From dc37f30a1273c1d3b7949b1d64e60d37da3b9fd4 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Sun, 23 Oct 2022 11:08:19 -0500
Subject: graphql: T4574: set token expiration time in claims

---
 src/services/api/graphql/libs/token_auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/services/api/graphql/libs')

diff --git a/src/services/api/graphql/libs/token_auth.py b/src/services/api/graphql/libs/token_auth.py
index 2d63a1cc7..fafb0f5af 100644
--- a/src/services/api/graphql/libs/token_auth.py
+++ b/src/services/api/graphql/libs/token_auth.py
@@ -14,7 +14,7 @@ def init_secret():
     secret = token_hex(16)
     state.settings['secret'] = secret
 
-def generate_token(user: str, passwd: str, secret: str) -> dict:
+def generate_token(user: str, passwd: str, secret: str, exp: int) -> dict:
     if user is None or passwd is None:
         return {}
     if _check_passwd_pam(user, passwd):
@@ -25,7 +25,7 @@ def generate_token(user: str, passwd: str, secret: str) -> dict:
             app.state.vyos_token_users = {}
             users = app.state.vyos_token_users
         user_id = uuid.uuid1().hex
-        payload_data = {'iss': user, 'sub': user_id}
+        payload_data = {'iss': user, 'sub': user_id, 'exp': exp}
         secret = state.settings.get('secret')
         if secret is None:
             return {
-- 
cgit v1.2.3