mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-09 03:16:25 +00:00
26 lines
979 B
Python
26 lines
979 B
Python
|
import datetime
|
||
|
from django.conf import settings
|
||
|
from django.utils.translation import ugettext_lazy as _
|
||
|
from rest_framework.authentication import TokenAuthentication
|
||
|
from rest_framework import exceptions
|
||
|
|
||
|
class ExpiringTokenAuthentication(TokenAuthentication):
|
||
|
def authenticate_credentials(self, key):
|
||
|
model = self.get_model()
|
||
|
try:
|
||
|
token = model.objects.select_related('user').get(key=key)
|
||
|
except model.DoesNotExist:
|
||
|
raise exceptions.AuthenticationFailed(_('Invalid token.'))
|
||
|
|
||
|
if not token.user.is_active:
|
||
|
raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
|
||
|
|
||
|
token_duration = datetime.timedelta(
|
||
|
seconds=settings.API_TOKEN_DURATION
|
||
|
)
|
||
|
utc_now = datetime.datetime.now(datetime.timezone.utc)
|
||
|
if token.created < utc_now - token_duration:
|
||
|
raise exceptions.AuthenticationFailed(_('Token has expired'))
|
||
|
|
||
|
return (token.user, token)
|