Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a /users/token/refresh endpoint #2817

Closed
3 tasks
chouinar opened this issue Nov 12, 2024 · 0 comments · Fixed by #3002
Closed
3 tasks

Create a /users/token/refresh endpoint #2817

chouinar opened this issue Nov 12, 2024 · 0 comments · Fixed by #3002
Assignees
@babebe

Comments

@chouinar
Copy link
Collaborator

chouinar commented Nov 12, 2024
edited
Loading

Summary

Create a new endpoint that refreshes a token.

This endpoint should use the new api_jwt_auth from #2959

The only thing this endpoint needs to do is a simple update on the expires_at timestamp in the user token session. This should use the same/similar logic to how we set the expires_at in the api_jwt_auth.py code.

You can fetch the current user token session by doing api_jwt_auth.current_user

NOTE: It will seem a bit odd, but you must do db_session.add(user_token_session) in the endpoint in order to actually modify it. This has to do with some complex under-the-hood details on how the DB sessions work (in short - the DB session the API uses and that auth uses is different so we need to make the API one aware of it).

Request
There is no request body for this endpoint, the auth token itself is handled by connecting auth to the endpoint

Response
The response is also very simple, we just want a very basic Response Schema without a relevant data object - see what the Healthcheck endpoint does. We really just want to return a message like Token refreshed when successful.

Note on testing
For unit tests, you can make a valid token by doing something like:

    user = UserFactory.create()
    token, _ = create_jwt_for_user(user, db_session)
    db_session.commit()  # need to commit here to push the session to the DB

    # then freely use the token to call the endpoint

Acceptance criteria

  • Endpoint created
  • Token expires_at updated and validated in tests
  • Basic tests (endpoint gives auth errors if token already expired / isn't valid - which is implemented in the auth logic itself)
@chouinar chouinar moved this from Icebox to Todo in Simpler.Grants.gov Product Backlog Nov 19, 2024
@chouinar chouinar mentioned this issue Nov 15, 2024
Closed
3 tasks
@babebe babebe self-assigned this Nov 22, 2024
@babebe babebe moved this from Todo to In Progress in Simpler.Grants.gov Product Backlog Nov 22, 2024
@babebe babebe mentioned this issue Nov 22, 2024
Merged
@babebe babebe added api topic: backend Backend development tickets and removed topic: backend Backend development tickets api labels Nov 22, 2024
@babebe babebe linked a pull request Nov 22, 2024 that will close this issue
[Issue 2817] Create a /users/token/refresh endpoint #3002
Merged
babebe added a commit that referenced this issue Nov 25, 2024
@babebe @nava-platform-bot
[Issue 2817] Create a /users/token/refresh endpoint (#3002)
749852c 
## Summary
Fixes #{[2817](#2817)}

### Time to review: __5 mins__

## Changes proposed
Added  POST endpoint `token/refresh`
Added `UserTokenRefreshResponseSchema`
Added reusable func `refresh_token_expiration`
Added 2 tests. For success case  and case when token was expired

---------

Co-authored-by: nava-platform-bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@babebe babebe

Labels
None yet
Projects
Simpler.Grants.gov Product Backlog
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Issue 2817] Create a /users/token/refresh endpoint HHS/simpler-grants-gov
2 participants
@babebe @chouinar