Skip to content
This repository has been archived by the owner on May 26, 2020. It is now read-only.

Allow token renewal using cookies authentication. #476

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow token renewal using cookies authentication. #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 28 additions & 18 deletions rest_framework_jwt/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@

from .settings import api_settings
from .serializers import (
JSONWebTokenSerializer, RefreshJSONWebTokenSerializer,
VerifyJSONWebTokenSerializer
JSONWebTokenSerializer,
RefreshJSONWebTokenSerializer,
VerifyJSONWebTokenSerializer,
)

jwt_response_payload_handler = api_settings.JWT_RESPONSE_PAYLOAD_HANDLER
Expand All @@ -16,17 +17,15 @@ class JSONWebTokenAPIView(APIView):
"""
Base API View that various JWT interactions inherit from.
"""

permission_classes = ()
authentication_classes = ()

def get_serializer_context(self):
"""
Extra context provided to the serializer class.
"""
return {
'request': self.request,
'view': self,
}
return {"request": self.request, "view": self}

def get_serializer_class(self):
"""
Expand All @@ -38,8 +37,8 @@ def get_serializer_class(self):
"""
assert self.serializer_class is not None, (
"'%s' should either include a `serializer_class` attribute, "
"or override the `get_serializer_class()` method."
% self.__class__.__name__)
"or override the `get_serializer_class()` method." % self.__class__.__name__
)
return self.serializer_class

def get_serializer(self, *args, **kwargs):
Expand All @@ -48,24 +47,32 @@ def get_serializer(self, *args, **kwargs):
deserializing input, and for serializing output.
"""
serializer_class = self.get_serializer_class()
kwargs['context'] = self.get_serializer_context()
kwargs["context"] = self.get_serializer_context()
return serializer_class(*args, **kwargs)

def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer_data = dict(request.data)
if (
"token" not in request.data
and api_settings.JWT_AUTH_COOKIE
and api_settings.JWT_AUTH_COOKIE in request.COOKIES
):
serializer_data["token"] = request.COOKIES[api_settings.JWT_AUTH_COOKIE]
serializer = self.get_serializer(data=serializer_data)

if serializer.is_valid():
user = serializer.object.get('user') or request.user
token = serializer.object.get('token')
user = serializer.object.get("user") or request.user
token = serializer.object.get("token")
response_data = jwt_response_payload_handler(token, user, request)
response = Response(response_data)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.utcnow() +
api_settings.JWT_EXPIRATION_DELTA)
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True)
expiration = datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA
response.set_cookie(
api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True,
)
return response

return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Expand All @@ -77,6 +84,7 @@ class ObtainJSONWebToken(JSONWebTokenAPIView):

Returns a JSON Web Token that can be used for authenticated requests.
"""

serializer_class = JSONWebTokenSerializer


Expand All @@ -85,6 +93,7 @@ class VerifyJSONWebToken(JSONWebTokenAPIView):
API View that checks the veracity of a token, returning the token if it
is valid.
"""

serializer_class = VerifyJSONWebTokenSerializer


Expand All @@ -96,6 +105,7 @@ class RefreshJSONWebToken(JSONWebTokenAPIView):
If 'orig_iat' field (original issued-at-time) is found, will first check
if it's within expiration window, then copy it to the new token
"""

serializer_class = RefreshJSONWebTokenSerializer


Expand Down
Loading