From dda9e6ac048811fd5a9dec0e366f950f70ae2d87 Mon Sep 17 00:00:00 2001 From: imperosol Date: Mon, 26 May 2025 07:42:44 +0200 Subject: [PATCH] Forbid authentication with revoked keys --- apikey/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apikey/auth.py b/apikey/auth.py index 00212c1b..d1489f7f 100644 --- a/apikey/auth.py +++ b/apikey/auth.py @@ -14,7 +14,7 @@ class ApiKeyAuth(APIKeyHeader): hasher = get_hasher() hashed_key = hasher.encode(key) try: - key_obj = ApiKey.objects.get(hashed_key=hashed_key) + key_obj = ApiKey.objects.get(revoked=False, hashed_key=hashed_key) except ApiKey.DoesNotExist: return None return key_obj.client