refactored remember flag in login

2019-08-28 12:54:17 +03:00 · 2019-08-28 12:54:17 +03:00 · 0db7b52df7
commit 0db7b52df7
parent e22a54114b
2 changed files with 16 additions and 4 deletions
--- a/apps/utils/views.py
+++ b/apps/utils/views.py
@ -12,6 +12,8 @@ from rest_framework_simplejwt import tokens
 class JWTGenericViewMixin(generics.GenericAPIView):
    """JWT view mixin"""

+    JWT_SETTINGS = settings.SIMPLE_JWT
+
    ACCESS_TOKEN_HTTP_ONLY = False
    ACCESS_TOKEN_SECURE = False

@ -38,18 +40,26 @@ class JWTGenericViewMixin(generics.GenericAPIView):
        """
        COOKIES = list()

+        # Set max_age for tokens
+        if permanent:
+            access_token_max_age = self.JWT_SETTINGS.get('ACCESS_TOKEN_LIFETIME_SECONDS')
+            refresh_token_max_age = self.JWT_SETTINGS.get('REFRESH_TOKEN_LIFETIME_SECONDS')
+        else:
+            access_token_max_age = settings.COOKIES_MAX_AGE
+            refresh_token_max_age = settings.COOKIES_MAX_AGE
+
        # Write to cookie access and refresh token with secure flag
        if access_token and refresh_token:
            _access_token = self.COOKIE(key='access_token',
                                        value=access_token,
                                        http_only=self.ACCESS_TOKEN_HTTP_ONLY,
                                        secure=self.ACCESS_TOKEN_SECURE,
-                                        max_age=None if permanent else settings.COOKIES_MAX_AGE)
+                                        max_age=access_token_max_age)
            _refresh_token = self.COOKIE(key='refresh_token',
                                         value=refresh_token,
                                         http_only=self.REFRESH_TOKEN_HTTP_ONLY,
                                         secure=self.REFRESH_TOKEN_SECURE,
-                                         max_age=None if permanent else settings.COOKIES_MAX_AGE)
+                                         max_age=refresh_token_max_age)
            COOKIES.extend((_access_token, _refresh_token))
        return COOKIES

--- a/project/settings/base.py
+++ b/project/settings/base.py
@ -333,8 +333,10 @@ GEOIP_PATH = os.path.join(PROJECT_ROOT, 'geoip_db')

 # JWT
 SIMPLE_JWT = {
-    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
-    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
+    'ACCESS_TOKEN_LIFETIME': timedelta(hours=6),
+    'ACCESS_TOKEN_LIFETIME_SECONDS': 21600,  # 6 hours in seconds
+    'REFRESH_TOKEN_LIFETIME': timedelta(days=30),
+    'REFRESH_TOKEN_LIFETIME_SECONDS': 2592000,  # 30 days in seconds
    'ROTATE_REFRESH_TOKENS': True,
    'BLACKLIST_AFTER_ROTATION': True,