[PD1-595] Modifying token refresh logic

[alok27a]

Fix: Token Refresh Logic Not Triggering on Server Redirects

Problem

• Token refresh failed when tokens expired because the server redirected to an HTML login page instead of returning a JSON 401 error.
• Root Cause: Missing Accept: application/json header → server returned HTML → client never triggered token refresh.

Solution

• Added "Accept": "application/json" to all API requests and authentication methods to ensure proper JSON responses.

Key Changes

-Added header in _get_headers() and auth methods.

• Improved error handling (specific exceptions: RequestException, ValueError, KeyError).

• Added structured logging with stack traces.

Before

• Expired token → 307 Redirect → /login?error=Token%20has%20expired → ❌ No refresh

After

• Expired token → 401 JSON → Automatic token refresh → Success

Benefits

✅ Standards-compliant (RFC 7231)
✅ Backward compatible
✅ No code breakage
✅ Clearer logging & better debugging

Testing

• 3 new tests added (tests/test_token_refresh.py)

• 22/22 tests passing

• Verified correct 401 handling and refresh trigger

[linear]

PD1-595 Token not refreshing when polling data from access DB of ATEK

Showing an Error 404 token has expired when I am polling the ATEK access DB, need to refresh the token

[gemini-code-assist]

Summary of Changes

Hello @alok27a, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the token refresh mechanism was not triggering on server redirects, leading to failed requests. The changes modify the _make_request() method in cvec.py to handle redirects and improve error reporting. A new test suite was added to ensure the token refresh functionality works as expected.

Highlights

• Token Refresh Logic: The token refresh logic was updated to handle server redirects, specifically 307 Temporary Redirects, which were not triggering the refresh mechanism.
• Redirect Handling: Automatic redirects are now disabled in _make_request() to intercept authentication-related redirects. The code now detects multiple authentication failure patterns, including 401 Unauthorized responses and 3xx redirects to URLs containing 'login' or 'token'.
• Testing: A comprehensive test suite was added in tests/test_token_refresh.py to cover various token refresh scenarios, including 401 errors and redirects to login pages. All tests pass.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request addresses an issue where the token refresh mechanism was not triggering on server redirects, leading to failed requests. The solution involves disabling automatic redirects, detecting multiple authentication failure patterns, triggering token refresh, handling redirects, and improving error reporting. The changes include modifications to the _make_request() method in cvec.py and the addition of a new test suite in tests/test_token_refresh.py. The code changes look good overall, with a few suggestions for improvement.

[joshuanapoli]

Don't treat 3xx as a token expiration. Someday we are likely to use a 3xx response as part of the API, and we'll be confused when some old code here is treating it as if it were a 401 response.

Instead, make sure the system knows that this is a JSON API request, not an HTML request. Add the request accept header for json.

I think that you should change the CloudFront response from 403 to 401 at https://github.com/CVector-Energy/cvec-op-envs/blob/5820478f11b596d9ae8a55c10420fdf5b3571723/terraform/modules/operational_environment/function/cloudfront-function.js#L266

[joshuanapoli]

Thank you! We can test in production, after updating the http status in cvec-op-envs.