def test_session_service_should_not_verify_expired_session( cache_adapter, settings): settings.SESSION_EXPIRATION_SECONDS = 1 session_service = SessionService(settings, cache_adapter) session = session_service.generate_session(user_id) sleep(1.001) assert not session_service.verify_session(session)
def revoke_user_session( response: Response, revoke_all: bool = False, refresh_token: RefreshTokenPayload = Depends(refresh_token), session_service: SessionService = Depends(session_service), ): user_id = session_service.verify_session(refresh_token.jti) if not user_id: raise_unauthorized("Invalid session") if revoke_all: session_service.revoke_all_sessions(user_id) else: session_service.revoke_session(user_id, refresh_token.jti) response.delete_cookie(key="refresh_token")
def create_user_session( response: Response, access_code_user: User = Depends(access_code_user), jwt_service: JWTService = Depends(jwt_service), session_service: SessionService = Depends(session_service), settings: Settings = Depends(get_settings), ): session_id = session_service.generate_session(access_code_user.id) refresh_token_payload = RefreshTokenPayload.from_info( settings.SESSION_EXPIRATION_SECONDS, session_id, ) refresh_token = jwt_service.generate_token(refresh_token_payload.dict()) access_token_payload = AccessTokenPayload.from_info( settings.ACCESS_TOKEN_EXPIRATION_SECONDS, session_id, access_code_user, ) access_token = jwt_service.generate_token(access_token_payload.dict()) response.set_cookie( key="refresh_token", value=refresh_token, httponly=True, expires=settings.SESSION_EXPIRATION_SECONDS, ) return AccessToken(access_token=access_token)
def get_fresh_token( jwt_service: JWTService = Depends(jwt_service), refresh_token: RefreshTokenPayload = Depends(refresh_token), session_service: SessionService = Depends(session_service), settings: Settings = Depends(get_settings), users_repository: UsersRepository = Depends(users_repository), ): user_id = session_service.verify_session(refresh_token.jti) if not user_id: raise_unauthorized("Invalid session") user = find_user_by_id(user_id, users_repository) payload = AccessTokenPayload.from_info( settings.ACCESS_TOKEN_EXPIRATION_SECONDS, refresh_token.jti, user, ) token = jwt_service.generate_token(payload.dict()) return AccessToken(access_token=token)
def session_service(cache_adapter, settings_with_rsa): return SessionService(settings_with_rsa, cache_adapter)
def session_service( settings: Settings = Depends(get_settings), cache_adapter: CacheAdapter = Depends(cache_adapter), ): return SessionService(settings, cache_adapter)
def session_service(settings, cache_adapter): return SessionService(settings, cache_adapter)