Address review

src/middlewared/middlewared/auth.py

@@ -76,7 +76,9 @@ def __init__(self, user: dict, assurance: AuthenticatorAssuranceLevel | None):
 
     def notify_used(self):
         if self.inactivity_timeout:
-            self.last_used_at = monotonic()
+            now = monotonic()
+            if now < self.last_used_at + self.inactivity_timeout:
+                self.last_used_at = now
 
     def is_valid(self):
         if self.assurance and (now := monotonic()) > self.expiry:

src/middlewared/middlewared/etc_files/pam_tdb.py

@@ -11,6 +11,10 @@ def convert_keys(username, keys) -> PamTdbEntry:
     for key in keys:
         if key['expires_at'] is None:
             expiry = 0
+        else if key['revoked']:
+            # Backstop. We filter these out when we etc.generate, but we don't
+            # want to have an avenue to accidentally insert revoked keys.
+            continue
         else:
             expiry = int(key['expires_at'].timestamp())
 

src/middlewared/middlewared/plugins/api_key.py

@@ -123,7 +123,7 @@ async def item_extend(self, item, ctx):
             case -1:
                 # key has been forcibly revoked
                 item['revoked'] = True
-            case 0:
+            case 0 | None:
                 # zero value indicates never expires
                 pass
             case _: