From b6d3fd2404bd94f2968b8f0b54c96d1094797286 Mon Sep 17 00:00:00 2001 From: liberty-rising Date: Wed, 27 Dec 2023 22:48:41 +0100 Subject: [PATCH] implement remember me functionality --- backend/routes/auth_routes.py | 32 ++++++++++++++++++-------- backend/settings.py | 8 ++++++- frontend/src/pages/login/LoginPage.jsx | 4 +++- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/backend/routes/auth_routes.py b/backend/routes/auth_routes.py index 5563e1d..f43188b 100644 --- a/backend/routes/auth_routes.py +++ b/backend/routes/auth_routes.py @@ -21,7 +21,12 @@ verify_refresh_token, update_user_refresh_token, ) -from settings import ACCESS_TOKEN_EXPIRE_MINUTES, REFRESH_TOKEN_EXPIRE_DAYS +from settings import ( + ACCESS_TOKEN_EXPIRE_MINUTES, + REFRESH_TOKEN_EXPIRE_DAYS, + REMEMBER_ME_ACCESS_TOKEN_EXPIRE_MINUTES, + REMEMBER_ME_REFRESH_TOKEN_EXPIRE_DAYS, +) auth_router = APIRouter() @@ -45,6 +50,7 @@ async def login_for_access_token( username: Optional[str] = Form(None), email: Optional[EmailStr] = Form(None), password: str = Form(...), + remember: bool = Form(False), ): """ Authenticate a user and set a JWT token in a cookie upon successful authentication. @@ -61,7 +67,6 @@ async def login_for_access_token( form_data = CustomOAuth2PasswordRequestForm( username=username, email=email, password=password ) - print("form_data", form_data) user = authenticate_user(form_data.username, form_data.email, form_data.password) if not user: raise HTTPException( @@ -69,13 +74,22 @@ async def login_for_access_token( detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) - - access_token = create_token( - {"sub": user.username}, timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) - ) - refresh_token = create_token( - {"sub": user.username}, timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS) - ) + if remember: + access_token = create_token( + {"sub": user.username}, + timedelta(minutes=REMEMBER_ME_ACCESS_TOKEN_EXPIRE_MINUTES), + ) + refresh_token = create_token( + {"sub": user.username}, + timedelta(days=REMEMBER_ME_REFRESH_TOKEN_EXPIRE_DAYS), + ) + else: + access_token = create_token( + {"sub": user.username}, timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) + ) + refresh_token = create_token( + {"sub": user.username}, timedelta(days=REFRESH_TOKEN_EXPIRE_DAYS) + ) update_user_refresh_token( user_id=user.id, refresh_token=refresh_token, diff --git a/backend/settings.py b/backend/settings.py index 509ee14..a97a045 100644 --- a/backend/settings.py +++ b/backend/settings.py @@ -15,7 +15,13 @@ APP_HOST = config("APP_HOST") ACCESS_TOKEN_EXPIRE_MINUTES = config("ACCESS_TOKEN_EXPIRE_MINUTES", default=30) -REFRESH_TOKEN_EXPIRE_DAYS = config("REFRESH_TOKEN_EXPIRE_DAYS", default=7) +REFRESH_TOKEN_EXPIRE_DAYS = config("REFRESH_TOKEN_EXPIRE_DAYS", default=1) +REMEMBER_ME_ACCESS_TOKEN_EXPIRE_MINUTES = config( + "REMEMBER_ME_ACCESS_TOKEN_EXPIRE_MINUTES", default=30 +) +REMEMBER_ME_REFRESH_TOKEN_EXPIRE_DAYS = config( + "REMEMBER_ME_REFRESH_TOKEN_EXPIRE_DAYS", default=7 +) JWT_SECRET_KEY = config("JWT_SECRET_KEY") DB_URL = config("DB_URL") diff --git a/frontend/src/pages/login/LoginPage.jsx b/frontend/src/pages/login/LoginPage.jsx index 401e0c7..eb8c5fd 100644 --- a/frontend/src/pages/login/LoginPage.jsx +++ b/frontend/src/pages/login/LoginPage.jsx @@ -22,7 +22,9 @@ function LoginPage({ onLogin }) { // Determine if usernameOrEmail should be sent as username or email const isEmail = validator.isEmail(usernameOrEmail); - const data = isEmail ? { email: usernameOrEmail, password } : { username: usernameOrEmail, password }; + const data = isEmail + ? { email: usernameOrEmail, password, remember: rememberMe } + : { username: usernameOrEmail, password, rememer: rememberMe }; try { const response = await axios.post(`${API_URL}token/`, qs.stringify (data), {