U `@sddlmZddlmZddlmZmZddlmZddl m Z ddl m Z ddZ d d Zd d Zd dZGddde ZddZGddde ZdS))settings)timezone) exceptions serializers) CSRFCheck)JWTAuthentication)TokenRefreshSerializercCshddlm}ttdd}t|j}ttdd}ttdd}ttdd }|rd|j||||||d dS) Nr api_settingsJWT_AUTH_COOKIEJWT_AUTH_SECUREFJWT_AUTH_HTTPONLYTJWT_AUTH_SAMESITELax)expiressecurehttponlysamesite)!rest_framework_simplejwt.settingsr getattrrrnowACCESS_TOKEN_LIFETIME set_cookie)response access_token jwt_settings cookie_nameaccess_token_expiration cookie_securecookie_httponlycookie_samesiter!=/Users/michael/Projects/dj-rest-auth/dj_rest_auth/jwt_auth.pyset_jwt_access_cookie s     r#c Csvddlm}t|j}ttdd}ttdd}ttdd}ttdd }ttd d }|rr|j|||||||d dS) Nrr JWT_AUTH_REFRESH_COOKIEJWT_AUTH_REFRESH_COOKIE_PATH/r Fr Trr)rrrrpath)rr rrZREFRESH_TOKEN_LIFETIMErrr) r refresh_tokenrrefresh_token_expirationrefresh_cookie_namerefresh_cookie_pathrrr r!r!r"set_jwt_refresh_cookies"      r,cCst||t||dS)N)r#r,)rrr(r!r!r"set_jwt_cookies1s r-cCsHttdd}ttdd}ttdd}|r2|||rD|j||ddS)Nr r$r%r&)r')rr delete_cookie)rrr*r+r!r!r"unset_jwt_cookies6s    r/cs2eZdZejdddZddZfddZZS)CookieTokenRefreshSerializerFzWIll override cookie.)required help_textcCsj|jd}d|jkr,|jddkr,|jdSttdd}|rR||jkrR|j|Sddlm}|ddS)Nrequestrefreshr$r) InvalidTokenzNo valid refresh token found.)contextdatarrCOOKIESgetZ#rest_framework_simplejwt.exceptionsr6)selfr3rr6r!r!r"extract_refresh_tokenDs     z2CookieTokenRefreshSerializer.extract_refresh_tokencs||d<t|S)Nr4)r<supervalidate)r;attrs __class__r!r"r>Os z%CookieTokenRefreshSerializer.validate) __name__ __module__ __qualname__r CharFieldr4r<r> __classcell__r!r!r@r"r0As r0cs0ddlmddlm}Gfddd|}|S)z7 Returns a Token Refresh CBV without a circular import rr )TokenRefreshViewcs"eZdZeZfddZZS)z6get_refresh_view..RefreshViewWithCookieSupportcsr|jdkr8d|jkr8t||jdtj|jd<|jdkr\d|jkr\t||jdtj||f||S)Naccessrr4) status_coder8r#rrrr,r=finalize_response)r;r3rargskwargs)rArr!r"rK\s zHget_refresh_view..RefreshViewWithCookieSupport.finalize_response)rBrCrDr0serializer_classrKrFr!rr@r"RefreshViewWithCookieSupportYsrP)rr Zrest_framework_simplejwt.viewsrG)rGrPr!rOr"get_refresh_viewTs   rQc@s eZdZdZddZddZdS)JWTCookieAuthenticationz An authentication plugin that hopefully authenticates requests through a JSON web token provided in a request cookie (and through the header as normal, with a preference to the header). cCs8t}||||ddi}|r4td|dS)zK Enforce CSRF validation for session based authentication. Nr!z CSRF Failed: )rprocess_request process_viewrPermissionDenied)r;r3checkreasonr!r!r" enforce_csrfls  z$JWTCookieAuthentication.enforce_csrfcCsttdd}||}|dkrl|rf|j|}ttddrF||qj|dk rjttddrj||qvdSn ||}|dkrdS||}|||fS)Nr /JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATEDFJWT_AUTH_COOKIE_USE_CSRF) rr get_headerr9r:rXZ get_raw_tokenZget_validated_tokenget_user)r;r3rheaderZ raw_tokenZvalidated_tokenr!r!r" authenticatexs        z$JWTCookieAuthentication.authenticateN)rBrCrD__doc__rXr^r!r!r!r"rRfs rRN) django.confr django.utilsrrest_frameworkrrZrest_framework.authenticationrZ'rest_framework_simplejwt.authenticationr$rest_framework_simplejwt.serializersrr#r,r-r/r0rQrRr!r!r!r"s