def create_user_session(
response: Response,
access_code_user: User = Depends(access_code_user),
jwt_service: JWTService = Depends(jwt_service),
session_service: SessionService = Depends(session_service),
settings: Settings = Depends(get_settings),
):
session_id = session_service.generate_session(access_code_user.id)
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS,
session_id,
)
refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
access_token_payload = AccessTokenPayload.from_info(
settings.ACCESS_TOKEN_EXPIRATION_SECONDS,
session_id,
access_code_user,
)
access_token = jwt_service.generate_token(access_token_payload.dict())
response.set_cookie(
key="refresh_token",
value=refresh_token,
httponly=True,
expires=settings.SESSION_EXPIRATION_SECONDS,
)
return AccessToken(access_token=access_token)
def refresh_token(jwt_service, session_service, settings, users_repository):
user = users_repository.create({"email": access_code_body_1.email})
session_id = session_service.generate_session(user.id)
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS, session_id,
)
return jwt_service.generate_token(refresh_token_payload.dict())
def refresh_token(
jwt_service: JWTService = Depends(jwt_service),
token: str = Depends(refresh_token_cookie),
) -> RefreshTokenPayload:
try:
payload = RefreshTokenPayload(**jwt_service.verify_token(token))
except Exception:
raise_unauthorized("Invalid refresh token")
return payload
def test_revoke_user_session_should_return_status_401_if_session_is_invalid(
client, jwt_service, settings
):
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS, 123,
)
refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
response = revoke_user_session_request(client, refresh_token)
assert response.status_code == HTTP_401_UNAUTHORIZED
def test_get_fresh_token_should_return_status_404_if_user_not_found(
client, jwt_service, session_service, settings
):
session_id = session_service.generate_session(123)
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS, session_id,
)
refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
response = get_fresh_token_request(client, refresh_token)
assert response.status_code == HTTP_404_NOT_FOUND
def test_revoke_user_session_should_revoke_all_sessions(
client, jwt_service, session_service, settings, users_repository
):
user_id = 123
session_id = session_service.generate_session(user_id)
refresh_token_payload = RefreshTokenPayload.from_info(
settings.SESSION_EXPIRATION_SECONDS, session_id,
)
refresh_token = jwt_service.generate_token(refresh_token_payload.dict())
session_id_2 = session_service.generate_session(user_id)
revoke_user_session_request(client, refresh_token, True)
assert [
session_service.verify_session(sid) for sid in [session_id, session_id_2]
] == [None, None]