Fix refresh (#27)

* Add proxied path * Add logging * Make calls async * Add more logging * Add alias * Formatting and linting commit * raise on None * Formatting and linting commit * Add log * Up log level temporarily * Additional logging * Temporarily reduce access token lifetime * Dont verify twice * Revert temporary changes * Remove log statement * Revert workflow changes --------- Co-authored-by: github-actions <[email protected]>
fiaisis · Jun 28, 2024 · 75fdade · 75fdade
1 parent 70dc4e1
commit 75fdade
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/fia_auth/exception_handlers.py b/fia_auth/exception_handlers.py
@@ -1,16 +1,20 @@
+import logging
 from http import HTTPStatus
 
 from starlette.requests import Request
 from starlette.responses import JSONResponse
 
+logger = logging.getLogger(__name__)
 
-async def auth_error_handler(_: Request, __: Exception) -> JSONResponse:
+
+async def auth_error_handler(_: Request, exc: Exception) -> JSONResponse:
     """
     Automatically return a 403 when an authentication error is raised
     :param _:
-    :param __:
+    :param exc: The caught exception
     :return: JSONResponse with 403
     """
+    logger.info(f"Exception was caught {exc}")
     return JSONResponse(
         status_code=HTTPStatus.FORBIDDEN,
         content={"message": "Forbidden"},

diff --git a/fia_auth/routers.py b/fia_auth/routers.py
@@ -65,7 +65,7 @@ async def login(credentials: UserCredentials) -> JSONResponse:
             secure=True,
             httponly=True,
             samesite="lax",
-            path="/api/jwt/refresh",
+            path="/auth/api/jwt/refresh",
         )  # 12 hours
         return response
     except UOWSError as exc:
@@ -87,7 +87,9 @@ def verify(token: dict[str, Any]) -> Literal["ok"]:
 
 
 @ROUTER.post("/api/jwt/refresh")
-def refresh(body: dict[str, Any], refresh_token: Annotated[str | None, Cookie()] = None) -> JSONResponse:
+def refresh(
+    body: dict[str, Any], refresh_token: Annotated[str | None, Cookie(alias="refresh_token")] = None
+) -> JSONResponse:
     """
     Refresh an access token based on a refresh token
     \f
@@ -96,7 +98,6 @@ def refresh(body: dict[str, Any], refresh_token: Annotated[str | None, Cookie()]
     :return: The new access token
     """
     access_token = load_access_token(body["token"])
-
     loaded_refresh_token = load_refresh_token(refresh_token)
     loaded_refresh_token.verify()
     access_token.refresh()

diff --git a/fia_auth/tokens.py b/fia_auth/tokens.py
@@ -84,6 +84,7 @@ def __init__(self, jwt_token: str | None = None, payload: dict[str, Any] | None
                 )
                 self.jwt = jwt_token
             except jwt.DecodeError as e:
+                logger.exception("Error decoding jwt")
                 raise BadJWTError("Token could not be decoded") from e
         else:
             raise BadJWTError("Access token creation requires jwt_token string XOR a payload")
@@ -93,7 +94,6 @@ def refresh(self) -> None:
         Refresh the access token by extending the expiry time by 10 minutes and resigning
         :return: None
         """
-        self.verify()
         self._payload["exp"] = datetime.now(UTC) + timedelta(minutes=float(ACCESS_TOKEN_LIFETIME_MINUTES))
         self._encode()