Skip to content
This repository was archived by the owner on May 26, 2020. It is now read-only.

Allow token renewal using cookies authentication. #476

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow token renewal using cookies authentication. #476

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 28 additions & 18 deletions rest_framework_jwt/views.py
View file
Original file line number Diff line number Diff line change
@@ -5,8 +5,9 @@

from .settings import api_settings
from .serializers import (
JSONWebTokenSerializer, RefreshJSONWebTokenSerializer,
VerifyJSONWebTokenSerializer
JSONWebTokenSerializer,
RefreshJSONWebTokenSerializer,
VerifyJSONWebTokenSerializer,
)

jwt_response_payload_handler = api_settings.JWT_RESPONSE_PAYLOAD_HANDLER
@@ -16,17 +17,15 @@ class JSONWebTokenAPIView(APIView):
"""
Base API View that various JWT interactions inherit from.
"""

permission_classes = ()
authentication_classes = ()

def get_serializer_context(self):
"""
Extra context provided to the serializer class.
"""
return {
'request': self.request,
'view': self,
}
return {"request": self.request, "view": self}

def get_serializer_class(self):
"""
@@ -38,8 +37,8 @@ def get_serializer_class(self):
"""
assert self.serializer_class is not None, (
"'%s' should either include a `serializer_class` attribute, "
"or override the `get_serializer_class()` method."
% self.__class__.__name__)
"or override the `get_serializer_class()` method." % self.__class__.__name__
)
return self.serializer_class

def get_serializer(self, *args, **kwargs):
@@ -48,24 +47,32 @@ def get_serializer(self, *args, **kwargs):
deserializing input, and for serializing output.
"""
serializer_class = self.get_serializer_class()
kwargs['context'] = self.get_serializer_context()
kwargs["context"] = self.get_serializer_context()
return serializer_class(*args, **kwargs)

def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer_data = dict(request.data)
if (
"token" not in request.data
and api_settings.JWT_AUTH_COOKIE
and api_settings.JWT_AUTH_COOKIE in request.COOKIES
):
serializer_data["token"] = request.COOKIES[api_settings.JWT_AUTH_COOKIE]
serializer = self.get_serializer(data=serializer_data)

if serializer.is_valid():
user = serializer.object.get('user') or request.user
token = serializer.object.get('token')
user = serializer.object.get("user") or request.user
token = serializer.object.get("token")
response_data = jwt_response_payload_handler(token, user, request)
response = Response(response_data)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.utcnow() +
api_settings.JWT_EXPIRATION_DELTA)
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True)
expiration = datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA
response.set_cookie(
api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True,
)
return response

return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@@ -77,6 +84,7 @@ class ObtainJSONWebToken(JSONWebTokenAPIView):

Returns a JSON Web Token that can be used for authenticated requests.
"""

serializer_class = JSONWebTokenSerializer


@@ -85,6 +93,7 @@ class VerifyJSONWebToken(JSONWebTokenAPIView):
API View that checks the veracity of a token, returning the token if it
is valid.
"""

serializer_class = VerifyJSONWebTokenSerializer


@@ -96,6 +105,7 @@ class RefreshJSONWebToken(JSONWebTokenAPIView):
If 'orig_iat' field (original issued-at-time) is found, will first check
if it's within expiration window, then copy it to the new token
"""

serializer_class = RefreshJSONWebTokenSerializer


Loading