forked from jpadilla/django-rest-framework-jwt
-
Notifications
You must be signed in to change notification settings - Fork 57
/
views.py
89 lines (63 loc) · 2.68 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from datetime import datetime
from rest_framework import status
from rest_framework.generics import GenericAPIView
from rest_framework.response import Response
from .authentication import JSONWebTokenAuthentication
from .serializers import \
JSONWebTokenSerializer, RefreshAuthTokenSerializer, \
VerifyAuthTokenSerializer
from .settings import api_settings
class BaseJSONWebTokenAPIView(GenericAPIView):
"""Base JWT auth view used for all other JWT views (verify/refresh)."""
permission_classes = ()
authentication_classes = ()
serializer_class = JSONWebTokenSerializer
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if not serializer.is_valid():
return Response(
serializer.errors, status=status.HTTP_400_BAD_REQUEST
)
user = serializer.validated_data.get('user') or request.user
token = serializer.validated_data.get('token')
issued_at = serializer.validated_data.get('issued_at')
response_data = JSONWebTokenAuthentication. \
jwt_create_response_payload(token, user, request, issued_at)
response_serializer = self.get_serializer(
response_data, context={'request': request}
)
response = Response(response_serializer.data)
if api_settings.JWT_AUTH_COOKIE:
expiration = (
datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA
)
response.set_cookie(
api_settings.JWT_AUTH_COOKIE, token, expires=expiration,
httponly=True
)
return response
class ObtainJSONWebTokenView(BaseJSONWebTokenAPIView):
"""
API View that receives a POST with a user's username and password.
Returns a JSON Web Token that can be used for authenticated requests.
"""
serializer_class = JSONWebTokenSerializer
class VerifyJSONWebTokenView(BaseJSONWebTokenAPIView):
"""
API View that checks the validity of a token, returning the token if it
is valid.
"""
serializer_class = VerifyAuthTokenSerializer
class RefreshJSONWebTokenView(BaseJSONWebTokenAPIView):
"""
API View that returns a refreshed token (with new expiration) based on
existing token
If 'orig_iat' field (original issued-at-time) is found it will first check
if it's within expiration window, then copy it to the new token.
"""
serializer_class = RefreshAuthTokenSerializer
obtain_jwt_token = ObtainJSONWebTokenView.as_view()
verify_jwt_token = VerifyJSONWebTokenView.as_view()
refresh_jwt_token = RefreshJSONWebTokenView.as_view()