From 9fb5839f5c8ea85c7de44d487475bc41da916635 Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant@users.noreply.github.com>
Date: Mon, 17 Jul 2017 11:49:03 +0530
Subject: [PATCH] [Fix] OAuth2 Token validation (#3694)

Convert token expiration time to utc and compare with utcnow
---
 frappe/oauth.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frappe/oauth.py b/frappe/oauth.py
index bf7a35af3c..645a68e211 100644
--- a/frappe/oauth.py
+++ b/frappe/oauth.py
@@ -1,5 +1,6 @@
 from __future__ import print_function
 import frappe, urllib
+import pytz
 
 from frappe import _
 from urlparse import parse_qs, urlparse
@@ -227,8 +228,10 @@ class OAuthWebRequestValidator(RequestValidator):
 
 	def validate_bearer_token(self, token, scopes, request):
 		# Remember to check expiration and scope membership
-		otoken = frappe.get_doc("OAuth Bearer Token", token) #{"access_token": str(token)})
-		is_token_valid = (frappe.utils.datetime.datetime.now() < otoken.expiration_time) \
+		otoken = frappe.get_doc("OAuth Bearer Token", token)
+		token_expiration_local = otoken.expiration_time.replace(tzinfo=pytz.timezone(frappe.utils.get_time_zone()))
+		token_expiration_utc = token_expiration_local.astimezone(pytz.utc)
+		is_token_valid = (frappe.utils.datetime.datetime.utcnow().replace(tzinfo=pytz.utc) < token_expiration_utc) \
 			and otoken.status != "Revoked"
 		client_scopes = frappe.db.get_value("OAuth Client", otoken.client, 'scopes').split(get_url_delimiter())
 		are_scopes_valid = True