Island: Include refresh token into responses

monkey/monkey_island/cc/app.py

@@ -44,10 +44,7 @@
 from monkey_island.cc.services.authentication_service.configure_flask_security import (
     configure_flask_security,
 )
-from monkey_island.cc.services.authentication_service.token import (
-    TokenGenerator,
-    TokenValidator,
-)
+from monkey_island.cc.services.authentication_service.token import TokenGenerator, TokenValidator
 from monkey_island.cc.services.representations import output_json
 
 HOME_FILE = "index.html"

monkey/monkey_island/cc/services/authentication_service/flask_resources/login.py

@@ -9,7 +9,11 @@
 from monkey_island.cc.flask_utils import AbstractResource, responses
 
 from ..authentication_facade import AuthenticationFacade
-from .utils import get_username_password_from_request, include_auth_token
+from .utils import (
+    add_refresh_token_to_response,
+    get_username_password_from_request,
+    include_auth_token,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -38,9 +42,8 @@ def post(self):
         try:
             username, password = get_username_password_from_request(request)
             response: ResponseValue = login()
-            # TODO send these back
-            _tokens = self._authentication_facade.generate_refresh_token(current_user)
-            del _tokens
+            refresh_token = self._authentication_facade.generate_refresh_token(current_user)
+            response = add_refresh_token_to_response(response, refresh_token)
         except Exception:
             return responses.make_response_to_invalid_request()
 

monkey/monkey_island/cc/services/authentication_service/flask_resources/register.py

@@ -9,7 +9,11 @@
 from monkey_island.cc.flask_utils import AbstractResource, responses
 
 from ..authentication_facade import AuthenticationFacade
-from .utils import get_username_password_from_request, include_auth_token
+from .utils import (
+    add_refresh_token_to_response,
+    get_username_password_from_request,
+    include_auth_token,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -37,9 +41,8 @@ def post(self):
                 }, HTTPStatus.CONFLICT
             username, password = get_username_password_from_request(request)
             response: ResponseValue = register()
-            # TODO send these back
-            _tokens = self._authentication_facade.generate_refresh_token(current_user)
-            del _tokens
+            refresh_token = self._authentication_facade.generate_refresh_token(current_user)
+            response = add_refresh_token_to_response(response, refresh_token)
         except Exception:
             return responses.make_response_to_invalid_request()
 

monkey/monkey_island/cc/services/authentication_service/flask_resources/utils.py

@@ -1,10 +1,13 @@
 import json
+from copy import deepcopy
 from functools import wraps
 from typing import Tuple
 
-from flask import Request, request
+from flask import Request, Response, request
 from werkzeug.datastructures import ImmutableMultiDict
 
+from monkey_island.cc.services.authentication_service.token import Token
+
 
 def get_username_password_from_request(_request: Request) -> Tuple[str, str]:
     """
@@ -35,3 +38,17 @@ def decorated_function(*args, **kwargs):
         return func(*args, **kwargs)
 
     return decorated_function
+
+
+def add_refresh_token_to_response(response: Response, refresh_token: Token) -> Response:
+    """
+    Returns a copy of the response object with the refresh token added to it
+
+    :param response: A Flask Response object
+    :param refresh_token: Refresh token to add to the response
+    :return: A Flask Response object
+    """
+    new_data = deepcopy(response.json)
+    new_data["response"]["user"]["refresh_token"] = refresh_token
+    response.data = json.dumps(new_data).encode()
+    return response

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/conftest.py

@@ -15,10 +15,14 @@
     RegistrationStatus,
 )
 
+REFRESH_TOKEN = "refresh_token"
+
 
 @pytest.fixture
 def mock_authentication_facade():
     mock_service = MagicMock(spec=AuthenticationFacade)
+    mock_service.generate_refresh_token = MagicMock()
+    mock_service.generate_refresh_token.return_value = REFRESH_TOKEN
 
     return mock_service
 

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/flask_resources/test_login.py

@@ -3,6 +3,7 @@
 
 import pytest
 from flask import Response
+from tests.unit_tests.monkey_island.cc.services.authentication_service.conftest import REFRESH_TOKEN
 
 from monkey_island.cc.services.authentication_service.authentication_facade import (
     AuthenticationFacade,
@@ -13,6 +14,14 @@
 PASSWORD = "test_password"
 TEST_REQUEST = f'{{"username": "{USERNAME}", "password": "{PASSWORD}"}}'
 FLASK_LOGIN_IMPORT = "monkey_island.cc.services.authentication_service.flask_resources.login.login"
+LOGIN_RESPONSE_DATA = (
+    b'{"response": {"user": {"authentication_token": "abcdefg"}, "csrf_token": "hijklmnop"}}'
+)
+LOGIN_RESPONSE = Response(
+    response=LOGIN_RESPONSE_DATA,
+    status=HTTPStatus.OK,
+    mimetype="application/json",
+)
 
