Some more authrequest changes (#5188)

2025-09-10 18:55:57 +03:00 · 2024-11-15 11:25:51 +01:00
parent ff33534c07
commit 0d16b38a68
2 changed files with 12 additions and 2 deletions
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -190,8 +190,12 @@ async fn _password_login(
            )
        };

+        let expiration_time = auth_request.creation_date + chrono::Duration::minutes(5);
+        let request_expired = Utc::now().naive_utc() >= expiration_time;
+
        if auth_request.user_uuid != user.uuid
            || !auth_request.approved.unwrap_or(false)
+            || request_expired
            || ip.ip.to_string() != auth_request.request_ip
            || !auth_request.check_access_code(password)
        {