Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(authentification): delete all refresh token #475

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(authentification): delete all refresh token #475

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 27 additions & 9 deletions app/helpers/authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,18 +400,36 @@ def logout():
@jwt_required(refresh=True)
def delete_refresh_token():
from app.models.refresh_token import RefreshToken
from app.models.controller_refresh_token import ControllerRefreshToken
from app.helpers.authentication_controller import (
delete_controller_refresh_token,
)

identity = get_jwt_identity()
if identity.get("controller"):
matching_refresh_token = ControllerRefreshToken.get_token(
token=identity.get("token"),
controller_user_id=identity.get("controllerUserId"),
)
delete_controller_refresh_token()
Copy link
Contributor

@tristan-gueguen tristan-gueguen Dec 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 cette fonction supprime le token controller mais l'éxécution continue après, est-ce que ce n'est pas un problème ? la ligne 417 ne va pas provoquer une erreur ? et la ligne 423 (on n'aura pas set user_id)

else:
user_id = identity.get("id")
matching_refresh_token = RefreshToken.get_token(
token=identity.get("token"), user_id=identity.get("id")
token=identity.get("token"),
user_id=user_id,
)
if not matching_refresh_token:
raise AuthenticationError("Refresh token is invalid")
db.session.delete(matching_refresh_token)

if matching_refresh_token:
db.session.delete(matching_refresh_token)
app.logger.info(
f"Matching refresh token {identity.get('token')} deleted for user {user_id}"
)
else:
refresh_tokens = RefreshToken.query.filter_by(
user_id=user_id
).all()

app.logger.warning(
f"No matching refresh token found. Deleting all {len(refresh_tokens)} tokens for user {user_id}"
)

for token in refresh_tokens:
db.session.delete(token)

db.session.commit()
app.logger.info(f"Completed token cleanup for user {user_id}")
29 changes: 25 additions & 4 deletions app/helpers/authentication_controller.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,10 +148,31 @@ def delete_controller_refresh_token():
from app.models.controller_refresh_token import ControllerRefreshToken

identity = get_jwt_identity()
controller_user_id = identity.get("controllerUserId")

matching_refresh_token = ControllerRefreshToken.get_token(
token=identity.get("token"),
controller_user_id=identity.get("controllerUserId"),
controller_user_id=controller_user_id,
)

if matching_refresh_token:
db.session.delete(matching_refresh_token)
app.logger.info(
f"Matching refresh token {identity.get('token')} deleted for controller {controller_user_id}"
)
else:
refresh_tokens = ControllerRefreshToken.query.filter_by(
controller_user_id=controller_user_id
).all()

app.logger.warning(
f"No matching refresh token found. Deleting all {len(refresh_tokens)} tokens for controller {controller_user_id}"
)

for token in refresh_tokens:
db.session.delete(token)

db.session.commit()
app.logger.info(
f"Completed token cleanup for controller {controller_user_id}"
)
if not matching_refresh_token:
raise AuthenticationError("Refresh token is invalid")
db.session.delete(matching_refresh_token)
Loading