Update documentation and default config

Add test coverage for refresh requests with updated handling
NeonGeckoCom · Jan 19, 2024 · 8ca6a08 · 8ca6a08
1 parent 4568ee3
commit 8ca6a08
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 11 deletions.
diff --git a/docker_overlay/etc/neon/diana.yaml b/docker_overlay/etc/neon/diana.yaml
@@ -24,5 +24,5 @@ hana:
   refresh_token_secret: 833d369ac73d883123743a44b4a7fe21203cffc956f4c8a99be6e71aafa8e1aa
   server_host: "0.0.0.0"
   server_port: 8080
-  fastapi_title: "HANA: HTTP API for Neon Applications"
-  fastapi_summary: "HTTP component of the Device Independent API for Neon Applications (DIANA)"
+  fastapi_title: "Hana"
+  fastapi_summary: "HANA (HTTP API for Neon Applications) is the HTTP component of the Device Independent API for Neon Applications (DIANA)"
diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py
@@ -92,12 +92,10 @@ def check_refresh_request(self, access_token: str, refresh_token: str,
             raise HTTPException(status_code=401,
                                 detail="Refresh token is expired")
         # Read access token and re-generate a new pair of tokens
-        try:
-            token_data = jwt.decode(access_token, self._access_secret,
-                                    self._jwt_algo)
-        except DecodeError:
-            raise HTTPException(status_code=400,
-                                detail="Invalid access token supplied")
+        # This is already known to be a valid token based on the refresh token
+        token_data = jwt.decode(access_token, self._access_secret,
+                                self._jwt_algo)
+
         if token_data['client_id'] != client_id:
             raise HTTPException(status_code=403,
                                 detail="Access token does not match client_id")

diff --git a/setup.py b/setup.py
@@ -65,7 +65,7 @@ def get_requirements(requirements_filename: str):
 setup(
     name='neon-hana',
     version=version,
-    description='Web API to access DIANA Services',
+    description='HTTP API for Neon Applications',
     long_description=long_description,
     long_description_content_type="text/markdown",
     url='https://github.com/NeonGeckoCom/neon-hana',

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -89,5 +89,54 @@ def test_validate_auth(self):
         self.assertEqual(e.exception.status_code, 429)
 
     def test_check_refresh_request(self):
-        # TODO
-        pass
+        valid_client = str(uuid4())
+        tokens = self.client_manager._create_tokens({"client_id": valid_client,
+                                                     "username": "test",
+                                                     "password": "test",
+                                                     "expire": time()})
+        self.assertEqual(tokens['client_id'], valid_client)
+
+        # Test invalid refresh token
+        with self.assertRaises(HTTPException) as e:
+            self.client_manager.check_refresh_request(tokens['access_token'],
+                                                      valid_client,
+                                                      valid_client)
+        self.assertEqual(e.exception.status_code, 400)
+
+        # Test incorrect access token
+        with self.assertRaises(HTTPException) as e:
+            self.client_manager.check_refresh_request(tokens['refresh_token'],
+                                                      tokens['refresh_token'],
+                                                      valid_client)
+        self.assertEqual(e.exception.status_code, 403)
+
+        # Test invalid client_id
+        with self.assertRaises(HTTPException) as e:
+            self.client_manager.check_refresh_request(tokens['access_token'],
+                                                      tokens['refresh_token'],
+                                                      str(uuid4()))
+        self.assertEqual(e.exception.status_code, 403)
+
+        # Test valid refresh
+        valid_refresh = self.client_manager.check_refresh_request(
+            tokens['access_token'], tokens['refresh_token'],
+            tokens['client_id'])
+        self.assertEqual(valid_refresh['client_id'], tokens['client_id'])
+        self.assertNotEqual(valid_refresh['access_token'],
+                            tokens['access_token'])
+        self.assertNotEqual(valid_refresh['refresh_token'],
+                            tokens['refresh_token'])
+
+        # Test expired refresh token
+        real_refresh = self.client_manager._refresh_token_lifetime
+        self.client_manager._refresh_token_lifetime = 0
+        tokens = self.client_manager._create_tokens({"client_id": valid_client,
+                                                     "username": "test",
+                                                     "password": "test",
+                                                     "expire": time()})
+        with self.assertRaises(HTTPException) as e:
+            self.client_manager.check_refresh_request(tokens['access_token'],
+                                                      tokens['refresh_token'],
+                                                      tokens['client_id'])
+        self.assertEqual(e.exception.status_code, 401)
+        self.client_manager._refresh_token_lifetime = real_refresh