diff --git a/apps/utils/views.py b/apps/utils/views.py index b8c8e9f5..f413e3cc 100644 --- a/apps/utils/views.py +++ b/apps/utils/views.py @@ -12,6 +12,8 @@ from rest_framework_simplejwt import tokens class JWTGenericViewMixin(generics.GenericAPIView): """JWT view mixin""" + JWT_SETTINGS = settings.SIMPLE_JWT + ACCESS_TOKEN_HTTP_ONLY = False ACCESS_TOKEN_SECURE = False @@ -38,18 +40,26 @@ class JWTGenericViewMixin(generics.GenericAPIView): """ COOKIES = list() + # Set max_age for tokens + if permanent: + access_token_max_age = self.JWT_SETTINGS.get('ACCESS_TOKEN_LIFETIME_SECONDS') + refresh_token_max_age = self.JWT_SETTINGS.get('REFRESH_TOKEN_LIFETIME_SECONDS') + else: + access_token_max_age = settings.COOKIES_MAX_AGE + refresh_token_max_age = settings.COOKIES_MAX_AGE + # Write to cookie access and refresh token with secure flag if access_token and refresh_token: _access_token = self.COOKIE(key='access_token', value=access_token, http_only=self.ACCESS_TOKEN_HTTP_ONLY, secure=self.ACCESS_TOKEN_SECURE, - max_age=None if permanent else settings.COOKIES_MAX_AGE) + max_age=access_token_max_age) _refresh_token = self.COOKIE(key='refresh_token', value=refresh_token, http_only=self.REFRESH_TOKEN_HTTP_ONLY, secure=self.REFRESH_TOKEN_SECURE, - max_age=None if permanent else settings.COOKIES_MAX_AGE) + max_age=refresh_token_max_age) COOKIES.extend((_access_token, _refresh_token)) return COOKIES diff --git a/project/settings/base.py b/project/settings/base.py index 8305b637..71a440ea 100644 --- a/project/settings/base.py +++ b/project/settings/base.py @@ -333,8 +333,10 @@ GEOIP_PATH = os.path.join(PROJECT_ROOT, 'geoip_db') # JWT SIMPLE_JWT = { - 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5), - 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), + 'ACCESS_TOKEN_LIFETIME': timedelta(hours=6), + 'ACCESS_TOKEN_LIFETIME_SECONDS': 21600, # 6 hours in seconds + 'REFRESH_TOKEN_LIFETIME': timedelta(days=30), + 'REFRESH_TOKEN_LIFETIME_SECONDS': 2592000, # 30 days in seconds 'ROTATE_REFRESH_TOKENS': True, 'BLACKLIST_AFTER_ROTATION': True,