pypomes-jwt 1.0.3__py3-none-any.whl → 1.0.4__py3-none-any.whl

pypomes_jwt/jwt_pomes.py

@@ -4,7 +4,9 @@ from base64 import urlsafe_b64decode
 from flask import Request, Response, request
 from logging import Logger
 from pypomes_core import exc_format
-from pypomes_db import db_select, db_delete
+from pypomes_db import (
+    db_connect, db_commit, db_rollback, db_select, db_delete
+)
 from typing import Any
 
 from . import (
@@ -436,21 +438,57 @@ def jwt_refresh_tokens(errors: list[str] | None,
     # assert the refresh token
     if refresh_token:
         # is the refresh token valid ?
-        account_claims = (jwt_validate_token(errors=op_errors,
-                                             token=refresh_token,
-                                             nature="R",
-                                             account_id=account_id,
-                                             logger=logger) or {}).get("payload")
-        # if it is, revoke current refresh token
-        if account_claims and jwt_revoke_token(errors=op_errors,
-                                               account_id=account_id,
-                                               token=refresh_token,
-                                               logger=logger):
-            # issue tokens
-            result = jwt_issue_tokens(errors=op_errors,
-                                      account_id=account_id,
-                                      account_claims=account_claims,
+        token_claims: dict[str, Any] = jwt_validate_token(errors=op_errors,
+                                                          token=refresh_token,
+                                                          nature="R",
+                                                          account_id=account_id,
+                                                          logger=logger)
+        if token_claims:
+            # yes, proceed
+            token_kid: str = token_claims["header"].get("kid")
+
+            # start the database transaction
+            db_conn: Any = db_connect(errors=op_errors,
+                                      autocommit=False,
                                       logger=logger)
+            if db_conn:
+                # delete current refresh token
+                db_delete(errors=op_errors,
+                          delete_stmt=f"DELETE FROM {JWT_DB_TABLE}",
+                          where_data={
+                              JWT_DB_COL_KID: int(token_kid[1:]),
+                              JWT_DB_COL_ACCOUNT: account_id
+                          },
+                          connection=db_conn,
+                          committable=False,
+                          logger=logger)
+
+                # issue the token pair
+                if not op_errors:
+                    try:
+                        result = __jwt_registry.issue_tokens(account_id=account_id,
+                                                             account_claims=token_claims.get("payload"),
+                                                             db_conn=db_conn,
+                                                             logger=logger)
+                        if logger:
+                            logger.debug(msg=f"Token pair was refreshed for account '{account_id}'")
+                    except Exception as e:
+                        # token issuing failed
+                        exc_err: str = exc_format(exc=e,
+                                                  exc_info=sys.exc_info())
+                        if logger:
+                            logger.error(msg=f"Error refreshing the token pair: {exc_err}")
+                        op_errors.append(exc_err)
+
+                # conclude the transaction
+                if op_errors:
+                    db_rollback(errors=op_errors,
+                                connection=db_conn,
+                                logger=logger)
+                else:
+                    db_commit(errors=op_errors,
+                              connection=db_conn,
+                              logger=logger)
     else:
         # refresh token not found
         op_errors.append("Refresh token was not provided")
@@ -470,7 +508,8 @@ def jwt_get_claims(errors: list[str] | None,
     """
     Retrieve and return the claims set of a JWT *token*.
 
-    Any valid JWT token may be provided in *token*, as this operation is not restricted to locally issued tokens.
+    Any well-constructed JWT token may be provided in *token*, as this operation is not restricted to
+    locally issued tokens. Note that neither the token's signature nor its expiration is verified.
 
     Structure of the returned data, for locally issued tokens:
       {

pypomes_jwt/jwt_registry.py

@@ -6,7 +6,8 @@ from datetime import datetime, timezone
 from logging import Logger
 from pypomes_core import str_random
 from pypomes_db import (
-    db_connect, db_commit, db_select, db_insert, db_update, db_delete
+    db_connect, db_commit, db_rollback,
+    db_select, db_insert, db_update, db_delete
 )
 from threading import Lock
 from typing import Any
@@ -225,6 +226,7 @@ class JwtRegistry:
     def issue_tokens(self,
                      account_id: str,
                      account_claims: dict[str, Any] = None,
+                     db_conn: Any = None,
                      logger: Logger = None) -> dict[str, Any]:
         """
         Issue and return a JWT token pair associated with *account_id*.
@@ -232,6 +234,9 @@ class JwtRegistry:
         These claims are ignored, if specified in *account_claims*: *iat*, *exp*, *jti*, *nbf*, and *sub*.
         Other claims specified therein may supercede registered account-related claims.
 
+        If provided, *db_conn* indicates that this operation is part of a larger database transaction.
+        Otherwise, the database transaction's scope is limited to this operation.
+
         Structure of the return data:
         {
           "access-token": <jwt-token>,
@@ -242,6 +247,7 @@ class JwtRegistry:
 
