diff options
Diffstat (limited to 'macaroonbakery/checkers/_checkers.py')
-rw-r--r-- | macaroonbakery/checkers/_checkers.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/macaroonbakery/checkers/_checkers.py b/macaroonbakery/checkers/_checkers.py index 71cb56f..11a41b9 100644 --- a/macaroonbakery/checkers/_checkers.py +++ b/macaroonbakery/checkers/_checkers.py @@ -5,7 +5,6 @@ from collections import namedtuple from datetime import datetime import pyrfc3339 -import pytz from ._caveat import parse_caveat from ._conditions import ( COND_ALLOW, @@ -166,12 +165,16 @@ class CheckerInfo(namedtuple('CheckInfo', 'prefix name ns check')): def _check_time_before(ctx, cond, arg): clock = ctx.get(TIME_KEY) if clock is None: - now = pytz.UTC.localize(datetime.utcnow()) + now = datetime.utcnow() else: now = clock.utcnow() try: - if pyrfc3339.parse(arg) <= now: + # Note: pyrfc3339 returns a datetime with a timezone, which + # we need to remove before we can compare it with the naive + # datetime object returned by datetime.utcnow. + expiry = pyrfc3339.parse(arg, utc=True).replace(tzinfo=None) + if now >= expiry: return 'macaroon has expired' except ValueError: return 'cannot parse "{}" as RFC 3339'.format(arg) |