- feat: cover jwt expired case

koladev32 · koladev32 · commit be83eab23ade · 2021-07-18T03:28:32.000+02:00
diff --git a/api/authentication/serializers/login.py b/api/authentication/serializers/login.py
@@ -55,7 +55,10 @@ def validate(self, data):
             )
             if not session.token:
                 raise ValueError
-        except (ObjectDoesNotExist, ValueError):
+
+            jwt.decode(session.token, settings.SECRET_KEY, algorithms=["HS256"])
+
+        except (ObjectDoesNotExist, ValueError, jwt.ExpiredSignatureError):
             session = ActiveSession.objects.create(
                 user=user,
                 token=_generate_jwt_token(user)
