Skip to content

Commit 5a4fdaa

Browse files
Merge pull request #494 from sparcs-kaist/revert-493-revert-492-revert-491-feat/jwt_auth
Revert add jwt authentication" for realeased""
2 parents 58323be + 26342a6 commit 5a4fdaa

File tree

6 files changed

+871
-997
lines changed

6 files changed

+871
-997
lines changed

Pipfile

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,6 @@ django-ses = "*"
4141
pydantic = "*"
4242
slack-sdk = "*"
4343
pytz = "*"
44-
djangorestframework-simplejwt = "*"
4544

4645
[dev-packages]
4746
black = "*"

Pipfile.lock

Lines changed: 862 additions & 905 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apps/user/views/viewsets/user.py

Lines changed: 9 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,6 @@
1919
from ara.classes.sparcssso import Client as SSOClient
2020
from ara.classes.viewset import ActionAPIViewSet
2121

22-
#for jwt
23-
from rest_framework_simplejwt.tokens import RefreshToken
24-
from django.http import JsonResponse
25-
2622
NOUNS = [
2723
"외계인",
2824
"펭귄",
@@ -147,7 +143,6 @@ class UserViewSet(ActionAPIViewSet):
147143
action_permission_classes = {
148144
"sso_login": (permissions.AllowAny,),
149145
"sso_login_callback": (permissions.AllowAny,),
150-
"refresh_token": (permissions.AllowAny,),
151146
}
152147

153148
@cached_property
@@ -296,37 +291,17 @@ def sso_login_callback(self, request, *args, **kwargs):
296291

297292
login(request, user_profile.user)
298293

299-
#jwt token
300-
refresh = RefreshToken.for_user(user_profile.user)
301-
access_token = str(refresh.access_token)
302-
refresh_token = str(refresh)
303-
304294
_next = request.session.get("next", "/")
305295

306-
# 이용약관 미동의자
307-
if (request.user.is_authenticated and
308-
request.user.profile.agree_terms_of_service_at is None):
309-
tos_url = f"{urlparse(_next).scheme}://{urlparse(_next).netloc}/tos"
310-
else:
311-
tos_url = None
312-
313-
# API 요청이면 JSON 응답, 아니면 redirect
314-
if request.headers.get("Accept") == "application/json" or request.GET.get("mode") == "json":
315-
res = JsonResponse({
316-
"detail": "login success",
317-
"next": tos_url or _next,
318-
"access": access_token,
319-
"refresh": refresh_token,
320-
})
321-
res.set_cookie("access", access_token) #프로덕션 환경에서는 보안 설정 필요.
322-
res.set_cookie("refresh", refresh_token)
323-
return res
324-
325-
# 웹 요청이면 기존 redirect 흐름 유지
326-
res = redirect(to=tos_url or _next)
327-
res.set_cookie("access", access_token)
328-
res.set_cookie("refresh", refresh_token)
329-
return res
296+
# redirect to frontend's terms of service agreement page if user did not agree it yet
297+
if (
298+
request.user.is_authenticated
299+
and request.user.profile.agree_terms_of_service_at is None
300+
):
301+
_next = urlparse(_next)
302+
return redirect(to=f"{_next.scheme}://{_next.netloc}/tos")
303+
304+
return redirect(to=_next)
330305

331306
@decorators.action(detail=True, methods=["post"])
332307
def sso_unregister(self, request, *args, **kwargs):
@@ -356,27 +331,3 @@ def sso_logout(self, request, *args, **kwargs):
356331
return response.Response(
357332
status=status.HTTP_200_OK,
358333
)
359-
360-
#jwt -> refresh toekn
361-
@decorators.action(detail=False, methods=['post'])
362-
def refresh_token(self, request):
363-
refresh_token = request.COOKIES.get('refresh')
364-
if not refresh_token:
365-
return response.Response({'error': 'Refresh token not provided'}, status=status.HTTP_400_BAD_REQUEST)
366-
367-
try:
368-
token = RefreshToken(refresh_token)
369-
access_token = str(token.access_token)
370-
except Exception:
371-
return response.Response({'error': 'Invalid refresh token'}, status=status.HTTP_401_UNAUTHORIZED)
372-
373-
resp = response.Response({'access': access_token})
374-
resp.set_cookie(
375-
'access',
376-
access_token,
377-
httponly=True,
378-
secure=True,
379-
samesite='Lax',
380-
)
381-
return resp
382-

ara/authentication.py

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,6 @@
11
from rest_framework.authentication import SessionAuthentication
2-
from rest_framework_simplejwt.authentication import JWTAuthentication
32

43

54
class CsrfExemptSessionAuthentication(SessionAuthentication):
65
def enforce_csrf(self, request):
76
return # To not perform the csrf check previously happening
8-
9-
10-
class JWTCookieAuthentication(JWTAuthentication):
11-
def authenticate(self, request):
12-
# 1. 쿠키에서 access 토큰을 찾음
13-
raw_token = request.COOKIES.get("access")
14-
15-
# 2. 없으면 헤더에서 찾음 (Authorization: Bearer ...)
16-
if not raw_token:
17-
header = self.get_header(request)
18-
if header is None:
19-
return None
20-
raw_token = self.get_raw_token(header)
21-
22-
if raw_token is None:
23-
return None
24-
25-
validated_token = self.get_validated_token(raw_token)
26-
return self.get_user(validated_token), validated_token

ara/settings/dev/__init__.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@
4545
REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] = (
4646
"rest_framework.authentication.BasicAuthentication",
4747
"ara.authentication.CsrfExemptSessionAuthentication",
48-
"ara.authentication.JWTCookieAuthentication",
4948
)
5049

5150
LOGGING["disable_existing_loggers"] = False

ara/settings/django.py

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,6 @@
55

66
from .env import env, root
77

8-
#for jwt token
9-
from datetime import timedelta
10-
118
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
129
BASE_DIR = root()
1310

@@ -74,15 +71,6 @@
7471
# Password validation
7572
# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
7673

77-
SIMPLE_JWT = {
78-
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=30),
79-
'REFRESH_TOKEN_LIFETIME': timedelta(days=30),
80-
'ROTATE_REFRESH_TOKENS': False,
81-
'BLACKLIST_AFTER_ROTATION': False,
82-
'AUTH_HEADER_TYPES': ('Bearer',),
83-
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
84-
}
85-
8674
AUTH_PASSWORD_VALIDATORS = [
8775
{
8876
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",

0 commit comments

Comments
 (0)