Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update authentication scheme from Token to JWT #1038

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

tomatoprinx
Copy link
Contributor

@tomatoprinx tomatoprinx commented Aug 14, 2021

Types of changes

  • Refactoring

Description

add 2 APIs:

  1. api/token
  2. api/token/refresh

resolves #1035

Steps to Test This Pull Request

Authenticate with JWT access token

  1. send GET request to api/token/
curl --location --request POST 'http://127.0.0.1:8000/api/token/' \
--header 'Content-Type: application/json' \
--data'{
    "email": "email",
    "password": "password"
}'
  1. retrieve access token and refresh token
{
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYyOTAwMDU1MywianRpIjoiMTc4MjMzZjBjZmY1NGIyNmIxZjRjNzJiYzZjMTI1ZmIiLCJ1c2VyX2lkIjoxNDczMjAyNjg3MzU1OTEyMTk0fQ.tzUPzWf0YTGzz7np9Pn6P_pmTkADioZZHaMuLpzbDcA",
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjI4OTE0NDUzLCJqdGkiOiJmOTdmNzM2NmI2OTE0MzdlOWIxMDljMDhjNGFhZTJmYyIsInVzZXJfaWQiOjE0NzMyMDI2ODczNTU5MTIxOTR9.Nvcn420emlxgT_tIyqQXaFu84npe9XVVTZO9UL-RAqY"
}
  1. verify access token with header Authorization: Token <access-token>
curl --location --request GET 'http://127.0.0.1:8000/api/sponsors' \
--header 'Authorization: Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjI4OTA4Njc2LCJqdGkiOiI0YWJkNjY1ZTUyMTI0ZWE0YmQxM2Y4MmNkMDFlOGQ1YyIsInVzZXJfaWQiOjE0NzMyMDI2ODczNTU5MTIxOTR9.sTVkLAAfNKNyit6kwB069czVbYEqQtIwFSp7zZHVrUk' 

access token has expired ↓↓↓

{
    "detail": "Given token not valid for any token type",
    "code": "token_not_valid",
    "messages": [
        {
            "token_class": "AccessToken",
            "token_type": "access",
            "message": "Token is invalid or expired"
        }
    ]
}

refresh token has expired

{
    "detail": "Token is invalid or expired",
    "code": "token_not_valid"
}

Refresh an expired access token

  1. send GET request to api/token/refresh/ to refresh access token
curl --location --request POST 'http://127.0.0.1:8000/api/token/refresh/' \
--header 'Content-Type: application/json' \
--data '{
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYyODk5MDQyNCwianRpIjoiOWQyZjdjYjFmOTkxNDExNDg0NzU5MTFhZTNhYmU2ZjAiLCJ1c2VyX2lkIjoxNDczMjAyNjg3MzU1OTEyMTk0fQ.i7hNgCJQ3taPkBj8f7fA4y0enC32Ff_t52q3PV3um_0"
}'

response

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjI4OTE0NzQ4LCJqdGkiOiI4Y2IyNTM1OTAwZDE0NmRjOTUwN2YwNTUzMjM0ZDI4NiIsInVzZXJfaWQiOjE0NzMyMDI2ODczNTU5MTIxOTR9.HwYx-me_X7jwMMVOsB8d9Fd_bn3gYayoPetMo_JrMCo"
}

Expected behavior

  • call api/token/ to retrieve access token and refresh token
  • call api/token/refresh to refresh access token when expired
  • the access token is expected to expire after 5 mins
  • the refresh token is expected to expire after 1 day

More Information

@codecov-commenter
Copy link

Codecov Report

Merging #1038 (fbc7e34) into master (53db620) will decrease coverage by 0.08%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1038      +/-   ##
==========================================
- Coverage   68.54%   68.46%   -0.09%     
==========================================
  Files          90       91       +1     
  Lines        3526     3529       +3     
==========================================
- Hits         2417     2416       -1     
- Misses       1109     1113       +4     
Impacted Files Coverage Δ
src/pycontw2016/urls.py 85.71% <ø> (ø)
src/attendee/api/views.py 48.00% <100.00%> (ø)
src/events/api/views.py 43.71% <100.00%> (ø)
src/security/urls.py 100.00% <100.00%> (ø)
src/sponsors/api/views.py 41.17% <100.00%> (ø)
src/core/authentication.py 0.00% <0.00%> (-100.00%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 53db620...fbc7e34. Read the comment docs.

@mattwang44 mattwang44 self-requested a review August 19, 2021 06:18
@mattwang44 mattwang44 requested a review from Maliaotw August 28, 2021 07:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature Request] Adopt JWTAuthentication instead of TokenAuthentication
2 participants