vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Disable fresh login check in auth engines that won't support it

Browse source
This commit is contained in:
Joseph Schorr 2017-12-12 16:00:38 -05:00
parent 524d77f527
commit 2214a2c7ad
5 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
endpoints/api/__init__.py
View file

@ -10,7 +10,7 @@ from flask_restful import Resource, abort, Api, reqparse
from flask_restful.utils.cors import crossdomain
from jsonschema import validate, ValidationError
from app import app, metric_queue
from app import app, metric_queue, authentication
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
AdministerRepositoryPermission, UserReadPermission,
UserAdminPermission)
@ -300,7 +300,8 @@ def require_fresh_login(func):
last_login = session.get('login_time', datetime.datetime.min)
valid_span = datetime.datetime.now() - datetime.timedelta(minutes=10)
if not user.password_hash or last_login >= valid_span:
if (not user.password_hash or last_login >= valid_span or
not authentication.supports_fresh_login):
return func(*args, **kwargs)
raise FreshLoginRequired()