fix(auth): use existing token to refresh if valid

riocli/auth/refresh_token.py

@@ -14,7 +14,8 @@
 import click
 from click_help_colors import HelpColorsCommand
 
-from riocli.auth.util import get_token
+from riocli.auth.util import get_token, api_refresh_token
+from riocli.config import get_config_from_context
 from riocli.constants import Colors, Symbols
 from riocli.exceptions import LoggedOut
 
@@ -29,27 +30,38 @@
 @click.option(
     '--password',
     type=str,
-    prompt=True,
-    hide_input=True,
     help='Password for the rapyuta.io account',
 )
-def refresh_token(ctx: click.Context, password: str):
+@click.option('--interactive/--no-interactive', '--interactive/--silent',
+              is_flag=True, type=bool, default=True,
+              help='Make login interactive')
+def refresh_token(ctx: click.Context, password: str, interactive: bool):
     """
     Refreshes the authentication token after it expires
     """
-    email = ctx.obj.data.get('email_id', None)
+    config = get_config_from_context(ctx)
+    email = config.data.get('email_id', None)
 
     try:
-        if not ctx.obj.exists or not email or not password:
+        if not config.exists or email is None:
             raise LoggedOut
     except LoggedOut as e:
         click.secho(str(e), fg=Colors.RED)
         raise SystemExit(1) from e
 
     click.secho(f'Refreshing token for {email}...', fg=Colors.YELLOW)
 
-    ctx.obj.data['auth_token'] = get_token(email, password)
+    existing_token = config.data.get('auth_token')
+    refreshed = api_refresh_token(existing_token)
+    if not refreshed:
+        if not interactive and password is None:
+            click.secho('existing token expired, re-run rio auth refresh-token in interactive mode or pass the password using the flag')
+            raise SystemExit(1)
 
+        password = password or click.prompt('Password', hide_input=True)
+        refreshed = get_token(email, password)
+
+    ctx.obj.data['auth_token'] = refreshed
     ctx.obj.save()
 
     click.secho('{} Token refreshed successfully!'.format(Symbols.SUCCESS),

riocli/auth/token.py

@@ -51,6 +51,6 @@ def token(email: str, password: str, level: int = 0):
     if not config.exists or not email or not password:
         raise LoggedOut
 
-    new_token = get_token(email, password)
+    new_token = get_token(email, password, level=level)
 
     click.echo(new_token)

riocli/auth/util.py

@@ -12,17 +12,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import os
+import json
 
 import click
 from rapyuta_io import Client
 from rapyuta_io.clients.rip_client import AuthTokenLevel
 from rapyuta_io.utils import UnauthorizedError
+from rapyuta_io.utils.rest_client import HttpMethod, RestClient
+
+from munch import munchify
 
 from riocli.config import Configuration
 from riocli.constants import Colors, Symbols
 from riocli.project.util import find_project_guid, find_organization_guid, get_organization_name
 from riocli.utils.selector import show_selection
 from riocli.utils.spinner import with_spinner
+from riocli.v2client.util import handle_server_errors
 
 TOKEN_LEVELS = {
     0: AuthTokenLevel.LOW,
@@ -165,6 +170,29 @@ def get_token(
         raise SystemExit(1) from e
 
 
+def api_refresh_token(
+        token: str,
+) -> str:
+    """
+    Refreshes the existing token using the Refresh Token API.
+    """
+    config = Configuration()
+    client = config.new_client(with_project=False)
+    rip_host = client._get_api_endpoints('rip_host')
+    url = '{}/refreshtoken'.format(rip_host)
+
+    response = RestClient(url).method(HttpMethod.POST).execute(payload={'token': token})
+    handle_server_errors(response)
+
+    data = json.loads(response.text)
+    if not response.ok:
+        return ''
+
+    data = munchify(data)
+
+    return data.data.Token
+
+
 @with_spinner(text='Validating token...')
 def validate_and_set_token(ctx: click.Context, token: str, spinner=None) -> bool:
     """Validates an auth token."""