Feat - Implemented refresh token

Author: anibalcontreras

authentication/serializers.py

@@ -24,3 +24,8 @@ class RegisterSerializer(serializers.Serializer):
 class LoginSerializer(serializers.Serializer):
     email = serializers.EmailField()
     password = serializers.CharField(write_only=True)
+
+
+class RefreshTokenSerializer(serializers.Serializer):
+    refresh_token = serializers.CharField()
+    user_sub = serializers.CharField()

authentication/services/cognito_service.py

@@ -14,8 +14,8 @@ def __init__(self, region, user_pool_id, app_client_id, app_client_secret):
         self.app_client_id = app_client_id
         self.app_client_secret = app_client_secret
 
-    def get_secret_hash(self, email):
-        message = email + self.app_client_id
+    def get_secret_hash(self, message):
+        message = message + self.app_client_id
         dig = hmac.new(
             str(self.app_client_secret).encode("utf-8"), msg=str(message).encode("utf-8"), digestmod=hashlib.sha256
         ).digest()
@@ -61,3 +61,17 @@ def login_user(self, email, password):
             return response
         except ClientError as e:
             raise e
+
+    def refresh_tokens(self, refresh_token, user_sub):
+        try:
+            response = self.client.initiate_auth(
+                ClientId=self.app_client_id,
+                AuthFlow="REFRESH_TOKEN_AUTH",
+                AuthParameters={
+                    "REFRESH_TOKEN": refresh_token,
+                    "SECRET_HASH": self.get_secret_hash(user_sub),
+                },
+            )
+            return response
+        except ClientError as e:
+            raise e

authentication/tests/tests.py

@@ -42,12 +42,12 @@ def setUp(self):
     @patch.object(CognitoService, "login_user")
     def test_login_user_success(self, mock_login_user):
         mock_login_user.return_value = {
-            "AuthenticationResult": {"AccessToken": "mock_access_token", "IdToken": "mock_id_token"}
+            "AuthenticationResult": {"AccessToken": "mock_access_token", "RefreshToken": "mock_refresh_token"}
         }
         response = self.client.post(self.url, self.data, format="json")
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["access_token"], "mock_access_token")
-        self.assertEqual(response.data["id_token"], "mock_id_token")
+        self.assertEqual(response.data["refresh_token"], "mock_refresh_token")
 
     @patch.object(CognitoService, "login_user")
     def test_login_user_failure(self, mock_login_user):

authentication/urls.py

@@ -1,8 +1,9 @@
 from django.urls import path
-from .views import RegisterView, LoginView, ProfileView
+from .views import RegisterView, LoginView, ProfileView, RefreshTokenView
 
 urlpatterns = [
     path("register/", RegisterView.as_view(), name="register"),
     path("login/", LoginView.as_view(), name="login"),
     path("profile/", ProfileView.as_view(), name="profile"),
+    path("refresh-token/", RefreshTokenView.as_view(), name="refresh-token"),
 ]

authentication/views.py

@@ -1,7 +1,7 @@
 from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework import status
-from .serializers import RegisterSerializer, LoginSerializer
+from .serializers import RegisterSerializer, LoginSerializer, RefreshTokenSerializer
 from .services.cognito_service import CognitoService
 from django.conf import settings
 from .models import User
@@ -44,7 +44,7 @@ def post(self, request):
                 return Response(
                     {
                         "access_token": response["AuthenticationResult"]["AccessToken"],
-                        "id_token": response["AuthenticationResult"]["IdToken"],
+                        "refresh_token": response["AuthenticationResult"]["RefreshToken"],
                     },
                     status=status.HTTP_200_OK,
                 )
@@ -53,6 +53,26 @@ def post(self, request):
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
+class RefreshTokenView(APIView):
+    def post(self, request):
+        serializer = RefreshTokenSerializer(data=request.data)
+        if serializer.is_valid():
+            refresh_token = serializer.validated_data["refresh_token"]
+            user_sub = serializer.validated_data["user_sub"]
+            try:
+                response = cognito_service.refresh_tokens(refresh_token, user_sub)
+                return Response(
+                    {
+                        "access_token": response["AuthenticationResult"]["AccessToken"],
+                    },
+                    status=status.HTTP_200_OK,
+                )
+            except Exception as e:
+                return Response({"error": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        else:
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
 class ProfileView(APIView):
     def get_user_id_from_token(self, request):
         try:

docker-compose.yml

@@ -20,7 +20,7 @@ services:
   web:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: Dev.Dockerfile
     container_name: web
     volumes:
       - .:/app
@@ -37,7 +37,7 @@ services:
       POSTGRES_PORT: ${DB_PORT}
       POSTGRES_HOST: ${DB_HOST}
       OPENAI_API_KEY: ${OPENAI_API_KEY}
-      DJANGO_SETTINGS_MODULE: piggywallet.settings.prod
+      DJANGO_SETTINGS_MODULE: piggywallet.settings.dev
 
 networks:
   app_network: