Move tokens to new collection

018bdc09 · Megan Henning · e59bcf37 · 018bdc09 · 018bdc09 · 018bdc09
Commit 018bdc09 authored 7 years ago by Megan Henning
--- a/api/auth/authproviders.py
+++ b/api/auth/authproviders.py
@@ -6,6 +6,7 @@ import urlparse

 from . import APIAuthProviderException, APIUnknownUserException, APIRefreshTokenException
 from .. import config, util
+from ..dao import dbutil

 log = config.log

@@ -57,14 +58,22 @@ class AuthProvider(object):
    def set_refresh_token_if_exists(self, uid, refresh_token):
        # Also check to make sure if refresh token is missing, that the user
        # has a refresh token on their user doc. If not, alert the client.
+        query = {'uid': uid, 'auth_type': self.auth_type}
        if not refresh_token:
-            user = config.db.users.find_one({'_id': uid})
-            if not user.get('refresh_tokens', {}).get(self.auth_type):
+            token = config.db.refreshtokens.find_one(query)
+            if not token:
                # user does not have refresh token, alert the client
                raise APIRefreshTokenException('invalid_refresh_token')
+            else:
+                # user does have a previously saved refresh token, move on
+                return

-        update = {'$set': {'refresh_tokens.'+ self.auth_type: refresh_token}}
-        config.db.users.update_one({'_id': uid}, update)
+        refresh_doc = {
+            'token': refresh_token,
+            'auth_type': self.auth_type,
+            'uid': uid
+        }
+        dbutil.fault_tolerant_replace_one('refreshtokens', query, refresh_doc, upsert=True)


 class JWTAuthProvider(AuthProvider):

--- a/api/web/base.py
+++ b/api/web/base.py
@@ -49,8 +49,13 @@ class RequestHandler(webapp2.RequestHandler):

            self.initialization_auth(site_id)

+        except webapp2.HTTPException:
+            raise
        except Exception: # pylint: disable=broad-except
-            self.abort(500, 'An unexpected error has occured.')
+            tb = traceback.format_exc()
+            self.request.logger.error(tb)
+            self.abort(500, 'Unexpected error.')
+


    def initialize(self, request, response):
@@ -151,22 +156,21 @@ class RequestHandler(webapp2.RequestHandler):
                # look to see if the user has a stored refresh token:
                unverified_uid = cached_token['uid']
                auth_type = cached_token['auth_type']
-                user = config.db.users.find_one({'_id': unverified_uid})
-                if user and user.get('refresh_tokens', {}).get(auth_type):
+                refresh_token = config.db.refreshtokens.find_one({'uid': unverified_uid, 'auth_type': cached_token['auth_type']})
+                if refresh_token:
                    # Attempt to refresh the token, update db

-                    refresh_token = user.get('refresh_tokens', {}).get(auth_type)
                    try:
                        auth_provider = AuthProvider.factory(auth_type)
                    except NotImplementedError as e:
                        self.abort(401, str(e))

                    try:
-                        updated_token_info = auth_provider.refresh_token(refresh_token)
+                        updated_token_info = auth_provider.refresh_token(refresh_token['token'])
                    except APIAuthProviderException as e:

                        # Remove the bad refresh token and session token:
-                        config.db.users.update_one({'_id': unverified_uid }, {'$unset': {'refresh_tokens.'+auth_type: ''}})
+                        config.db.refreshtokens.delete_one({'_id': refresh_token['_id']})
                        config.db.authtokens.delete_one({'_id': cached_token['_id']})

                        # TODO: Rework auth so it's not tied to init, then:

--- a/bin/database.py
+++ b/bin/database.py
@@ -16,7 +16,7 @@ from api.jobs.jobs import Job
 from api.jobs import gears
 from api.types import Origin

-CURRENT_DATABASE_VERSION = 24 # An int that is bumped when a new schema change is made
+CURRENT_DATABASE_VERSION = 25 # An int that is bumped when a new schema change is made

 def get_db_version():

@@ -856,6 +856,23 @@ def upgrade_to_24():
    config.db.singletons.remove({"_id" : "rules"})
    logging.info('Upgrade v23, complete.')

+def upgrade_to_25():
+    """
+    scitran/core PR #733
+
+    Migrate refresh token from authtokens to seperate collection
+    """
+
+    auth_tokens = config.db.authtokens.find({'refresh_token': {'$exists': True}})
+
+    for a in auth_tokens:
+        refresh_doc = {
+            'uid': a['uid'],
+            'token': a['refresh_token'],
+            'auth_type': a['auth_type']
+        }
+        config.db.refreshtokens.insert(refresh_doc)
+


 def upgrade_schema():