Forbid authentication with revoked keys

2025-06-08 04:05:22 +00:00 · 2025-05-26 07:42:44 +02:00 · 2025-05-26 07:42:44 +02:00 · 835dd5d20e
commit 835dd5d20e
parent f93a4ac98b
1 changed files with 1 additions and 1 deletions
--- a/apikey/auth.py
+++ b/apikey/auth.py
@ -14,7 +14,7 @@ class ApiKeyAuth(APIKeyHeader):
        hasher = get_hasher()
        hashed_key = hasher.encode(key)
        try:
-            key_obj = ApiKey.objects.get(hashed_key=hashed_key)
+            key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key)
        except ApiKey.DoesNotExist:
            return None
        return key_obj.client