# HG changeset patch # User ymh # Date 1497901942 -7200 # Node ID 42c07d428747c7d00baf5dd6db31e2f2ed0c8adf # Parent 1eb52770eefa7ba345c482cb21a885c6b9e4c253 on server, augment default token lifetime and add settings in .env to control it. Add the refresh endpoint diff -r 1eb52770eefa -r 42c07d428747 src/.env.tmpl --- a/src/.env.tmpl Mon Jun 19 21:46:21 2017 +0200 +++ b/src/.env.tmpl Mon Jun 19 21:52:22 2017 +0200 @@ -1,37 +1,41 @@ # Base url for the application. default='' -BASE_URL= +# BASE_URL= # base url for static resources (ends with "/") # default : /static/ -STATIC_URL=/static/ +# STATIC_URL=/static/ # The absolute path to the directory where collectstatic will collect static files for deployment. (https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-STATIC_ROOT) # default: /run/web/static -STATIC_ROOT= +# STATIC_ROOT= # Absolute filesystem path to the directory that will hold user-uploaded files (https://docs.djangoproject.com/en/1.11/ref/settings/#media-root) # default: /run/web/media -MEDIA_ROOT= +# MEDIA_ROOT= # Secret key for the application. cf. https://docs.djangoproject.com/en/1.11/ref/settings/#secret-key -SECRET_KEY=ARANDOMSECRETKEY +# SECRET_KEY=ARANDOMSECRETKEY # Debug the application. Default True -DEBUG= +# DEBUG= # Comma separated values of authorized host. cf. https://docs.djangoproject.com/en/1.11/ref/settings/#allowed-hosts # default: empty -ALLOWED_HOSTS=127.0.0.1,localhost +# ALLOWED_HOSTS=127.0.0.1,localhost # 12factor inspired DATABASE_URL environment variable cf.https://github.com/kennethreitz/dj-database-url # examples: postgres://:@:/ # examples: sqlite:////full/path/to/your/database/file.sqlite # default: sqlite:////run/db/db.sqlite3 -DATABASE_URL=sqlite:////run/db/db.sqlite3 +# DATABASE_URL=sqlite:////run/db/db.sqlite3 # path for the log file # default: /run/log/log.txt -LOG_FILE= +# LOG_FILE= # log level one of CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET. Default: ERROR -LOG_LEVEL=DEBUG +# LOG_LEVEL=DEBUG + +# expiration delta for JWT tokens (in seconds) +# default: 3600 +# JWT_EXPIRATION_DELTA = 3600 diff -r 1eb52770eefa -r 42c07d428747 src/irinotes/settings.py --- a/src/irinotes/settings.py Mon Jun 19 21:46:21 2017 +0200 +++ b/src/irinotes/settings.py Mon Jun 19 21:52:22 2017 +0200 @@ -10,6 +10,7 @@ https://docs.djangoproject.com/en/1.11/ref/settings/ """ +import datetime import logging from decouple import Csv, config @@ -230,8 +231,14 @@ REST_USE_JWT = True OLD_PASSWORD_FIELD_ENABLED = True +#JWT settings +JWT_AUTH = { + 'JWT_ALLOW_REFRESH' : True, + 'JWT_EXPIRATION_DELTA' : datetime.timedelta( + seconds=config('JWT_EXPIRATION_DELTA', 3600, cast=int) + ) +} + # CORS Headers CORS_ORIGIN_ALLOW_ALL = True CORS_URLS_REGEX = r'^/api/.*$' - - diff -r 1eb52770eefa -r 42c07d428747 src/irinotes/urls.py --- a/src/irinotes/urls.py Mon Jun 19 21:46:21 2017 +0200 +++ b/src/irinotes/urls.py Mon Jun 19 21:52:22 2017 +0200 @@ -16,10 +16,12 @@ from allauth.account.views import confirm_email as allauthemailconfirmation from django.conf.urls import include, url from django.contrib import admin +from rest_framework_jwt.views import refresh_jwt_token urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api/notes/', include('notes.api.urls', namespace='notes')), + url(r'^api/auth/refresh/', refresh_jwt_token, name='rest_refresh'), url(r'^api/auth/', include('rest_auth.urls', namespace='rest_auth')), url( '^api/auth/registration/account-confirm-email/(?P[\\s\\d\\w().+-_\',:&]+)/$',