous_tokens:
subscriber.minimum_valid_iat_time = datetime.datetime.now(datetime.UTC)
db.add(subscriber)
db.commit()

if os.getenv('AUTH_SCHEME') == 'fxa':
fxa_client.logout()
3 changes: 2 additions & 1 deletion backend/src/appointment/routes/auth.py
Original file line number Diff line number Diff line change
@@ -203,7 +203,8 @@ def logout(db: Session = Depends(get_db), subscriber: Subscriber = Depends(get_s
if os.getenv('AUTH_SCHEME') == 'fxa':
fxa_client.setup(subscriber.id, subscriber.get_external_connection(ExternalConnectionType.fxa).token)

auth.logout(db, subscriber, fxa_client)
# Don't set a minimum_valid_iat_time here.
auth.logout(db, subscriber, fxa_client, deny_previous_tokens=False)

return True