Merge pull request #1066 from amadolid/feature/sso-with-expires-in-pa…

…rams [SOCIAL-AUTH]: Add expires_in option
Jaseci-Labs · Apr 19, 2023 · 936b0e9 · 936b0e9
2 parents f2f3038 + 3fc484c
commit 936b0e9
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 6 deletions.
diff --git a/jaseci_serv/jaseci_serv/jsx_oauth/config.py b/jaseci_serv/jaseci_serv/jsx_oauth/config.py
@@ -19,7 +19,7 @@
 AUTH_PROVIDERS = {"facebook": "facebook", "google": "google", "email": "email"}
 SOCIALACCOUNT_EMAIL_VERIFICATION = "none"
 
-KNOX_TOKEN_EXPIRY = 24
+KNOX_TOKEN_EXPIRY = 12
 
 REST_AUTH_TOKEN_MODEL = None
 

diff --git a/jaseci_serv/jaseci_serv/jsx_oauth/tests/test_social_auth.py b/jaseci_serv/jaseci_serv/jsx_oauth/tests/test_social_auth.py
@@ -1,8 +1,11 @@
 import jwt
 from time import time
+from datetime import datetime
 from rest_framework.test import APIClient
 from jaseci.utils.utils import TestCaseHelper
 from django.test import TestCase
+from knox.models import AuthToken
+from knox.settings import CONSTANTS
 from allauth.socialaccount.models import SocialApp
 from allauth.socialaccount.providers.oauth2.client import OAuth2Client
 from jaseci_serv.base.models import User
@@ -78,6 +81,25 @@ def create_google_provider(self):
 
         return google_app
 
+    def request_social_sign_in_with_expires_in(self, expires_in_query=""):
+        now = datetime.now()
+
+        token = self.client.post(
+            path=f"/auth/google/?{expires_in_query}",
+            data={"code": mocked_code},
+        ).data["token"]
+
+        auth_token = AuthToken.objects.get(
+            token_key=token[: CONSTANTS.TOKEN_KEY_LENGTH]
+        )
+
+        # convert to hour count if available
+        return (
+            int((auth_token.expiry - now).total_seconds() / 60 / 60)
+            if auth_token.expiry
+            else None
+        )
+
     def request_social_sign_in_with_multiple_provider(self, data):
         res = self.client.post(
             path="/auth/google/",
@@ -129,7 +151,7 @@ def request_social_sign_in(self, data):
         self.assertEqual(created_user.is_activated, res["is_activated"])
         self.assertIsNotNone(created_user.get_master())
 
-        # getting token again should create another user
+        # getting token again should not create another user
         res = self.client.post(
             path="/auth/google/",
             data=data,
@@ -202,3 +224,17 @@ def test_social_auth_flow_using_access_token_with_internal_client_id(self):
         data = mocked_get_access_token()
         data["internal_client_id"] = internal_client.client_id
         self.request_social_sign_in(data)
+
+    def test_social_auth_flow_with_expires_in_param(self):
+        # no expires_in_param: defaults to 12 hrs
+        self.assertEqual(12, self.request_social_sign_in_with_expires_in())
+
+        # expires_in: 24 hrs
+        self.assertEqual(
+            24, self.request_social_sign_in_with_expires_in("expires_in=24")
+        )
+
+        # no expiry
+        self.assertEqual(
+            None, self.request_social_sign_in_with_expires_in("expires_in=0")
+        )
diff --git a/jaseci_serv/jaseci_serv/jsx_oauth/utils.py b/jaseci_serv/jaseci_serv/jsx_oauth/utils.py
@@ -191,12 +191,18 @@ def post(self, request, *args, **kwargs):
         auth_token = AuthToken.objects.filter(user_id=self.user.id)
         if auth_token:
             AuthToken.objects.filter(user_id=self.user.id).delete()
-        instance, token = AuthToken.objects.create(
-            self.user,
+
+        expiry = (
             knox_settings.TOKEN_TTL
             if knox_settings.TOKEN_TTL
-            else timedelta(hours=settings.KNOX_TOKEN_EXPIRY),
+            else timedelta(hours=settings.KNOX_TOKEN_EXPIRY)
         )
+        expires_in: str = self.request.query_params.get("expires_in")
+
+        if expires_in and expires_in.isnumeric():
+            expiry = None if expires_in == "0" else timedelta(hours=int(expires_in))
+
+        instance, token = AuthToken.objects.create(self.user, expiry)
 
         auth_user = authenticate(
             request=self.request, username=self.user.email, password=self.user.password

diff --git a/jaseci_serv/templates/examples/social_auth.html b/jaseci_serv/templates/examples/social_auth.html
@@ -101,7 +101,7 @@ <h1>Google Identity Services Authorization Token model</h1>
 }
 
 var request = $.ajax({
-    type: "POST", url: "/auth/" + provider + "/",
+    type: "POST", url: "/auth/" + provider + "/?expires_in=0",
     data: {
         id_token: "",
         code: "{{code}}",