如何在我的自定义身份验证视图django-rest-framework-simplejwt中设置 cookie?

编程问答 2022-05-24

问题描述

登录accessrefresh 令牌设置在 httponly cookie.so 我创建 CustomAuthentication(Inherit from JWTAuthentication) 视图来获取 httponly cookie.If access token invalid当时 InvalidToken 错误除外(请参阅我下面的代码)然后使用刷新令牌生成新的访问令牌。

问题 1: 如何在 cookie 中设置此访问令牌?这里我使用 Response() 但它不起作用,因为 CustomAuthentication 视图返回用户和令牌而不是响应。

问题 2: 通过使用刷新令牌并在 cookie 中设置,还有其他推荐的方法生成新的访问令牌吗?

对不起我的英语...

authenticate.py:

from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.exceptions import InvalidToken
from django.conf import settings
import requests
import json
from datetime import timedelta
from .utility import set_browser_cookie
from rest_framework.response import Response

def set_browser_cookie(response,key,value):
    response.set_cookie(
                       key = key,value = value,#    expires = settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'],secure = settings.SIMPLE_JWT['AUTH_COOKIE_SECURE'],httponly = settings.SIMPLE_JWT['AUTH_COOKIE_HTTP_ONLY'],samesite = settings.SIMPLE_JWT['AUTH_COOKIE_SAMESITE']
                       )

  

class CustomAuthentication(JWTAuthentication):
    
    def authenticate(self,request):
        header = self.get_header(request)        
        if header is None:
            raw_token = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE_ACCESS']) or None
        else:
            raw_token = self.get_raw_token(header)
        if raw_token is None:
            return None
        
        try:
            validated_token = self.get_validated_token(raw_token)
        except InvalidToken:
            refresh = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE_REFRESH'])
            
            if refresh is None:
                return None
                                      
            protocol = 'https' if request.is_secure() else 'http'
            url = f'{protocol}://127.0.0.1:8000/auth/api/token/refresh/'
            data = {"refresh": refresh}
            resp = requests.post(
                url,data=json.dumps(data),headers = {'content-type': 'application/json'}
                )
            result = resp.json()
            new_access_token = result['access']
            validated_token = self.get_validated_token(new_access_token)
            
            response = Response()
            set_browser_cookie(response,settings.SIMPLE_JWT['AUTH_COOKIE_ACCESS'],new_access_token)
            
            print("new_tokennnnnnnnn",new_access_token)

        return self.get_user(validated_token),validated_token

Settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'authentication.authenticate.CustomAuthentication',),}

提前致谢..

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

cookie-httponlydjangodjango-rest-frameworkdjango-rest-framework-simplejwt