Simon/romm
1
0
Fork 0
mirror of https://github.com/rommapp/romm.git synced 2026-06-28 06:46:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

consume the token as soon as its read

Browse Source
This commit is contained in:
Georges-Antoine Assi
2025-11-22 10:51:41 -05:00
parent 665c56e750
commit 27e02fa2a2
2 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/endpoints/user.py
View File

@@ -184,9 +184,7 @@ def create_user_from_invite(
detail=msg,
)
jti, role = auth_handler.verify_invite_link_token(token)
auth_handler.invalidate_invite_link_token(jti)
role = auth_handler.consume_invite_link_token(token)
user = User(
username=username.lower(),
hashed_password=auth_handler.get_password_hash(password),

12
backend/handler/auth/base_handler.py
View File

@@ -203,7 +203,7 @@ class AuthHandler:
)
return token
def verify_invite_link_token(self, token: str) -> tuple[str, str]:
def consume_invite_link_token(self, token: str) -> str:
"""
Verify the invite link token.
Args:
@@ -231,16 +231,12 @@ class AuthHandler:
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invite token has already been used or is invalid.",
)
return jti, role
def invalidate_invite_link_token(self, jti: str) -> None:
"""
Invalidate the invite link token.
Args:
jti (str): The JTI (JWT ID) of the token to invalidate.
"""
# Invalidate the token as soon as it's read
redis_client.delete(f"invite-jti:{jti}")
return role
class OAuthHandler:
def __init__(self) -> None: