我正为此而努力使django令牌到期我正在关注此https://medium.com/@yerkebulan199/django-rest-framework-drf-token-authentication-with-expires-in-a05c1d2b7e05
我的帐户/authentication.py文件就像
from rest_framework.authentication import TokenAuthentication
from rest_framework.authtoken.models import Token
from rest_framework.exceptions import AuthenticationFailed
from datetime import timedelta
from django.utils import timezone
from django.conf import settings
# this return left time
def expires_in(token):
time_elapsed = timezone.now() - token.created
left_time = timedelta(seconds=settings.TOKEN_EXPIRED_AFTER_SECONDS) - time_elapsed
return left_time
# token checker if token expired or not
def is_token_expired(token):
return expires_in(token) < timedelta(seconds=0)
# if token is expired new token will be established
# If token is expired then it will be removed
# and new one with different key will be created
def token_expire_handler(token):
is_expired = is_token_expired(token)
if is_expired:
token.delete()
token = Token.objects.create(user=token.user)
return is_expired, token
# ________________________________________________
# DEFAULT_AUTHENTICATION_CLASSES
class ExpiringTokenAuthentication(TokenAuthentication):
"""
If token is expired then it will be removed
and new one with different key will be created
"""
def authenticate_credentials(self, key):
try:
token = Token.objects.get(key=key)
except Token.DoesNotExist:
raise AuthenticationFailed("Invalid Token")
if not token.user.is_active:
raise AuthenticationFailed("User is not active")
is_expired, token = token_expire_handler(token)
if is_expired:
raise AuthenticationFailed("The Token is expired")
return (token.user, token)
我已经这样添加了settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'accounts.authentication.ExpiringTokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
TOKEN_EXPIRED_AFTER_SECONDS = 10
仍然没有更新令牌,我已经检查了此身份验证类是否未触发。
答案 0 :(得分:0)
在 expires_in 函数
中尝试time_elapsed = token.created - timezone.now()
cuz 经过的时间应为肯定的以获取剩余时间