Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2025-11-04 09:37:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add the ability to return the refresh token in a cookie

Browse Source
This commit is contained in:
Joel Whitaker 2020-10-29 13:49:37 +00:00 committed by Michael
parent e8b68bedf5
commit bdc883dcb3
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
dj_rest_auth/app_settings.py
View File

@ -38,3 +38,4 @@ PasswordChangeSerializer = import_callable(
) )
JWT_AUTH_COOKIE = getattr(settings, 'JWT_AUTH_COOKIE', None) JWT_AUTH_COOKIE = getattr(settings, 'JWT_AUTH_COOKIE', None)
JWT_AUTH_REFRESH_COOKIE = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', None)

17
dj_rest_auth/views.py
View File

@ -86,12 +86,13 @@ class LoginView(GenericAPIView):
response = Response(serializer.data, status=status.HTTP_200_OK) response = Response(serializer.data, status=status.HTTP_200_OK)
if getattr(settings, 'REST_USE_JWT', False): if getattr(settings, 'REST_USE_JWT', False):
cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None) cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None)
refresh_cookie_name = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', None)
cookie_secure = getattr(settings, 'JWT_AUTH_SECURE', False) cookie_secure = getattr(settings, 'JWT_AUTH_SECURE', False)
cookie_httponly = getattr(settings, 'JWT_AUTH_HTTPONLY', True) cookie_httponly = getattr(settings, 'JWT_AUTH_HTTPONLY', True)
cookie_samesite = getattr(settings, 'JWT_AUTH_SAMESITE', 'Lax') cookie_samesite = getattr(settings, 'JWT_AUTH_SAMESITE', 'Lax')
from rest_framework_simplejwt.settings import api_settings as jwt_settings from rest_framework_simplejwt.settings import api_settings as jwt_settings
if cookie_name:
from datetime import datetime from datetime import datetime
if cookie_name:
expiration = (datetime.utcnow() + jwt_settings.ACCESS_TOKEN_LIFETIME) expiration = (datetime.utcnow() + jwt_settings.ACCESS_TOKEN_LIFETIME)
response.set_cookie( response.set_cookie(
cookie_name, cookie_name,
@ -101,6 +102,16 @@ class LoginView(GenericAPIView):
httponly=cookie_httponly, httponly=cookie_httponly,
samesite=cookie_samesite samesite=cookie_samesite
) )
if refresh_cookie_name:
expiration = (datetime.utcnow() + jwt_settings.REFRESH_TOKEN_LIFETIME)
response.set_cookie(
refresh_cookie_name,
self.refresh_token,
expires=expiration,
secure=cookie_secure,
httponly=cookie_httponly,
samesite=cookie_samesite
)
return response return response
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
@ -156,6 +167,10 @@ class LogoutView(APIView):
if cookie_name: if cookie_name:
response.delete_cookie(cookie_name) response.delete_cookie(cookie_name)
refresh_cookie_name = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', None)
if refresh_cookie_name:
response.delete_cookie(refresh_cookie_name)
elif 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS: elif 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
# add refresh token to blacklist # add refresh token to blacklist
try: try: