Refresh fix and test

sanic_security/models.py

@@ -524,12 +524,12 @@ class AuthenticationSession(Session):
     Used to authenticate and identify a client.
 
     Attributes:
-        refreshed (bool): Determines if session has been refreshed.
+        is_refresh (bool): Determines if current session was created during previous session refresh.
         requires_second_factor (bool): Determines if session requires a second factor.
         refresh_expiration_date (bool): Date and time the session can no longer be refreshed.
     """
 
-    refreshed: bool = fields.BooleanField(default=False)
+    is_refresh: bool = fields.BooleanField(default=False)
     requires_second_factor: bool = fields.BooleanField(default=False)
     refresh_expiration_date: datetime.datetime = fields.DatetimeField(null=True)
 
@@ -567,9 +567,8 @@ async def refresh(self, request: Request):
                 <= self.refresh_expiration_date
             ):
                 self.active = False
-                self.refreshed = True
-                await self.save(update_fields=["active", "refreshed"])
-                return self.new(request, self.bearer)
+                await self.save(update_fields=["active"])
+                return self.new(request, self.bearer, refresh=True)
             else:
                 raise e
 

sanic_security/test/server.py

@@ -151,11 +151,23 @@ async def on_logout(request):
     return response
 
 
+@app.post("api/test/auth/refresh")
+@requires_authentication
+async def on_authentication_refresh(request):
+    """
+    Refreshes current authentication session. Requires data persistence and date change to
+    expire previous session.
+    """
+    authentication_session = await request.ctx.authentication_session.refresh(request)
+    response = json("Refresh successful!", authentication_session.json)
+    return response
+
+
 @app.post("api/test/auth")
-@requires_authentication()
+@requires_authentication
 async def on_authenticate(request):
     """
-    Authenticate client session and account, encode refreshed session if necessary.
+    Authenticate client session and account.
     """
     authentication_session = request.ctx.authentication_session
     response = json(
@@ -166,7 +178,7 @@ async def on_authenticate(request):
                 if not authentication_session.anonymous
                 else None
             ),
-            "auto-refreshed": authentication_session.refreshed,
+            "auto-refreshed": authentication_session.is_refresh
         },
     )
     request.ctx.authentication_session.encode(response)

sanic_security/test/tests.py

@@ -542,3 +542,20 @@ def test_get_associated_sessions(self):
         assert (
             retrieve_associated_response.status_code == 200
         ), retrieve_associated_response.text
+
+    def test_authentication_refresh(self):
+        self.client.post(
+            "http://127.0.0.1:8000/api/test/account",
+            data={
+                "email": "[email protected]",
+                "username": "refreshed",
+            },
+        )
+        login_response = self.client.post(
+            "http://127.0.0.1:8000/api/test/auth/login",
+            auth=("[email protected]", "password"),
+        )
+        assert login_response.status_code == 200, login_response.text
+        refresh_response = self.client.post("http://127.0.0.1:8000/api/test/auth/refresh")
+        assert refresh_response.status_code == 200, refresh_response.text
+