From 1c0404fefd7e5f373edd2e61ec89a9a4da9a8371 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Tue, 8 Oct 2024 13:26:38 -0600 Subject: [PATCH] Address review --- src/middlewared/middlewared/auth.py | 4 +++- src/middlewared/middlewared/etc_files/pam_tdb.py | 4 ++++ src/middlewared/middlewared/plugins/api_key.py | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/middlewared/middlewared/auth.py b/src/middlewared/middlewared/auth.py index 09686a645d6da..5650e3f02b9ac 100644 --- a/src/middlewared/middlewared/auth.py +++ b/src/middlewared/middlewared/auth.py @@ -76,7 +76,9 @@ def __init__(self, user: dict, assurance: AuthenticatorAssuranceLevel | None): def notify_used(self): if self.inactivity_timeout: - self.last_used_at = monotonic() + now = monotonic() + if now < self.last_used_at + self.inactivity_timeout: + self.last_used_at = now def is_valid(self): if self.assurance and (now := monotonic()) > self.expiry: diff --git a/src/middlewared/middlewared/etc_files/pam_tdb.py b/src/middlewared/middlewared/etc_files/pam_tdb.py index bab74ac79c136..9086ab241c321 100644 --- a/src/middlewared/middlewared/etc_files/pam_tdb.py +++ b/src/middlewared/middlewared/etc_files/pam_tdb.py @@ -11,6 +11,10 @@ def convert_keys(username, keys) -> PamTdbEntry: for key in keys: if key['expires_at'] is None: expiry = 0 + else if key['revoked']: + # Backstop. We filter these out when we etc.generate, but we don't + # want to have an avenue to accidentally insert revoked keys. + continue else: expiry = int(key['expires_at'].timestamp()) diff --git a/src/middlewared/middlewared/plugins/api_key.py b/src/middlewared/middlewared/plugins/api_key.py index 809adcfa7cafd..545246a89e67b 100644 --- a/src/middlewared/middlewared/plugins/api_key.py +++ b/src/middlewared/middlewared/plugins/api_key.py @@ -123,7 +123,7 @@ async def item_extend(self, item, ctx): case -1: # key has been forcibly revoked item['revoked'] = True - case 0: + case 0 | None: # zero value indicates never expires pass case _: