from datetime import timedelta from django.conf import settings from django.utils import timezone from rest_framework.authentication import TokenAuthentication from rest_framework.authtoken.models import Token from rest_framework import exceptions from django.core.exceptions import ObjectDoesNotExist EXPIRE_HOURS = getattr(settings, 'REST_FRAMEWORK_TOKEN_EXPIRE_HOURS', 24) class ExpiringTokenAuthentication(TokenAuthentication): def authenticate_credentials(self, key): print(key) try: token = Token.objects.get(key=key) except Token.DoesNotExist: raise exceptions.AuthenticationFailed('Invalid token') if not token.user.is_active: raise exceptions.AuthenticationFailed('User inactive or deleted') if token.created < timezone.now() - timedelta(hours=EXPIRE_HOURS): raise exceptions.AuthenticationFailed('Token has expired') return (token.user, token)