SimpleTokenPlugin Update Request

[Julio Flores Schwarzbeck]

Hi folks,

I created an issue on https://github.com/web2py/py4web/issues/1031 regarding an error from the SimpleTokenPlugin plugin (in auth.py) when trying to verify a token which was created without an expiration date.

I am working on an API app to allow accessing data from my web app and needed to implement a token exchange solution for authentication, the information supplied to allow this in py4web is remarkable, thanks!

In any case, if/when a token is created, and the "expiration_date" value is left with no value (the framework seems to allow this), upon trying to authenticate with it, there is a condition that expects an actual date on the field value as it does this:

if row and row.expiration_date.isoformat() > utcnow().isoformat():

Resulting in the following exception being thrown:

AttributeError: 'NoneType' object has no attribute 'isoformat'

I temporarily patched auth.py and added:

if row and (row.expiration_date is None or (row.expiration_date is not None and row.expiration_date.isoformat() > utcnow().isoformat())):

And it all works okay for now.

My Question is:

Should expiration_date be required? (I take that for JWT tokens this may be required), and if the answer is no, then will need to do something different from the above to avoid the exception?

[Massimo DiPierro]

I think it is ok to allow tokens that do not expire and leave this to users. Fixed as you recommended.