async def refresh_tokens(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_subject() jti = Authorize.get_raw_jwt()['jti'] access_token = Authorize.create_access_token(subject=current_user) refresh_token = Authorize.create_refresh_token(subject=current_user) if not DEBUG_LOGIN: app.state.redis.revoke_tokens(jti) app.state.redis.save_tokens(Authorize.get_jti(access_token), Authorize.get_jti(refresh_token)) return {"access_token": access_token, "refresh_token": refresh_token, "result": True}
def test_non_blacklisted_access_token(client, url, access_token): response = client.get( url, headers={"Authorization": f"Bearer {access_token.decode('utf-8')}"}) assert response.status_code == 200 assert response.json() == {'hello': 'world'} # revoke token in last test url if url == "/fresh-jwt-required": jti = AuthJWT.get_jti(access_token) blacklist.add(jti)
def test_non_blacklisted_refresh_token(client, refresh_token): url = '/jwt-refresh-required' response = client.get( url, headers={"Authorization": f"Bearer {refresh_token.decode('utf-8')}"}) assert response.status_code == 200 assert response.json() == {'hello': 'world'} # revoke token jti = AuthJWT.get_jti(refresh_token) blacklist.add(jti)
def login(user: LoginScheme, Authorize: AuthJWT = Depends()): registered_user = UsersCollection.get_one_obj({"email": user.email}) if registered_user: password_correct = UsersCollection.verify_password( user.password, registered_user['password']) if password_correct: access_token = Authorize.create_access_token( subject=registered_user['email']) refresh_token = Authorize.create_refresh_token( subject=registered_user['email']) if not DEBUG_LOGIN: app.state.redis.save_tokens(Authorize.get_jti(access_token), Authorize.get_jti(refresh_token)) return { "access_token": access_token, "refresh_token": refresh_token, "result": True, "user_id": str(registered_user["_id"]), "role": registered_user["role"] } return {"result": False, "msg": "Invalid credentials"}
def test_get_jwt_jti(client,default_access_token,encoded_token): assert AuthJWT.get_jti(encoded_token=encoded_token) == default_access_token['jti']