Add settings to allow customization of web auth JWT cookie

oscarychen · Jan 6, 2024 · 1cfac41 · 1cfac41
1 parent 61479f2
commit 1cfac41
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 10 deletions.
diff --git a/ninja_simple_jwt/auth/views/api.py b/ninja_simple_jwt/auth/views/api.py
@@ -1,6 +1,5 @@
 from datetime import UTC, datetime
 
-from django.conf import settings
 from django.contrib.auth import authenticate
 from django.http import HttpRequest, HttpResponse
 from jwt.exceptions import PyJWTError
@@ -21,10 +20,11 @@
 )
 from ninja_simple_jwt.settings import ninja_simple_jwt_settings
 
-auth_router = Router()
+mobile_auth_router = Router()
+web_auth_router = Router()
 
 
-@auth_router.post("/mobile/sign-in", response=MobileSignInResponse)
+@mobile_auth_router.post("/sign-in", response=MobileSignInResponse)
 def mobile_sign_in(request: HttpRequest, payload: SignInRequest) -> dict:
     payload_data = payload.dict()
     user = authenticate(username=payload_data["username"], password=payload_data["password"])
@@ -35,7 +35,7 @@ def mobile_sign_in(request: HttpRequest, payload: SignInRequest) -> dict:
     return {"refresh": refresh_token, "access": access_token}
 
 
-@auth_router.post("/mobile/token-refresh", response=MobileTokenRefreshResponse)
+@mobile_auth_router.post("/token-refresh", response=MobileTokenRefreshResponse)
 def mobile_token_refresh(request: HttpRequest, payload: MobileTokenRefreshRequest) -> dict:
     payload_data = payload.dict()
     try:
@@ -46,7 +46,7 @@ def mobile_token_refresh(request: HttpRequest, payload: MobileTokenRefreshReques
     return {"access": access_token}
 
 
-@auth_router.post("/web/sign-in", response=WebSignInResponse)
+@web_auth_router.post("/sign-in", response=WebSignInResponse)
 def web_sign_in(request: HttpRequest, payload: SignInRequest, response: HttpResponse) -> dict:
     payload_data = payload.dict()
     user = authenticate(username=payload_data["username"], password=payload_data["password"])
@@ -58,15 +58,15 @@ def web_sign_in(request: HttpRequest, payload: SignInRequest, response: HttpResp
         key=ninja_simple_jwt_settings.JWT_REFRESH_COOKIE_NAME,
         value=refresh_token,
         expires=datetime.fromtimestamp(refresh_token_payload["exp"], UTC),
-        httponly=True,
-        samesite="Strict",
-        secure=not settings.DEBUG,
-        path="/api/auth/web/token-refresh",
+        httponly=ninja_simple_jwt_settings.WEB_REFRESH_COOKIE_HTTP_ONLY,
+        samesite=ninja_simple_jwt_settings.WEB_REFRESH_COOKIE_SAME_SITE_POLICY,
+        secure=ninja_simple_jwt_settings.WEB_REFRESH_COOKIE_SECURE,
+        path=ninja_simple_jwt_settings.WEB_REFRESH_COOKIE_PATH,
     )
     return {"access": access_token}
 
 
-@auth_router.post("/web/token-refresh", response=WebSignInResponse)
+@web_auth_router.post("/token-refresh", response=WebSignInResponse)
 def web_token_refresh(request: HttpRequest) -> dict:
     cookie = request.COOKIES.get(ninja_simple_jwt_settings.JWT_REFRESH_COOKIE_NAME)
     if cookie is None:

diff --git a/ninja_simple_jwt/settings.py b/ninja_simple_jwt/settings.py
@@ -15,6 +15,10 @@ class NinjaSimpleJwtSettingsDict(TypedDict):
     JWT_REFRESH_COOKIE_NAME: NotRequired[str]
     JWT_REFRESH_TOKEN_LIFETIME: NotRequired[timedelta]
     JWT_ACCESS_TOKEN_LIFETIME: NotRequired[timedelta]
+    WEB_REFRESH_COOKIE_SECURE: NotRequired[bool]
+    WEB_REFRESH_COOKIE_HTTP_ONLY: NotRequired[bool]
+    WEB_REFRESH_COOKIE_SAME_SITE_POLICY: NotRequired[str]
+    WEB_REFRESH_COOKIE_PATH: NotRequired[str]
 
 
 DEFAULTS: NinjaSimpleJwtSettingsDict = {
@@ -24,6 +28,10 @@ class NinjaSimpleJwtSettingsDict(TypedDict):
     "JWT_REFRESH_COOKIE_NAME": "refresh",
     "JWT_REFRESH_TOKEN_LIFETIME": timedelta(days=30),
     "JWT_ACCESS_TOKEN_LIFETIME": timedelta(minutes=15),
+    "WEB_REFRESH_COOKIE_SECURE": not settings.DEBUG,
+    "WEB_REFRESH_COOKIE_HTTP_ONLY": True,
+    "WEB_REFRESH_COOKIE_SAME_SITE_POLICY": "Strict",
+    "WEB_REFRESH_COOKIE_PATH": "/api/auth/web/token-refresh",
 }
 
 EMPTY_SETTINGS: NinjaSimpleJwtSettingsDict = {}