2024-01-15 13:32:24 +01:00
|
|
|
import sys
|
|
|
|
import os
|
|
|
|
|
|
|
|
current = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
parent = os.path.dirname(current)
|
|
|
|
sys.path.append(parent)
|
|
|
|
|
|
|
|
import tornado
|
|
|
|
|
|
|
|
from ioutils.base import BaseHandler
|
|
|
|
from ioutils.errors import ErrorCode, ErrorMessage
|
|
|
|
|
2024-01-21 14:18:57 +01:00
|
|
|
from piracyshield_service.security.blacklist.exists_by_refresh_token import SecurityBlacklistExistsByRefreshTokenService
|
|
|
|
|
|
|
|
from piracyshield_service.authentication.refresh_access_token import AuthenticationRefreshAccessTokenService
|
2024-01-15 13:32:24 +01:00
|
|
|
|
|
|
|
from piracyshield_component.exception import ApplicationException
|
|
|
|
|
|
|
|
class AuthenticationRefreshHandler(BaseHandler):
|
|
|
|
|
|
|
|
"""
|
|
|
|
Get another JWT access token once the main has expired.
|
|
|
|
"""
|
|
|
|
|
|
|
|
optional_fields = [
|
|
|
|
'refresh_token'
|
|
|
|
]
|
|
|
|
|
|
|
|
async def post(self):
|
|
|
|
# use stored refresh token when available
|
|
|
|
refresh_token = self.get_refresh_cookie()
|
|
|
|
|
|
|
|
# if no cookie available, generate a new access_token via POSTed refresh_token
|
|
|
|
if not refresh_token:
|
|
|
|
# if no refresh_token is found, we have an error
|
|
|
|
if self.handle_post(required_fields = None, optional_fields = self.optional_fields) == False:
|
|
|
|
return
|
|
|
|
|
|
|
|
if not self.request_data.get('refresh_token'):
|
2024-01-19 15:25:53 +01:00
|
|
|
return self.error(status_code = 401, error_code = ErrorCode.MISSING_REFRESH_TOKEN, message = ErrorMessage.MISSING_REFRESH_TOKEN)
|
2024-01-15 13:32:24 +01:00
|
|
|
|
|
|
|
refresh_token = self.request_data.get('refresh_token')
|
|
|
|
|
|
|
|
try:
|
2024-01-21 14:18:57 +01:00
|
|
|
security_blacklist_exists_by_refresh_token_service = SecurityBlacklistExistsByRefreshTokenService()
|
|
|
|
|
|
|
|
if security_blacklist_exists_by_refresh_token_service.execute(
|
|
|
|
refresh_token = refresh_token
|
|
|
|
) == True:
|
|
|
|
self.error(status_code = 401, error_code = ErrorCode.TOKEN_EXPIRED, message = ErrorMessage.TOKEN_EXPIRED)
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
authentication_refresh_access_token_service = AuthenticationRefreshAccessTokenService()
|
|
|
|
|
2024-01-15 13:32:24 +01:00
|
|
|
access_token = await tornado.ioloop.IOLoop.current().run_in_executor(
|
|
|
|
None,
|
2024-01-21 14:18:57 +01:00
|
|
|
authentication_refresh_access_token_service.execute,
|
|
|
|
refresh_token,
|
|
|
|
self.request.remote_ip
|
2024-01-15 13:32:24 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
# return the access_token
|
|
|
|
self.success(data = {
|
|
|
|
'access_token': access_token
|
|
|
|
})
|
|
|
|
|
|
|
|
except ApplicationException as e:
|
|
|
|
self.error(status_code = 400, error_code = e.code, message = e.message)
|