Merge pull request #2424 from pyfa-org/issue2402

Add option in settings to disregard JWT exp issues
pyfa-org · May 5, 2022 · 893f9f8 · 893f9f8
2 parents c612545 + 60015fb
commit 893f9f8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/gui/builtinPreferenceViews/pyfaEsiPreferences.py b/gui/builtinPreferenceViews/pyfaEsiPreferences.py
@@ -34,6 +34,13 @@ def populatePanel(self, panel):
         self.stInfo.Wrap(dlgWidth - 50)
         mainSizer.Add(self.stInfo, 0, wx.EXPAND | wx.TOP | wx.BOTTOM, 5)
 
+        self.enforceJwtExpiration = wx.CheckBox(panel, wx.ID_ANY, _t("Enforce Token Expiration"), wx.DefaultPosition,
+                                        wx.DefaultSize,
+                                        0)
+        self.enforceJwtExpiration.SetToolTip(wx.ToolTip(_t("This option is a workaround in case you cannot log into EVE SSO "
+                                                       "due to 'Signature has expired' error")))
+        mainSizer.Add(self.enforceJwtExpiration, 0, wx.ALL | wx.EXPAND, 5)
+
         rbSizer = wx.BoxSizer(wx.HORIZONTAL)
         self.rbMode = wx.RadioBox(panel, -1, _t("Login Authentication Method"), wx.DefaultPosition, wx.DefaultSize,
                                   [_t('Local Server'), _t('Manual')], 1, wx.RA_SPECIFY_COLS)
@@ -43,11 +50,12 @@ def populatePanel(self, panel):
                                          " character login. Use this if having issues with the local server."))
 
         self.rbMode.SetSelection(self.settings.get('loginMode'))
+        self.enforceJwtExpiration.SetValue(self.settings.get("enforceJwtExpiration" or True))
 
         rbSizer.Add(self.rbMode, 1, wx.TOP | wx.RIGHT, 5)
 
         self.rbMode.Bind(wx.EVT_RADIOBOX, self.OnModeChange)
-
+        self.enforceJwtExpiration.Bind(wx.EVT_CHECKBOX, self.OnEnforceChange)
         mainSizer.Add(rbSizer, 1, wx.ALL | wx.EXPAND, 0)
 
         panel.SetSizer(mainSizer)
@@ -59,6 +67,10 @@ def OnTimeoutChange(self, event):
     def OnModeChange(self, event):
         self.settings.set('loginMode', event.GetInt())
 
+    def OnEnforceChange(self, event):
+        self.settings.set('enforceJwtExpiration', self.enforceJwtExpiration.GetValue())
+        event.Skip()
+
     def getImage(self):
         return BitmapLoader.getBitmap("eve", "gui")
 

diff --git a/service/esiAccess.py b/service/esiAccess.py
@@ -241,7 +241,7 @@ def validate_eve_jwt(self, jwt_token):
                 algorithms=jwk_set["alg"],
                 issuer=[self.server_base.sso, "https://%s" % self.server_base.sso],
                 # ignore "aud" claim: https://tweetfleet.slack.com/archives/C30KX8UUX/p1648495011905969
-                options={"verify_aud": False}
+                options={"verify_aud": False, "verify_exp": self.settings.get("enforceJwtExpiration")}
             )
         except ExpiredSignatureError as e:
             raise GenericSsoError("The JWT token has expired: {}".format(str(e)))

diff --git a/service/settings.py b/service/settings.py
@@ -375,7 +375,9 @@ def __init__(self):
             "clientSecret": "",
             "timeout": 60,
             "server": "Tranquility",
-            "exportCharges": True}
+            "exportCharges": True,
+            "enforceJwtExpiration": True
+        }
 
         self.settings = SettingsProvider.getInstance().getSettings(
                 "pyfaServiceEsiSettings",