def test_read_self_should_return_404_if_user_does_not_exist(client, jwt_service):
jwt_payload = AccessTokenPayload(
user_id=1, roles=[], exp=AccessTokenPayload.calc_exp(1), sid="123456"
)
jwt = jwt_service.generate_token(jwt_payload.dict())
response = read_self_request(client, jwt)
assert response.status_code == HTTP_404_NOT_FOUND
def user_jwt(jwt_service, user):
jwt_payload = AccessTokenPayload(
user_id=user.id,
roles=user.roles,
exp=AccessTokenPayload.calc_exp(1),
sid="123456",
)
return jwt_service.generate_token(jwt_payload.dict())
def user_2_jwt(jwt_service, users_repository):
user = users_repository.create(user_dict_2)
jwt_payload = AccessTokenPayload(
user_id=user.id,
roles=user.roles,
exp=AccessTokenPayload.calc_exp(1),
sid="123456",
)
return jwt_service.generate_token(jwt_payload.dict())
def test_update_user_should_return_403_for_non_admin(client, jwt_service):
jwt_payload = AccessTokenPayload(
user_id=1,
roles=[],
exp=AccessTokenPayload.calc_exp(1),
sid="123456",
)
jwt = jwt_service.generate_token(jwt_payload.dict())
response = update_user_roles_request(client, 1, jwt, [])
assert response.status_code == HTTP_403_FORBIDDEN
def test_update_user_roles_should_return_404_if_user_does_not_exist(
client, jwt_service):
jwt_payload = AccessTokenPayload(
user_id=1,
roles=[UserRoles.ADMIN],
exp=AccessTokenPayload.calc_exp(1),
sid="123456",
)
jwt = jwt_service.generate_token(jwt_payload.dict())
response = update_user_roles_request(client, 1, jwt, [])
assert response.status_code == HTTP_404_NOT_FOUND
def test_update_self_should_return_409_if_data_conflicts(
client, jwt_service, user, users_repository
):
users_repository.create(update_payload)
jwt_payload = AccessTokenPayload(
user_id=user.id,
roles=user.roles,
exp=AccessTokenPayload.calc_exp(1),
sid="123456",
)
jwt = jwt_service.generate_token(jwt_payload.dict())
response = update_self_request(client, jwt)
assert response.status_code == HTTP_409_CONFLICT
def create_user_session(
response: Response,
access_code_user: User = Depends(access_code_user),
jwt_service: JWTService = Depends(jwt_service),
session_service: SessionService = Depends(session_service),
settings: Settings = Depends(get_settings),
):
session_id = session_service.generate_session(access_code_user.id)
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS,
session_id,
)
refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
access_token_payload = AccessTokenPayload.from_info(
settings.ACCESS_TOKEN_EXPIRATION_SECONDS,
session_id,
access_code_user,
)
access_token = jwt_service.generate_token(access_token_payload.dict())
response.set_cookie(
key="refresh_token",
value=refresh_token,
httponly=True,
expires=settings.SESSION_EXPIRATION_SECONDS,
)
return AccessToken(access_token=access_token)
def access_token(
jwt_service: JWTService = Depends(jwt_service),
token: str = Depends(authorization_bearer_token),
) -> AccessTokenPayload:
try:
return AccessTokenPayload(**jwt_service.verify_token(token))
except Exception:
raise_unauthorized("Invalid access token")
def get_fresh_token(
jwt_service: JWTService = Depends(jwt_service),
refresh_token: RefreshTokenPayload = Depends(refresh_token),
session_service: SessionService = Depends(session_service),
settings: Settings = Depends(get_settings),
users_repository: UsersRepository = Depends(users_repository),
):
user_id = session_service.verify_session(refresh_token.jti)
if not user_id:
raise_unauthorized("Invalid session")
user = find_user_by_id(user_id, users_repository)
payload = AccessTokenPayload.from_info(
settings.ACCESS_TOKEN_EXPIRATION_SECONDS,
refresh_token.jti,
user,
)
token = jwt_service.generate_token(payload.dict())
return AccessToken(access_token=token)
def jwt_payload() -> AccessTokenPayload:
return AccessTokenPayload(
user_id=123, roles=[], exp=AccessTokenPayload.calc_exp(1), sid="123456"
)