mirror of
https://gitlab.federez.net/re2o/re2o
synced 2024-07-07 06:34:06 +00:00
26 lines
979 B
Python
26 lines
979 B
Python
import datetime
|
|
from django.conf import settings
|
|
from django.utils.translation import ugettext_lazy as _
|
|
from rest_framework.authentication import TokenAuthentication
|
|
from rest_framework import exceptions
|
|
|
|
class ExpiringTokenAuthentication(TokenAuthentication):
|
|
def authenticate_credentials(self, key):
|
|
model = self.get_model()
|
|
try:
|
|
token = model.objects.select_related('user').get(key=key)
|
|
except model.DoesNotExist:
|
|
raise exceptions.AuthenticationFailed(_('Invalid token.'))
|
|
|
|
if not token.user.is_active:
|
|
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
|
|
|
|
token_duration = datetime.timedelta(
|
|
seconds=settings.API_TOKEN_DURATION
|
|
)
|
|
utc_now = datetime.datetime.now(datetime.timezone.utc)
|
|
if token.created < utc_now - token_duration:
|
|
raise exceptions.AuthenticationFailed(_('Token has expired'))
|
|
|
|
return (token.user, token)
|