BUG#AC-9337:Revoking or invalidating previous access tokens upon generating new access token for Restapi

Rachana · Rachana · commit 3c27a5a7c398 · 2024-05-15T04:06:22.000-07:00
diff --git a/app/code/Magento/JwtUserToken/Model/RevokedValidator.php b/app/code/Magento/JwtUserToken/Model/RevokedValidator.php
@@ -43,5 +43,8 @@ public function validate(UserToken $token): void
         if ($revoked && $token->getData()->getIssued()->getTimestamp() <= $revoked->getBeforeTimestamp()) {
             throw new AuthorizationException(__('User token has been revoked'));
         }
+        elseif($revoked && $token->getData()->getIssued()->getTimestamp() >= $revoked->getBeforeTimestamp()) {
+            throw new AuthorizationException(__('User token has been revoked'));
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -43,5 +43,8 @@ public function validate(UserToken $token): void`
`43`	`43`	`if ($revoked && $token->getData()->getIssued()->getTimestamp() <= $revoked->getBeforeTimestamp()) {`
`44`	`44`	`throw new AuthorizationException(__('User token has been revoked'));`
`45`	`45`	`}`
	`46`	`+ elseif($revoked && $token->getData()->getIssued()->getTimestamp() >= $revoked->getBeforeTimestamp()) {`
	`47`	`+ throw new AuthorizationException(__('User token has been revoked'));`
	`48`	`+ }`
`46`	`49`	`}`
`47`	`50`	`}`