Merge pull request #190 from coreos-inc/timezone

Fromtimestamp needs to be in UTC for JWT auth
2015-06-30 12:05:00 -04:00 · 2015-06-30 12:05:00 -04:00 · 38a5963afe
commit 38a5963afe
parent e69d86d948 477e244eff
1 changed files with 2 additions and 1 deletions
--- a/data/users.py
+++ b/data/users.py
@ -100,7 +100,8 @@ class JWTAuthUsers(object):
      raise Exception('Missing exp field in JWT')

    # Verify that the expiration is no more than 300 seconds in the future.
-    if datetime.fromtimestamp(payload['exp']) > datetime.utcnow() + timedelta(seconds=300):
+    expiration = datetime.utcfromtimestamp(payload['exp'])
+    if expiration > datetime.utcnow() + timedelta(seconds=300):
      logger.debug('Payload expiration is outside of the 300 second window: %s', payload['exp'])
      return (None, 'Invalid username or password')