         :param account_id: the account identification
         :param account_claims: if provided, may supercede registered account-related claims
+        :param db_conn: if provided, indicates that this operation is part of a larger database transaction
         :param logger: optional logger
         :return: the JWT token data
         :raises RuntimeError: invalid account id, or error accessing the token database
@@ -277,31 +283,41 @@ class JwtRegistry:
                                             key=JWT_ENCODING_KEY,
                                             algorithm=JWT_DEFAULT_ALGORITHM,
                                             headers={"kid": "R0"})
-            # obtain a DB connection
-            db_conn: Any = db_connect(errors=errors,
-                                      logger=logger)
-            # persist the candidate token (may raise an exception)
-            token_id: int = _jwt_persist_token(account_id=account_id,
-                                               jwt_token=refresh_token,
-                                               db_conn=db_conn,
-                                               logger=logger)
-            # issue the definitive refresh token
-            refresh_token = jwt.encode(payload=current_claims,
-                                       key=JWT_ENCODING_KEY,
-                                       algorithm=JWT_DEFAULT_ALGORITHM,
-                                       headers={"kid": f"R{token_id}"})
-            # persist it
-            db_update(errors=errors,
-                      update_stmt=f"UPDATE {JWT_DB_TABLE}",
-                      update_data={JWT_DB_COL_TOKEN: refresh_token},
-                      where_data={JWT_DB_COL_KID: token_id},
-                      connection=db_conn,
-                      logger=logger)
-            # commit the transaction
-            if not errors:
-                db_commit(errors=errors,
-                          connection=db_conn,
+
+            # make sure to have a database connection
+            curr_conn: Any = db_conn or db_connect(errors=errors,
+                                                   autocommit=False,
+                                                   logger=logger)
+            if curr_conn:
+                # persist the candidate token (may raise an exception)
+                token_id: int = _jwt_persist_token(account_id=account_id,
+                                                   jwt_token=refresh_token,
+                                                   db_conn=curr_conn,
+                                                   logger=logger)
+                # issue the definitive refresh token
+                refresh_token = jwt.encode(payload=current_claims,
+                                           key=JWT_ENCODING_KEY,
+                                           algorithm=JWT_DEFAULT_ALGORITHM,
+                                           headers={"kid": f"R{token_id}"})
+                # persist it
+                db_update(errors=errors,
+                          update_stmt=f"UPDATE {JWT_DB_TABLE}",
+                          update_data={JWT_DB_COL_TOKEN: refresh_token},
+                          where_data={JWT_DB_COL_KID: token_id},
+                          connection=curr_conn,
+                          committable=False,
                           logger=logger)
+
+                # conclude the transaction
+                if not db_conn:
+                    if errors:
+                        db_rollback(errors=errors,
+                                    connection=curr_conn,
+                                    logger=logger)
+                    else:
+                        db_commit(errors=errors,
+                                  connection=curr_conn,
+                                  logger=logger)
             if errors:
                 raise RuntimeError("; ".join(errors))
 
@@ -343,7 +359,7 @@ class JwtRegistry:
 
 def _jwt_persist_token(account_id: str,
                        jwt_token: str,
-                       db_conn: Any = None,
+                       db_conn: Any,
                        logger: Logger = None) -> int:
     """
     Persist the given token, making sure that the account limit is adhered to.
@@ -352,8 +368,7 @@ def _jwt_persist_token(account_id: str,
     If a token's expiration timestamp is in the past, it is removed from storage. If the maximum number
     of active tokens for *account_id* has been reached, the oldest active one is alse removed,
     to make room for the new *jwt_token*.
-
-    If *db_conn* is provided, then all DB operations will be carried out in the scope of a single transaction.
+    The provided database connection *db_conn* indicates that this operation is part of a larger transaction.
 
     :param account_id: the account identification
     :param jwt_token: the JWT token to persist

{pypomes_jwt-1.0.3.dist-info → pypomes_jwt-1.0.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 1.0.3
+Version: 1.0.4
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues

pypomes_jwt-1.0.4.dist-info/RECORD

@@ -0,0 +1,8 @@
+pypomes_jwt/__init__.py,sha256=fLr_M8yXlcmSTNPMdJOJQlMmtaiK5YKh0vKjOp3z2E4,1446
+pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
+pypomes_jwt/jwt_pomes.py,sha256=2LyjMMVkdPXeC7hMD52637e-LJoGbhKTb0Wqj6QXbTg,23049
+pypomes_jwt/jwt_registry.py,sha256=xe8ApMSJ_I1gJeGPIMOqj1bgv6G0IDlqMX0M5zKiaYI,22463
+pypomes_jwt-1.0.4.dist-info/METADATA,sha256=8Vef22_ykt_DQ0wkarlpV2YoXyV2TOdXJ2nOxIeBm30,632
+pypomes_jwt-1.0.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_jwt-1.0.4.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
+pypomes_jwt-1.0.4.dist-info/RECORD,,

pypomes_jwt-1.0.3.dist-info/RECORD

@@ -1,8 +0,0 @@
-pypomes_jwt/__init__.py,sha256=fLr_M8yXlcmSTNPMdJOJQlMmtaiK5YKh0vKjOp3z2E4,1446
-pypomes_jwt/jwt_constants.py,sha256=IQV39AiZKGuU8XxZBgJ-KJZQZ_mmnxyOnRZeuxlqDRk,4045
-pypomes_jwt/jwt_pomes.py,sha256=0JvWQaVgGXMfvvck_ZI6EW5diech7DabBFYskPU7jmE,21215
-pypomes_jwt/jwt_registry.py,sha256=t2adiHGg04RRwrLvX2XUgRwOtwtH8p2Ir2uAbsc2CoQ,21593
-pypomes_jwt-1.0.3.dist-info/METADATA,sha256=ayr8d8ZmUyAHGDHKMeXNW0-zbhyU62HBZwdIj69nlM0,632
-pypomes_jwt-1.0.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_jwt-1.0.3.dist-info/licenses/LICENSE,sha256=NdakochSXm_H_-DSL_x2JlRCkYikj3snYYvTwgR5d_c,1086
-pypomes_jwt-1.0.3.dist-info/RECORD,,