Fix refresh token expired (#546)

Signed-off-by: Yuanmao Zhu <[email protected]>
hyperledger-cello · Aug 29, 2023 · cb4d243 · cb4d243
1 parent 790cbcb
commit cb4d243
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 16 deletions.
diff --git a/src/api-engine/api/routes/general/views.py b/src/api-engine/api/routes/general/views.py
@@ -1,6 +1,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 #
+
 from .serializers import (
     LoginBody,
     LoginSuccessBody,
@@ -10,6 +11,7 @@
 from api.common import ok, err
 from api.utils import zip_dir
 from api.lib.pki import CryptoGen, CryptoConfig
+
 from api.routes.general.serializers import (
     RegisterBody,
     RegisterResponse,
@@ -31,7 +33,9 @@
     RefreshToken,
     AccessToken,
 )
-
+from rest_framework_simplejwt.exceptions import (
+    TokenError
+)
 LOG = logging.getLogger(__name__)
 
 
@@ -129,7 +133,8 @@ def post(self, request, *args, **kwargs):
             user = authenticate(
                 request,
                 username=serializer.validated_data['email'],
-                password=serializer.validated_data['password'])
+                password=serializer.validated_data['password'],
+            )
             if user is not None:
                 refresh = RefreshToken.for_user(user)
                 data = {
@@ -148,19 +153,26 @@ class CelloTokenVerifyView(TokenVerifyView):
     def post(self, request, *args, **kwargs):
         serializer = TokenVerifyRequest(data=request.data)
         if serializer.is_valid(raise_exception=True):
-            access_token = AccessToken(
-                token=serializer.validated_data["token"],
-            )
-            user = UserProfile.objects.get(pk=access_token['user_id'])
-            if user is not None:
-                data = {
-                    'token': str(access_token.token),
-                    'user': user
-
-                }
-                response = LoginSuccessBody(instance=data)
+            try:
+                access_token = AccessToken(
+                    token=serializer.validated_data["token"],
+                )
+                user = UserProfile.objects.get(pk=access_token['user_id'])
+                if user is not None:
+                    data = {
+                        'token': str(access_token.token),
+                        'user': user,
+                    }
+                    response = LoginSuccessBody(instance=data)
+                    return Response(
+                        data=ok(response.data),
+                        status=200,
+                    )
+            except TokenError:
+                LOG.warn("invalid token error")
                 return Response(
-                    data=ok(response.data),
-                    status=200,
+                    data=err(msg="invalid token"),
+                    status=401
                 )
+
         return super().post(request, *args, **kwargs)
diff --git a/src/api-engine/api_engine/settings.py.example b/src/api-engine/api_engine/settings.py.example
@@ -216,7 +216,8 @@ MEDIA_URL = "$WEBROOT/media/"
 CELERY_BROKER_URL = "$CELERY_BROKER_URL"
 
 SIMPLE_JWT = {
-    'ACCESS_TOKEN_LIFETIME': timedelta(hours=1),
+    "ACCESS_TOKEN_LIFETIME": timedelta(hours=1),
+    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
     'ROTATE_REFRESH_TOKENS': False,
     'BLACKLIST_AFTER_ROTATION': False,
     'UPDATE_LAST_LOGIN': False,