Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix invalid valid access token #12

Merged
merged 3 commits into from
Nov 20, 2024
Merged

Fix invalid valid access token #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
070f190
Fix access token verification
Vianpyro Nov 20, 2024
d2a431b
Merge branch 'main' into fix/invalid_valid_access_token
Vianpyro Nov 20, 2024
a7eae1a
Refactor token refresh logic to use verify_token function for improve…
Vianpyro Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions jwt_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,13 @@ def generate_refresh_token(player_id: int) -> str:

def verify_token(token: str) -> dict | None:
"""Verify a JWT token and return the payload."""
token = request.headers.get("Authorization")

if not token or not token.startswith("Bearer "):
return jsonify(message="Token is missing or improperly formatted"), 401

token = token.split("Bearer ")[1]

try:
return jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
except jwt.ExpiredSignatureError:
Expand Down
8 changes: 2 additions & 6 deletions routes/authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from pymysql import MySQLError

from db import get_db_connection
from jwt_helper import generate_access_token, generate_refresh_token
from jwt_helper import generate_access_token, generate_refresh_token, verify_token

load_dotenv()

Expand Down Expand Up @@ -121,11 +121,7 @@ def refresh_token():
refresh_token = auth_header.split("Bearer ")[1]

try:
decoded = jwt.decode(
refresh_token,
os.getenv("SECRET_JWT_KEY", "SuperSecretKey"),
algorithms=["HS256"],
)
decoded = verify_token(refresh_token)
player_id = decoded["player_id"]

new_access_token = generate_access_token(player_id)
Expand Down