Use flask-caching to store exchange token

This allows using the redis backend which won't result in corruption
when two request update the token at the exact same time.

newdle/cli.py

@@ -95,7 +95,7 @@ def get_exchange_token(force, dump_token):
         print('exchangelib is not available')
         sys.exit(1)
 
-    app, cache, cache_file = get_msal_app()
+    app, token_cache = get_msal_app()
     username = current_app.config['EXCHANGE_PROVIDER_ACCOUNT']
     if token := get_msal_token(force=force):
         print(f'Got access token for {username}')
@@ -120,7 +120,7 @@ def get_exchange_token(force, dump_token):
     assert len(accounts) == 1
     assert accounts[0]['username'] == username
 
-    save_msal_cache(cache, cache_file)
+    save_msal_cache(token_cache)
     print(f'Got access token for {username}')
     if dump_token:
         print(result['access_token'])

newdle/newdle.cfg.example

@@ -89,15 +89,13 @@ FREE_BUSY_PROVIDERS = {'random'}
 # flow enabled):
 # EXCHANGE_PROVIDER_CLIENT_ID = 'azure app client id'
 # EXCHANGE_PROVIDER_AUTHORITY = 'https://login.microsoftonline.com/acme.com'
-# EXCHANGE_PROVIDER_CACHE_FILE = '/tmp/newdle-exchange-cache.json'
 
 EXCHANGE_DOMAIN = ''
 EXCHANGE_PROVIDER_SERVER = ''
 EXCHANGE_PROVIDER_ACCOUNT = ''
 EXCHANGE_PROVIDER_CREDENTIALS = ('', '')
 EXCHANGE_PROVIDER_CLIENT_ID = ''
 EXCHANGE_PROVIDER_AUTHORITY = ''
-EXCHANGE_PROVIDER_CACHE_FILE = '/tmp/newdle-exchange-cache.json'
 
 # OX free/busy configuration
 #

newdle/providers/free_busy/util.py

@@ -1,7 +1,7 @@
-from pathlib import Path
-
 from flask import current_app
 
+from newdle.core.cache import cache
+
 try:
     from msal import PublicClientApplication, SerializableTokenCache
 
@@ -14,27 +14,25 @@ def get_msal_app():
     if not has_msal:
         raise Exception('msal not available')
 
-    cache = SerializableTokenCache()
-    cache_file = Path(current_app.config['EXCHANGE_PROVIDER_CACHE_FILE'])
-    if cache_file.exists():
-        cache.deserialize(cache_file.read_text())
+    token_cache = SerializableTokenCache()
+    if cache_data := cache.get('exchange-token'):
+        token_cache.deserialize(cache_data)
     app = PublicClientApplication(
         current_app.config['EXCHANGE_PROVIDER_CLIENT_ID'],
         authority=current_app.config['EXCHANGE_PROVIDER_AUTHORITY'],
-        token_cache=cache,
+        token_cache=token_cache,
     )
-    return app, cache, cache_file
+    return app, token_cache
 
 
-def save_msal_cache(cache, cache_file: Path):
-    if not cache.has_state_changed:
+def save_msal_cache(token_cache):
+    if not token_cache.has_state_changed:
         return
-    cache_file.touch(mode=0o600)  # create with safe permissions if new file
-    cache_file.write_text(cache.serialize())
+    cache.set('exchange-token', token_cache.serialize(), timeout=0)
 
 
 def get_msal_token(*, force=False):
-    app, cache, cache_file = get_msal_app()
+    app, token_cache = get_msal_app()
     username = current_app.config['EXCHANGE_PROVIDER_ACCOUNT']
     if not (accounts := app.get_accounts(username)):
         return None
@@ -55,5 +53,5 @@ def get_msal_token(*, force=False):
         return None
 
     # save cache in case we refreshed the token
-    save_msal_cache(cache, cache_file)
+    save_msal_cache(token_cache)
     return result.get('access_token')

requirements.in

@@ -16,6 +16,7 @@ marshmallow
 psycopg2
 python-dotenv
 pytz
+redis
 requests
 sqlalchemy
 webargs

requirements.txt

@@ -99,6 +99,8 @@ pytz==2024.1
     # via
     #   -r requirements.in
     #   icalendar
+redis==5.0.7
+    # via -r requirements.in
 requests==2.31.0
     # via
     #   -r requirements.in