Merge pull request #244 from CodeForPhilly/198-refresh

Adds server side of JWT refresh

Author: c-simpson

src/server/api/jwt_ops.py

@@ -34,6 +34,12 @@ def create_token(username, accesslevel):
     return jsonify(access_token=new_token)
 
 
-def get_jwt_user():
-    """ Read the JWT and return the associated username """
-    return get_jwt_identity()
+def validate_decode_jwt():
+    """ If valid, return jwt fields as a dictionary, else None """
+    jwtdict = None
+    try:
+        jwtdict =  verify_jwt_in_request()[1]
+    except:
+        pass   # Wasn't valid - either expired or failed validation 
+
+    return jwtdict

src/server/api/user_api.py

@@ -143,6 +143,38 @@ def user_logout():
     return jsonify("Logged out " + username)
 
 
+# Generate a new access token 
+
+@user_api.route("/api/user/refresh", methods=["GET"])
+@jwt_ops.jwt_required()
+def user_refresh():
+    """ If user still active, send back an access_token with a new expiration stamp """
+    old_jwt = jwt_ops.validate_decode_jwt()   
+
+    # If token bad, should be handled & error message sent by jwt_required() and we won't get here
+    if old_jwt:
+        user_name = old_jwt['sub']
+        with engine.connect() as connection:
+
+            s = text( """select active from pdp_users where username=:u """ )
+            s = s.bindparams(u=user_name)
+            result = connection.execute(s)
+
+            if result.rowcount:  # Did we get a match on username?
+                is_active = result.fetchone()
+            else:
+                log_user_action(user_name, "Failure", "Valid JWT presented for refesh attempt on unknown username")
+                return jsonify("Bad credentials"), 401
+
+            if is_active[0].lower() == 'y':    # In the user DB and still Active?
+                token = jwt_ops.create_token(user_name,old_jwt['role'])
+                return token
+
+    else:
+        return jsonify("Bad credentials"), 401
+
+
+
 ###    Unexpired *Admin* JWT  required      ############################