Source code for jwt_allauth.token_refresh.views

from django.conf import settings
from rest_framework import status
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework_simplejwt.exceptions import TokenError, InvalidToken
from rest_framework_simplejwt.views import TokenRefreshView as DefaultTokenRefreshView
from rest_framework.throttling import UserRateThrottle
from jwt_allauth.token_refresh.serializers import TokenRefreshSerializer
from jwt_allauth.utils import get_user_agent, user_agent_dict, _get_cookie_secure, _get_cookie_max_age
from jwt_allauth.constants import REFRESH_TOKEN_COOKIE




[docs]
class TokenRefreshView(DefaultTokenRefreshView):
    serializer_class = TokenRefreshSerializer
    throttle_classes = [UserRateThrottle]

    @get_user_agent
    def post(self, request: Request, *args, **kwargs) -> Response:
        input_data = {}

        # Get refresh token from cookie or request data based on configuration
        if getattr(settings, 'JWT_ALLAUTH_REFRESH_TOKEN_AS_COOKIE', True):
            refresh_token = request.COOKIES.get('refresh_token')
            if refresh_token:
                input_data['refresh'] = refresh_token
        else:
            if 'refresh' in request.data:
                input_data['refresh'] = request.data['refresh']

        context = user_agent_dict(self.request)
        serializer = self.get_serializer(data=input_data, context=context)

        try:
            serializer.is_valid(raise_exception=True)
        except TokenError as e:
            raise InvalidToken(e.args[0])

        response_data = {"access": serializer.validated_data['access']}

        # Handle refresh token based on configuration
        if not getattr(settings, 'JWT_ALLAUTH_REFRESH_TOKEN_AS_COOKIE', True):
            response_data["refresh"] = serializer.validated_data['refresh']

        response = Response(response_data, status=status.HTTP_200_OK)

        if getattr(settings, 'JWT_ALLAUTH_REFRESH_TOKEN_AS_COOKIE', True):
            response.set_cookie(
                key=REFRESH_TOKEN_COOKIE,
                value=str(serializer.validated_data['refresh']),
                httponly=getattr(settings, "JWT_ALLAUTH_REFRESH_TOKEN_COOKIE_HTTP_ONLY", True),
                secure=_get_cookie_secure(),
                samesite=getattr(settings, "JWT_ALLAUTH_REFRESH_TOKEN_COOKIE_SAME_SITE", "Lax"),
                max_age=_get_cookie_max_age(),
                path=getattr(settings, "JWT_ALLAUTH_REFRESH_TOKEN_COOKIE_PATH", "/"),
            )

        return response