check user.expiration_date in API (!2019) · Merge requests · castellum / castellum

Bengfort requested to merge api-expiration into main Aug 31, 2021

user.expiration_date is usually checked in a middleware. The authentication we use for the API is not compatible with that, so we need to add this explicitly. I am not sure whether we really want that.

Making middleware apply to API requests in general is not the best idea IMHO because this would also include AutoLogoutMiddleware.

Edited Sep 06, 2021 by Bengfort

check user.expiration_date in API

Merge request reports