Merge pull request #225 from willkg/200-sessionrefresh

Change RefreshIDToken to SessionRefresh, fixes #200
mozilla · Apr 25, 2018 · b32c70a · b32c70a
2 parents 6fe0347 + 3bf63ff
commit b32c70a
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 19 deletions.
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -3,14 +3,15 @@
 History
 -------
 
-0.7.0 (unreleased)
+1.0.0 (unreleased)
 ++++++++++++++++++
 
 * Add OIDC_AUTHENTICATION_CALLBACK_URL as a new configuration parameter
 
 Backwards-incompatible changes:
 
 * ``OIDC_OP_LOGOUT_URL_METHOD`` takes a ``request`` parameter now.
+* Changed name of ``RefreshIDToken`` middleware to ``SessionRefresh``.
 
 
 0.6.0 (2018-03-27)

diff --git a/docs/installation.rst b/docs/installation.rst
@@ -184,21 +184,22 @@ his/her corporate account, but continue to use your website.
 
 To handle this scenario, your website needs to know if the user's id token with
 the OIDC provider is still valid. You need to use the
-:py:class:`mozilla_django_oidc.middleware.RefreshIDToken` middleware.
+:py:class:`mozilla_django_oidc.middleware.SessionRefresh` middleware.
 
 To add it to your site, put it in the settings::
 
     MIDDLEWARE_CLASSES = [
         # middleware involving session and authentication must come first
         # ...
-        'mozilla_django_oidc.middleware.RefreshIDToken',
+        'mozilla_django_oidc.middleware.SessionRefresh',
         # ...
     ]
 
 
-The ``RefreshIDToken`` middleware will check to see if the user's id token has
-expired and if so, redirect to the OIDC provider's authentication endpoint
-for a silent re-auth. That will redirect back to the page the user was going to.
+The :py:class:`mozilla_django_oidc.middleware.SessionRefresh` middleware will
+check to see if the user's id token has expired and if so, redirect to the OIDC
+provider's authentication endpoint for a silent re-auth. That will redirect back
+to the page the user was going to.
 
 The length of time it takes for an id token to expire is set in
 ``settings.OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS`` which defaults to 15 minutes.

diff --git a/mozilla_django_oidc/__init__.py b/mozilla_django_oidc/__init__.py
@@ -1 +1 @@
-__version__ = '0.6.0'
+__version__ = '1.0.0'
diff --git a/mozilla_django_oidc/middleware.py b/mozilla_django_oidc/middleware.py
@@ -35,18 +35,17 @@ class MiddlewareMixin(object):
         pass
 
 
-class RefreshIDToken(MiddlewareMixin):
-    """Renews id_tokens after expiry seconds
+class SessionRefresh(MiddlewareMixin):
+    """Refreshes the session with the OIDC RP after expiry seconds
 
-    For users authenticated with an id_token, we need to check that it's still
-    valid after a specific amount of time and if not, force them to
-    re-authenticate silently.
+    For users authenticated with the OIDC RP, verify tokens are still valid and
+    if not, force the user to re-authenticate silently.
 
     """
 
     @cached_property
     def exempt_urls(self):
-        """Generate and return a set of url paths to exempt from RefreshIDToken
+        """Generate and return a set of url paths to exempt from SessionRefresh
 
         This takes the value of ``settings.OIDC_EXEMPT_URLS`` and appends three
         urls that mozilla-django-oidc uses. These values can be view names or

diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -20,7 +20,7 @@
 from django.test import Client, RequestFactory, TestCase, override_settings
 from django.test.client import ClientHandler
 
-from mozilla_django_oidc.middleware import RefreshIDToken
+from mozilla_django_oidc.middleware import SessionRefresh
 from mozilla_django_oidc.urls import urlpatterns as orig_urlpatterns
 
 
@@ -30,10 +30,10 @@
 DJANGO_VERSION = tuple(django.VERSION[0:2])
 
 
-class RefreshIDTokenMiddlewareTestCase(TestCase):
+class SessionRefreshTokenMiddlewareTestCase(TestCase):
     def setUp(self):
         self.factory = RequestFactory()
-        self.middleware = RefreshIDToken()
+        self.middleware = SessionRefresh()
         self.user = User.objects.create_user('example_username')
 
     def test_anonymous(self):
@@ -158,7 +158,7 @@ def fakeview(req):
 def override_middleware(fun):
     classes = [
         'django.contrib.sessions.middleware.SessionMiddleware',
-        'mozilla_django_oidc.middleware.RefreshIDToken',
+        'mozilla_django_oidc.middleware.SessionRefresh',
     ]
     if DJANGO_VERSION >= (1, 10):
         return override_settings(MIDDLEWARE=classes)(fun)
@@ -221,15 +221,15 @@ def setUp(self):
 
     @override_settings(OIDC_EXEMPT_URLS=['mdo_fake_view'])
     def test_get_exempt_urls_setting_view_name(self):
-        middleware = RefreshIDToken()
+        middleware = SessionRefresh()
         self.assertEquals(
             sorted(list(middleware.exempt_urls)),
             [u'/authenticate/', u'/callback/', u'/logout/', u'/mdo_fake_view/']
         )
 
     @override_settings(OIDC_EXEMPT_URLS=['/foo/'])
     def test_get_exempt_urls_setting_url_path(self):
-        middleware = RefreshIDToken()
+        middleware = SessionRefresh()
         self.assertEquals(
             sorted(list(middleware.exempt_urls)),
             [u'/authenticate/', u'/callback/', u'/foo/', u'/logout/']