You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Expired API key is not checked using APIKey models is_valid method.
To Reproduce
Steps to reproduce the behavior:
Create One APIKey and set any older date than now
Make request with the APIKey and you'll be able to see contents which is only meant to be for valid API Key
Expected behavior
When we're checking APIKey's validity then has_expired should also be taken into consideration.
Additional context
If we do the following then we can avoid this problem:
defis_valid(self, key: str) ->bool:
key_generator=type(self).objects.key_generatorvalid=key_generator.verify(key, self.hashed_key)
# Transparently update the key to use the preferred hasher# if it is using an outdated hasher.ifvalidandnotkey_generator.using_preferred_hasher(self.hashed_key):
# Note that since the PK includes the hashed key,# they will be internally inconsistent following this upgrade.# See: https://github.com/florimondmanca/djangorestframework-api-key/issues/128self.hashed_key=key_generator.hash(key)
self.save()
returnbool(validandnotself.has_expired)
Describe the bug
Expired API key is not checked using
APIKey
modelsis_valid
method.To Reproduce
Steps to reproduce the behavior:
APIKey
and set any older date than nowExpected behavior
When we're checking APIKey's validity then has_expired should also be taken into consideration.
Additional context
If we do the following then we can avoid this problem:
@florimondmanca
The text was updated successfully, but these errors were encountered: