Fix expired tokens not refreshing.

Add 'id' command to show user-id, as well as log it during authentication.

Author: blam23

cmd/common/config.go

@@ -25,6 +25,7 @@ const (
 	// and NOT used by themselves.
 	AccessTokenConfigKey            = "access-token"      // user-scoped API access token key
 	RefreshTokenConfigKey           = "refresh-token"     // user-scoped API refresh token key
+	TokenIDConfigKey                = "user-id"           // user-scoped token ID
 	APIAccessTokenConfigKeyPartial  = "api-token"         // app- or org-scoped API token key
 	APIRefreshTokenConfigKeyPartial = "api-refresh-token" // app- or org-scoped API token key
 	AccountConfigKeyPartial         = "account"           // app-scoped account ID key
@@ -72,10 +73,39 @@ func InitConfig() {
 
 		if Verbose {
 			fmt.Println("Using configuration:", viper.ConfigFileUsed())
+			fmt.Println(viper.AllSettings())
 		}
 	}
 }
 
+// DecodeUserID parses the user access token to get out the "prvd"->"user_id" field.
+// Requires the user access token be setup already (i.e. authenticate has been called)
+func DecodeUserID() string {
+	rawToken := RequireUserAccessToken()
+
+	var jwtParser jwt.Parser
+	token, _, err := jwtParser.ParseUnverified(rawToken, jwt.MapClaims{})
+	if err != nil {
+		log.Printf("failed to parse JWT token on behalf of authorized user; %s", err.Error())
+		os.Exit(1)
+	}
+
+	claims := token.Claims.(jwt.MapClaims)
+	prvd := claims["prvd"]
+	if prvd == nil {
+		log.Printf("failed to get 'prvd' field from token")
+		os.Exit(1)
+	}
+
+	if userID, ok := prvd.(map[string]interface{})["user_id"].(string); ok {
+		return userID
+	}
+
+	log.Printf("failed to get 'user_id' field from token")
+	os.Exit(1)
+	return ""
+}
+
 func RequireUserAccessToken() string {
 	token := ""
 	if viper.IsSet(AccessTokenConfigKey) {
@@ -123,6 +153,8 @@ func CacheAccessRefreshToken(token *ident.Token) {
 		viper.Set(RefreshTokenConfigKey, *token.RefreshToken)
 	}
 
+	viper.Set(TokenIDConfigKey, token.ID.String())
+
 	viper.WriteConfig()
 }
 
@@ -217,28 +249,16 @@ func BuildConfigKeyWithUser(keyPartial, userID string) string {
 }
 
 func isTokenExpired(bearerToken string) bool {
-	token, err := jwt.Parse(bearerToken, func(_jwtToken *jwt.Token) (interface{}, error) {
-		// uncomment when enabling local verification
-		// var kid *string
-		// if kidhdr, ok := _jwtToken.Header["kid"].(string); ok {
-		// 	kid = &kidhdr
-		// }
-
-		// publicKey, _, _, _ := util.ResolveJWTKeypair(kid)
-		// if publicKey == nil {
-		// 	msg := "failed to resolve a valid JWT verification key"
-		// 	if kid != nil {
-		// 		msg = fmt.Sprintf("%s; invalid kid specified in header: %s", msg, *kid)
-		// 	} else {
-		// 		msg = fmt.Sprintf("%s; no default verification key configured", msg)
-		// 	}
-		// 	return nil, fmt.Errorf(msg)
-		// }
-
-		return nil, nil
-	})
+
+	var jwtParser jwt.Parser
+	token, _, err := jwtParser.ParseUnverified(bearerToken, jwt.MapClaims{})
+	if err != nil {
+		log.Printf("failed to parse JWT token on behalf of authorized user; %s", err.Error())
+		os.Exit(1)
+	}
 
 	if err != nil {
+		log.Printf("isTokenExpired err: %s", err)
 		return false
 	}
 

cmd/root.go

@@ -51,6 +51,7 @@ func init() {
 	rootCmd.AddCommand(api_tokens.APITokensCmd)
 	rootCmd.AddCommand(applications.ApplicationsCmd)
 	rootCmd.AddCommand(users.AuthenticateCmd)
+	rootCmd.AddCommand(users.ShowIDCmd)
 	rootCmd.AddCommand(baseledger.BaseledgerCmd)
 	rootCmd.AddCommand(baseline.BaselineCmd)
 	rootCmd.AddCommand(connectors.ConnectorsCmd)

cmd/users/authenticate.go

@@ -11,7 +11,7 @@ import (
 	"github.com/spf13/viper"
 )
 
-// authenticateCmd represents the authenticate command
+// AuthenticateCmd represents the authenticate command
 var AuthenticateCmd = &cobra.Command{
 	Use:   "authenticate",
 	Short: "Authenticate using your credentials",
@@ -34,9 +34,13 @@ func authenticate(cmd *cobra.Command, args []string) {
 		common.CacheAccessRefreshToken(resp.Token)
 	} else if resp.Token.Token != nil {
 		cacheAPIToken(*resp.Token.Token)
+	} else {
+		log.Println("Failed to get token from authentication response.")
+		os.Exit(1)
 	}
 
-	log.Printf("Authentication successful")
+	log.Print("Authentication successful")
+	log.Printf("User ID: %s", common.DecodeUserID())
 }
 
 func cacheAPIToken(token string) {

cmd/users/showid.go

@@ -0,0 +1,22 @@
+package users
+
+import (
+	"fmt"
+
+	"github.com/provideplatform/provide-cli/cmd/common"
+
+	"github.com/spf13/cobra"
+)
+
+// ShowIDCmd represents the id command
+var ShowIDCmd = &cobra.Command{
+	Use:   "id",
+	Short: "Prints out the ID of the currently authenticated user",
+	Long:  "Prints out the ID of the currently authenticated user",
+	Run:   showid,
+}
+
+func showid(cmd *cobra.Command, args []string) {
+	id := common.DecodeUserID()
+	fmt.Println(id)
+}