shimatta-kenkyusho/shimatta_kenkyusho/api/ExpiringAuthToken.py

25 lines
884 B
Python
Raw Permalink Normal View History

2021-08-07 19:47:34 +02:00
from datetime import timedelta
from django.conf import settings
from django.utils import timezone
from rest_framework.authentication import TokenAuthentication
from rest_framework.authtoken.models import Token
from rest_framework import exceptions
from django.core.exceptions import ObjectDoesNotExist
EXPIRE_HOURS = getattr(settings, 'REST_FRAMEWORK_TOKEN_EXPIRE_HOURS', 24)
class ExpiringTokenAuthentication(TokenAuthentication):
def authenticate_credentials(self, key):
2021-12-30 21:12:58 +01:00
#print(key)
2021-08-07 19:47:34 +02:00
try:
token = Token.objects.get(key=key)
except Token.DoesNotExist:
raise exceptions.AuthenticationFailed('Invalid token')
if not token.user.is_active:
raise exceptions.AuthenticationFailed('User inactive or deleted')
if token.created < timezone.now() - timedelta(hours=EXPIRE_HOURS):
raise exceptions.AuthenticationFailed('Token has expired')
return (token.user, token)