refactored refresh-token endpoint

apps/account/views/web.py

@@ -58,7 +58,7 @@ class VerifyEmailConfirmView(JWTGenericViewMixin):
         if user_qs.exists():
             user = user_qs.first()
             if not gm_token_generator.check_token(user, token):
-                raise utils_exceptions.NotValidTokenError()
+                raise utils_exceptions.NotValidAccessTokenError()
             # Change email status
             user.confirm_email()
             return Response(status=status.HTTP_200_OK)
@@ -96,7 +96,7 @@ class PasswordResetConfirmView(JWTGenericViewMixin):
         obj = get_object_or_404(queryset, **filter_kwargs)
 
         if not gm_token_generator.check_token(user=obj.user, token=token):
-            raise utils_exceptions.NotValidTokenError()
+            raise utils_exceptions.NotValidAccessTokenError()
 
         # May raise a permission denied
         self.check_object_permissions(self.request, obj)

apps/authorization/serializers/common.py

@@ -154,12 +154,20 @@ class LoginByUsernameOrEmailSerializer(JWTBaseSerializerMixin, serializers.Model
 
 class RefreshTokenSerializer(serializers.Serializer):
     """Serializer for refresh token view"""
-    refresh_token = serializers.CharField()
+    refresh_token = serializers.CharField(read_only=True)
     access_token = serializers.CharField(read_only=True)
 
+    def get_request(self):
+        """Return request"""
+        return self.context.get('request')
+
     def validate(self, attrs):
         """Override validate method"""
-        token = tokens.RefreshToken(attrs['refresh_token'])
+        refresh_token = self.get_request().COOKIES.get('refresh_token')
+        if not refresh_token:
+            raise utils_exceptions.NotValidRefreshTokenError()
+        
+        token = tokens.RefreshToken(token=refresh_token)
 
         data = {'access_token': str(token.access_token)}
 

apps/utils/exceptions.py

@@ -70,11 +70,18 @@ class NotValidUsernameError(exceptions.APIException):
     default_detail = _('Wrong username')
 
 
-class NotValidTokenError(exceptions.APIException):
+class NotValidAccessTokenError(exceptions.APIException):
-    """The exception should be thrown when token in url is not valid
+    """The exception should be thrown when access token in url is not valid
     """
     status_code = status.HTTP_401_UNAUTHORIZED
-    default_detail = _('Not valid token')
+    default_detail = _('Not valid access token')
+
+
+class NotValidRefreshTokenError(exceptions.APIException):
+    """The exception should be thrown when refresh token is not valid
+    """
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = _('Not valid refresh token')
 
 
 class PasswordsAreEqual(exceptions.APIException):

apps/utils/permissions.py

@@ -3,7 +3,7 @@ from rest_framework.permissions import BasePermission
 from rest_framework_simplejwt.exceptions import TokenBackendError
 
 from authorization.models import BlacklistedAccessToken
-from utils.exceptions import NotValidTokenError
+from utils.exceptions import NotValidAccessTokenError
 from utils.methods import get_token_from_cookies
 
 
@@ -26,6 +26,6 @@ class IsAuthenticatedAndTokenIsValid(BasePermission):
                                                             .exists()
                 return not blacklisted
         except TokenBackendError:
-            raise NotValidTokenError()
+            raise NotValidAccessTokenError()
         else:
             return False