Example #1
0
def create_user_session(
        response: Response,
        access_code_user: User = Depends(access_code_user),
        jwt_service: JWTService = Depends(jwt_service),
        session_service: SessionService = Depends(session_service),
        settings: Settings = Depends(get_settings),
):
    session_id = session_service.generate_session(access_code_user.id)
    refresh_token_payload = RefreshTokenPayload.from_info(
        settings.SESSION_EXPIRATION_SECONDS,
        session_id,
    )
    refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
    access_token_payload = AccessTokenPayload.from_info(
        settings.ACCESS_TOKEN_EXPIRATION_SECONDS,
        session_id,
        access_code_user,
    )
    access_token = jwt_service.generate_token(access_token_payload.dict())
    response.set_cookie(
        key="refresh_token",
        value=refresh_token,
        httponly=True,
        expires=settings.SESSION_EXPIRATION_SECONDS,
    )
    return AccessToken(access_token=access_token)
def refresh_token(jwt_service, session_service, settings, users_repository):
    user = users_repository.create({"email": access_code_body_1.email})
    session_id = session_service.generate_session(user.id)
    refresh_token_payload = RefreshTokenPayload.from_info(
        settings.SESSION_EXPIRATION_SECONDS, session_id,
    )
    return jwt_service.generate_token(refresh_token_payload.dict())
Example #3
0
def refresh_token(
        jwt_service: JWTService = Depends(jwt_service),
        token: str = Depends(refresh_token_cookie),
) -> RefreshTokenPayload:
    try:
        payload = RefreshTokenPayload(**jwt_service.verify_token(token))
    except Exception:
        raise_unauthorized("Invalid refresh token")
    return payload
def test_revoke_user_session_should_return_status_401_if_session_is_invalid(
    client, jwt_service, settings
):
    refresh_token_payload = RefreshTokenPayload.from_info(
        settings.SESSION_EXPIRATION_SECONDS, 123,
    )
    refresh_token = jwt_service.generate_token(refresh_token_payload.dict())

    response = revoke_user_session_request(client, refresh_token)
    assert response.status_code == HTTP_401_UNAUTHORIZED
def test_get_fresh_token_should_return_status_404_if_user_not_found(
    client, jwt_service, session_service, settings
):
    session_id = session_service.generate_session(123)
    refresh_token_payload = RefreshTokenPayload.from_info(
        settings.SESSION_EXPIRATION_SECONDS, session_id,
    )
    refresh_token = jwt_service.generate_token(refresh_token_payload.dict())

    response = get_fresh_token_request(client, refresh_token)
    assert response.status_code == HTTP_404_NOT_FOUND
def test_revoke_user_session_should_revoke_all_sessions(
    client, jwt_service, session_service, settings, users_repository
):
    user_id = 123
    session_id = session_service.generate_session(user_id)
    refresh_token_payload = RefreshTokenPayload.from_info(
        settings.SESSION_EXPIRATION_SECONDS, session_id,
    )
    refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
    session_id_2 = session_service.generate_session(user_id)
    revoke_user_session_request(client, refresh_token, True)
    assert [
        session_service.verify_session(sid) for sid in [session_id, session_id_2]
    ] == [None, None]