Merge pull request #450 from MTES-MCT/fix/refresh-token

Fix refresh token
MTES-MCT · Nov 5, 2024 · be18158 · be18158
2 parents 266acc2 + 4e9cbab
commit be18158
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/app/controllers/authentication.py b/app/controllers/authentication.py
@@ -1,7 +1,10 @@
 import graphene
 from flask import after_this_request, jsonify
-from flask_jwt_extended import jwt_required, get_jwt_identity
-
+from flask_jwt_extended import (
+    jwt_required,
+    get_jwt_identity,
+    current_user as current_actor,
+)
 from app import app, db
 from app.controllers.utils import Void
 from app.domain.user import (
@@ -124,6 +127,9 @@ def mutate(cls, _, info):
 @jwt_required(refresh=True)
 def rest_refresh_token():
     try:
+        if not current_actor:
+            raise AuthenticationError("Current user not found")
+
         identity = get_jwt_identity()
         if identity and identity.get("controller"):
             tokens = refresh_controller_token()

diff --git a/app/helpers/authentication.py b/app/helpers/authentication.py
@@ -390,7 +390,6 @@ def logout():
     db.session.commit()
 
 
-@jwt_required(refresh=True)
 def delete_refresh_token():
     from app.models.refresh_token import RefreshToken
     from app.models.controller_refresh_token import ControllerRefreshToken

diff --git a/app/helpers/authentication_controller.py b/app/helpers/authentication_controller.py
@@ -26,11 +26,13 @@ def wrap_jwt_errors(f):
     def wrapper(*args, **kwargs):
         try:
             return f(*args, **kwargs)
-        except (NoAuthorizationError, InvalidHeaderError):
+        except (NoAuthorizationError, InvalidHeaderError) as e:
+            app.logger.info(f"Authorization error: {str(e)}")
             raise AuthenticationError(
                 "Unable to find a valid cookie or authorization header"
             )
-        except (JWTExtendedException, PyJWTError):
+        except (JWTExtendedException, PyJWTError) as e:
+            app.logger.info(f"JWT error: {str(e)}")
             raise AuthenticationError("Invalid token")
 
     return wrapper

diff --git a/config.py b/config.py
@@ -146,7 +146,7 @@ class TestConfig(Config):
 
 
 class ProdConfig(Config):
-    ACCESS_TOKEN_EXPIRATION = timedelta(minutes=100)
+    ACCESS_TOKEN_EXPIRATION = timedelta(minutes=960)  # 16h
     MINIMUM_ACTIVITY_DURATION = timedelta(minutes=0)