From 39afe75dfb7ee33dc0f5c91304418250f795a1a1 Mon Sep 17 00:00:00 2001 From: Daniel McKnight Date: Wed, 13 Nov 2024 10:55:56 -0800 Subject: [PATCH] Refactor token refresh handling to account for data model changes --- neon_hana/auth/client_manager.py | 17 ++++++----------- neon_hana/schema/auth_requests.py | 3 ++- requirements/requirements.txt | 2 +- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py index 9eb3150..2a1457e 100644 --- a/neon_hana/auth/client_manager.py +++ b/neon_hana/auth/client_manager.py @@ -283,12 +283,13 @@ def check_refresh_request(self, access_token: Optional[str], raise HTTPException(status_code=403, detail="Access token does not match client_id") - # `token_name` is not known here, but it will be read from the database - # when the new token replaces the old one encode_data = {"user_id": refresh_data.sub, "client_id": client_id, + "token_name": refresh_data.token_name, "permissions": PermissionsConfig.from_roles(refresh_data.roles) } + access, refresh, tokens = self._create_tokens(**encode_data) + username = refresh_data.sub if self._mq_connector: user = self._mq_connector.read_user(username=refresh_data.sub, access_token=token_data) @@ -296,18 +297,13 @@ def check_refresh_request(self, access_token: Optional[str], # This should not be possible, but don't let an error in the # users service allow for injecting a new valid token to the db raise HTTPException(status_code=500, detail="Error Fetching User") - access, refresh, config = self._create_tokens(**encode_data) - username = user.username - self._add_token_to_userdb(user, config) - else: - username = refresh_data.sub - access, refresh, config = self._create_tokens(**encode_data) + self._add_token_to_userdb(user, tokens['refresh']) auth_response = AuthenticationResponse(username=username, client_id=client_id, access_token=access, refresh_token=refresh, - expiration=config['access'].refresh_expiration_timestamp) + expiration=tokens['refresh'].exp) self._authorized_clients[client_id] = auth_response return auth_response @@ -320,9 +316,8 @@ def _add_token_to_userdb(self, user: User, new_token: HanaToken): return for idx, token in enumerate(user.tokens): # If the token is already defined, maintain the original - # token_id and creation timestamp + # creation timestamp if token.jti == new_token.jti: - new_token.token_name = token.token_name new_token.creation_timestamp = token.creation_timestamp user.tokens.remove(token) user.tokens.append(new_token) diff --git a/neon_hana/schema/auth_requests.py b/neon_hana/schema/auth_requests.py index 4aa6acc..cd215e2 100644 --- a/neon_hana/schema/auth_requests.py +++ b/neon_hana/schema/auth_requests.py @@ -53,7 +53,8 @@ class AuthenticationResponse(BaseModel): client_id: str access_token: str refresh_token: str - expiration: float + expiration: float = Field( + description="Expiration timestamp of the refresh token") model_config = { "json_schema_extra": { diff --git a/requirements/requirements.txt b/requirements/requirements.txt index b40b58d..a237fae 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -7,4 +7,4 @@ token-throttler~=1.4 neon-mq-connector~=0.7 ovos-config~=0.0,>=0.0.12 ovos-utils~=0.0,>=0.0.38 -neon-data-models @ git+https://github.com/neongeckocom/neon-data-models@FEAT_JWTModelAndTokenConfigUpdates \ No newline at end of file +neon-data-models @ git+https://github.com/neongeckocom/neon-data-models@FEAT_UpdateUserDbCRUDOperations