Fromtimestamp needs to be in UTC for JWT auth

2015-06-28 11:37:09 +03:00 · 2015-06-28 11:37:09 +03:00 · 477e244eff
commit 477e244eff
parent cea4ad2d85
1 changed files with 2 additions and 1 deletions
--- a/data/users.py
+++ b/data/users.py
@ -100,7 +100,8 @@ class JWTAuthUsers(object):
      raise Exception('Missing exp field in JWT')

    # Verify that the expiration is no more than 300 seconds in the future.
-    if datetime.fromtimestamp(payload['exp']) > datetime.utcnow() + timedelta(seconds=300):
+    expiration = datetime.utcfromtimestamp(payload['exp'])
+    if expiration > datetime.utcnow() + timedelta(seconds=300):
      logger.debug('Payload expiration is outside of the 300 second window: %s', payload['exp'])
      return (None, 'Invalid username or password')