 
 @pytest.fixture
@@ -28,12 +37,7 @@ def inner(request_body):
 def test_credential_parsing(
     monkeypatch, make_login_request, mock_authentication_facade: AuthenticationFacade
 ):
-    monkeypatch.setattr(
-        FLASK_LOGIN_IMPORT,
-        lambda: Response(
-            status=HTTPStatus.OK,
-        ),
-    )
+    monkeypatch.setattr(FLASK_LOGIN_IMPORT, lambda: LOGIN_RESPONSE)
 
     make_login_request(TEST_REQUEST)
     mock_authentication_facade.handle_successful_login.assert_called_with(USERNAME, PASSWORD)
@@ -45,16 +49,12 @@ def test_empty_credentials(make_login_request, mock_authentication_facade: Authe
 
 
 def test_login_successful(make_login_request, monkeypatch):
-    monkeypatch.setattr(
-        FLASK_LOGIN_IMPORT,
-        lambda: Response(
-            status=HTTPStatus.OK,
-        ),
-    )
+    monkeypatch.setattr(FLASK_LOGIN_IMPORT, lambda: LOGIN_RESPONSE)
 
     response = make_login_request(TEST_REQUEST)
 
     assert response.status_code == HTTPStatus.OK
+    assert response.json["response"]["user"]["refresh_token"] == REFRESH_TOKEN
 
 
 def test_login_failure(
@@ -104,12 +104,7 @@ def test_login_invalid_request(
 def test_login_error(
     monkeypatch, make_login_request, mock_authentication_facade: AuthenticationFacade
 ):
-    monkeypatch.setattr(
-        FLASK_LOGIN_IMPORT,
-        lambda: Response(
-            status=HTTPStatus.OK,
-        ),
-    )
+    monkeypatch.setattr(FLASK_LOGIN_IMPORT, lambda: LOGIN_RESPONSE)
     mock_authentication_facade.handle_successful_login = MagicMock(side_effect=Exception())
 
     response = make_login_request(TEST_REQUEST)

monkey/tests/unit_tests/monkey_island/cc/services/authentication_service/flask_resources/test_register.py

@@ -3,6 +3,7 @@
 
 import pytest
 from flask import Response
+from tests.unit_tests.monkey_island.cc.services.authentication_service.conftest import REFRESH_TOKEN
 
 from monkey_island.cc.services.authentication_service.authentication_facade import (
     AuthenticationFacade,
@@ -15,6 +16,14 @@
 FLASK_REGISTER_IMPORT = (
     "monkey_island.cc.services.authentication_service.flask_resources.register.register"
 )
+REGISTER_RESPONSE_DATA = (
+    b'{"response": {"user": {"authentication_token": "abcdefg"}, "csrf_token": "hijklmnop"}}'
+)
+REGISTER_RESPONSE = Response(
+    response=REGISTER_RESPONSE_DATA,
+    status=HTTPStatus.OK,
+    mimetype="application/json",
+)
 
 
 @pytest.fixture
@@ -50,16 +59,12 @@ def test_register__already_registered(
 def test_register_successful(
     monkeypatch, make_registration_request, mock_authentication_facade: AuthenticationFacade
 ):
-    monkeypatch.setattr(
-        FLASK_REGISTER_IMPORT,
-        lambda: Response(
-            status=HTTPStatus.OK,
-        ),
-    )
+    monkeypatch.setattr(FLASK_REGISTER_IMPORT, lambda: REGISTER_RESPONSE)
 
     response = make_registration_request(TEST_REQUEST)
 
     assert response.status_code == HTTPStatus.OK
+    assert response.json["response"]["user"]["refresh_token"] == REFRESH_TOKEN
     mock_authentication_facade.handle_successful_registration.assert_called_with(USERNAME, PASSWORD)
 
 
@@ -94,10 +99,7 @@ def test_register_invalid_request(
 def test_register_error(
     monkeypatch, make_registration_request, mock_authentication_facade: AuthenticationFacade
 ):
-    monkeypatch.setattr(
-        FLASK_REGISTER_IMPORT,
-        lambda: Response(status=HTTPStatus.OK),
-    )
+    monkeypatch.setattr(FLASK_REGISTER_IMPORT, lambda: REGISTER_RESPONSE)
 
     mock_authentication_facade.handle_successful_registration = MagicMock(side_effect=Exception())