refactored refresh-token endpoint

2019-08-29 11:40:00 +03:00 · 2019-08-29 11:40:00 +03:00 · 5598290456
commit 5598290456
parent 39e833ec1d
4 changed files with 24 additions and 9 deletions
--- a/apps/account/views/web.py
+++ b/apps/account/views/web.py
@ -58,7 +58,7 @@ class VerifyEmailConfirmView(JWTGenericViewMixin):
        if user_qs.exists():
            user = user_qs.first()
            if not gm_token_generator.check_token(user, token):
-                raise utils_exceptions.NotValidTokenError()
+                raise utils_exceptions.NotValidAccessTokenError()
            # Change email status
            user.confirm_email()
            return Response(status=status.HTTP_200_OK)
@ -96,7 +96,7 @@ class PasswordResetConfirmView(JWTGenericViewMixin):
        obj = get_object_or_404(queryset, **filter_kwargs)

        if not gm_token_generator.check_token(user=obj.user, token=token):
-            raise utils_exceptions.NotValidTokenError()
+            raise utils_exceptions.NotValidAccessTokenError()

        # May raise a permission denied
        self.check_object_permissions(self.request, obj)
--- a/apps/authorization/serializers/common.py
+++ b/apps/authorization/serializers/common.py
@ -154,12 +154,20 @@ class LoginByUsernameOrEmailSerializer(JWTBaseSerializerMixin, serializers.Model

 class RefreshTokenSerializer(serializers.Serializer):
    """Serializer for refresh token view"""
-    refresh_token = serializers.CharField()
+    refresh_token = serializers.CharField(read_only=True)
    access_token = serializers.CharField(read_only=True)

+    def get_request(self):
+        """Return request"""
+        return self.context.get('request')
+
    def validate(self, attrs):
        """Override validate method"""
-        token = tokens.RefreshToken(attrs['refresh_token'])
+        refresh_token = self.get_request().COOKIES.get('refresh_token')
+        if not refresh_token:
+            raise utils_exceptions.NotValidRefreshTokenError()
+        
+        token = tokens.RefreshToken(token=refresh_token)

        data = {'access_token': str(token.access_token)}

--- a/apps/utils/exceptions.py
+++ b/apps/utils/exceptions.py
@ -70,11 +70,18 @@ class NotValidUsernameError(exceptions.APIException):
    default_detail = _('Wrong username')


-class NotValidTokenError(exceptions.APIException):
-    """The exception should be thrown when token in url is not valid
+class NotValidAccessTokenError(exceptions.APIException):
+    """The exception should be thrown when access token in url is not valid
    """
    status_code = status.HTTP_401_UNAUTHORIZED
-    default_detail = _('Not valid token')
+    default_detail = _('Not valid access token')
+
+
+class NotValidRefreshTokenError(exceptions.APIException):
+    """The exception should be thrown when refresh token is not valid
+    """
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = _('Not valid refresh token')


 class PasswordsAreEqual(exceptions.APIException):
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -3,7 +3,7 @@ from rest_framework.permissions import BasePermission
 from rest_framework_simplejwt.exceptions import TokenBackendError

 from authorization.models import BlacklistedAccessToken
-from utils.exceptions import NotValidTokenError
+from utils.exceptions import NotValidAccessTokenError
 from utils.methods import get_token_from_cookies


@ -26,6 +26,6 @@ class IsAuthenticatedAndTokenIsValid(BasePermission):
                                                            .exists()
                return not blacklisted
        except TokenBackendError:
-            raise NotValidTokenError()
+            raise NotValidAccessTokenError()
        else:
            return False