From b15f663c87d1264c2ca72e03c621782e30006b43 Mon Sep 17 00:00:00 2001
From: Bai <baijiangjie@gmail.com>
Date: Tue, 16 Sep 2025 12:20:57 +0800
Subject: [PATCH] fix: AK/SK remained valid after the user expired.

---
 apps/authentication/backends/drf.py      | 2 +-
 apps/authentication/models/access_key.py | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/authentication/backends/drf.py b/apps/authentication/backends/drf.py
index 85bde3da2..83f34a418 100644
--- a/apps/authentication/backends/drf.py
+++ b/apps/authentication/backends/drf.py
@@ -136,7 +136,7 @@ class SignatureAuthentication(signature.SignatureAuthentication):
         # example implementation:
         try:
             key = AccessKey.objects.get(id=key_id)
-            if not key.is_active:
+            if not key.is_valid:
                 return None, None
             user, secret = key.user, str(key.secret)
             after_authenticate_update_date(user, key)
diff --git a/apps/authentication/models/access_key.py b/apps/authentication/models/access_key.py
index 7db636b13..a449256f3 100644
--- a/apps/authentication/models/access_key.py
+++ b/apps/authentication/models/access_key.py
@@ -25,6 +25,10 @@ class AccessKey(models.Model):
     date_last_used = models.DateTimeField(null=True, blank=True, verbose_name=_('Date last used'))
     date_created = models.DateTimeField(auto_now_add=True)
 
+    @property
+    def is_valid(self):
+        return self.is_active and self.user.is_valid
+
     def get_id(self):
         return str(self.id)