Prevent caching incomplete jwt tokens in validate_auth method

Add token expiration to response data so client can manage refreshing
NeonGeckoCom · Jan 23, 2024 · 95c63d5 · 95c63d5
1 parent 5852535
commit 95c63d5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py
@@ -50,6 +50,7 @@ def __init__(self, config: dict):
         self._jwt_algo = "HS256"
 
     def _create_tokens(self, encode_data: dict) -> dict:
+        token_expiration = encode_data['expire']
         token = jwt.encode(encode_data, self._access_secret, self._jwt_algo)
         encode_data['expire'] = time() + self._refresh_token_lifetime
         encode_data['access_token'] = token
@@ -58,11 +59,13 @@ def _create_tokens(self, encode_data: dict) -> dict:
         return {"username": encode_data['username'],
                 "client_id": encode_data['client_id'],
                 "access_token": token,
-                "refresh_token": refresh}
+                "refresh_token": refresh,
+                "expiration": token_expiration}
 
     def check_auth_request(self, client_id: str, username: str,
                            password: Optional[str] = None):
         if client_id in self.authorized_clients:
+            print(f"Using cached client: {self.authorized_clients[client_id]}")
             return self.authorized_clients[client_id]
         if username != "guest":
             # TODO: Validate password here
@@ -122,9 +125,6 @@ def validate_auth(self, token: str, origin_ip: str) -> bool:
             if auth['expire'] < time():
                 self.authorized_clients.pop(auth['client_id'], None)
                 return False
-            # Keep track of authorized client connections
-            self.authorized_clients[auth['client_id']] = auth
-            # TODO: Consider consuming an extra request for guest sessions
             return True
         except DecodeError:
             # Invalid token supplied

diff --git a/neon_hana/schema/auth_requests.py b/neon_hana/schema/auth_requests.py
@@ -48,14 +48,16 @@ class AuthenticationResponse(BaseModel):
     client_id: str
     access_token: str
     refresh_token: str
+    expiration: float
 
     model_config = {
         "json_schema_extra": {
             "examples": [{
                 "username": "guest",
                 "client_id": "be84ae66-f61c-4aac-a9af-b0da364b82b6",
                 "access_token": "<redacted>",
-                "refresh_token": "<redacted>"
+                "refresh_token": "<redacted>",
+                "expiration": 1706045776.4168212
             }]}}