on server, augment default token lifetime and add settings in .env to control it. Add the refresh endpoint
--- a/src/.env.tmpl Mon Jun 19 21:46:21 2017 +0200
+++ b/src/.env.tmpl Mon Jun 19 21:52:22 2017 +0200
@@ -1,37 +1,41 @@
# Base url for the application. default=''
-BASE_URL=
+# BASE_URL=
# base url for static resources (ends with "/")
# default : /static/
-STATIC_URL=/static/
+# STATIC_URL=/static/
# The absolute path to the directory where collectstatic will collect static files for deployment. (https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-STATIC_ROOT)
# default: <path to irinotes repository clone>/run/web/static
-STATIC_ROOT=
+# STATIC_ROOT=
# Absolute filesystem path to the directory that will hold user-uploaded files (https://docs.djangoproject.com/en/1.11/ref/settings/#media-root)
# default: <path to irinotes repository clone>/run/web/media
-MEDIA_ROOT=
+# MEDIA_ROOT=
# Secret key for the application. cf. https://docs.djangoproject.com/en/1.11/ref/settings/#secret-key
-SECRET_KEY=ARANDOMSECRETKEY
+# SECRET_KEY=ARANDOMSECRETKEY
# Debug the application. Default True
-DEBUG=<true|False>
+# DEBUG=<true|False>
# Comma separated values of authorized host. cf. https://docs.djangoproject.com/en/1.11/ref/settings/#allowed-hosts
# default: empty
-ALLOWED_HOSTS=127.0.0.1,localhost
+# ALLOWED_HOSTS=127.0.0.1,localhost
# 12factor inspired DATABASE_URL environment variable cf.https://github.com/kennethreitz/dj-database-url
# examples: postgres://<user>:<password>@<host>:<port>/<db_name>
# examples: sqlite:////full/path/to/your/database/file.sqlite
# default: sqlite:///<path to irinotes repository clone>/run/db/db.sqlite3
-DATABASE_URL=sqlite:///<path to irinotes repository clone>/run/db/db.sqlite3
+# DATABASE_URL=sqlite:///<path to irinotes repository clone>/run/db/db.sqlite3
# path for the log file
# default: <path to irinotes repository clone>/run/log/log.txt
-LOG_FILE=
+# LOG_FILE=
# log level one of CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET. Default: ERROR
-LOG_LEVEL=DEBUG
+# LOG_LEVEL=DEBUG
+
+# expiration delta for JWT tokens (in seconds)
+# default: 3600
+# JWT_EXPIRATION_DELTA = 3600
--- a/src/irinotes/settings.py Mon Jun 19 21:46:21 2017 +0200
+++ b/src/irinotes/settings.py Mon Jun 19 21:52:22 2017 +0200
@@ -10,6 +10,7 @@
https://docs.djangoproject.com/en/1.11/ref/settings/
"""
+import datetime
import logging
from decouple import Csv, config
@@ -230,8 +231,14 @@
REST_USE_JWT = True
OLD_PASSWORD_FIELD_ENABLED = True
+#JWT settings
+JWT_AUTH = {
+ 'JWT_ALLOW_REFRESH' : True,
+ 'JWT_EXPIRATION_DELTA' : datetime.timedelta(
+ seconds=config('JWT_EXPIRATION_DELTA', 3600, cast=int)
+ )
+}
+
# CORS Headers
CORS_ORIGIN_ALLOW_ALL = True
CORS_URLS_REGEX = r'^/api/.*$'
-
-
--- a/src/irinotes/urls.py Mon Jun 19 21:46:21 2017 +0200
+++ b/src/irinotes/urls.py Mon Jun 19 21:52:22 2017 +0200
@@ -16,10 +16,12 @@
from allauth.account.views import confirm_email as allauthemailconfirmation
from django.conf.urls import include, url
from django.contrib import admin
+from rest_framework_jwt.views import refresh_jwt_token
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^api/notes/', include('notes.api.urls', namespace='notes')),
+ url(r'^api/auth/refresh/', refresh_jwt_token, name='rest_refresh'),
url(r'^api/auth/', include('rest_auth.urls', namespace='rest_auth')),
url(
'^api/auth/registration/account-confirm-email/(?P<key>[\\s\\d\\w().+-_\',:&]+)/$',