From ca4ab194693bdba9d16587f58118cc476fcd19c5 Mon Sep 17 00:00:00 2001
From: a2-imeri <Alfret2.imeri@live.uwe.ac.uk>
Date: Tue, 2 Jul 2024 21:01:35 +0100
Subject: [PATCH] Update Token Sessions
---
.../__pycache__/settings.cpython-310.pyc | Bin 3897 -> 4147 bytes
MisplaceAI/MisplaceAI/settings.py | 17 ++++
frontend/src/services/api.js | 25 +++---
frontend/src/services/auth.js | 79 +++++++++++-------
4 files changed, 82 insertions(+), 39 deletions(-)
diff --git a/MisplaceAI/MisplaceAI/__pycache__/settings.cpython-310.pyc b/MisplaceAI/MisplaceAI/__pycache__/settings.cpython-310.pyc
index 7c952482daa59997e044c9f5af09e212b1a6f4eb..78bd7a0ef7bd7019670610a6016177d89c9a0e2d 100644
GIT binary patch
delta 603
zcmdlfw^@NNpO=@5fq{XcAi5=OhWJE28OCK3wJYj5qQp`-qQq19q9juIqa;&!qoh)J
zqoh+fqGVD8qGVG9(-~4YQiReOQiK;VW-_LT%wb7qjFL+cjgn7iND*7am?ECem?ANU
zDM}%gHAON-s+Td9HAOl_rk62=BZVVHb`DFFVv1afe2PMfVv16Va*9fd>KwLA#weu}
zwG{RGOvV(A6wMT^OvV)LIZP>PDLR>qDQYRYnT+WyQOYTLQ7S3=QK~5%QEDk1QR*oM
zQ5vb7DTdMvshlZB(hTWLQJN{nQCg||MHf>TQ<!tKqqM6OQ?(c9q?jyZT%fy<A;naZ
zA%#(rA;nCRAxbY*Z-IV_`9j7N3rU6r`YDzRO&LLwQ3k033k*{Y7BVt2gfpZt2Q#oR
zq-tjwWf@mqU}ONnNU&%*nAEh|yo<4yl|7T8REVKUdGZBjaUQ*-#N_PMyp&?Sl%&n>
z>@2K|CX;=5KG#QyIr|3%$2<D?_=m?k2f4bq`h|Ep`UKw+aSjf0i+A?-_x5y+_Xr6I
z@b~kHyu}mb?;jE$8sy{b@8@<)DA+YP*wfz+rp(dZ^_DzL%rzpwGsrdGF(lq8$Ui*T
zH7MTM$3NKhmMBaC$ZS(j*Z5#p=g=V6TT(FbV8<}mc-Ju3pvd?j*T7KM;E-E<FgaI0
wcTYdp&Az<yjBL&f3=BoilZ*KD85d1n#HTL6!pOqN!o<Q1flREEPxIvg00J$bRsaA1
delta 369
zcmdn2uv3mNpO=@5fq{X6)3hZmM|2{e3}e?s?TUK7D6tg&bcPg;6oGVx6v0J|nT#ny
zb6C<Dqr_8$qa@N9QbZOprii99rijg9ijquaO%YF#=w(c0O_5BI>SavfNa0A4p2HF)
zl_HZOn<AGYpQ4bWn4*-TJclilF-kf`B}FxpF-0v!Jw+pvF-3C@Q;JH8RwiSLN{V(S
zV>(NHluU|Flx&J_lw1l&lza+DltPMLlwvApioP^MDrbs;G($R5lv0XelyWM6(cu)v
z6y_Y2D3vP3RFws)DMkw!7pN^{NHLaVNMV#@NHLLQh*D2gU!aj<x{xu&Op;-NMvD1D
zMvz>TW~#sftyIm0jEoH73@OaP3@i+(Dp``+Svr-67#Tn?5-eN}CN(WKUt{cL-Q3I0
z!pf*Sc@ocOzFRy&{{A8Hp+P>*{(f$oE&1db*=!jY7>aBs$MNekPMO@tug=88GWjTf
F9soRKTSEW<
diff --git a/MisplaceAI/MisplaceAI/settings.py b/MisplaceAI/MisplaceAI/settings.py
index f163600..c913ecb 100644
--- a/MisplaceAI/MisplaceAI/settings.py
+++ b/MisplaceAI/MisplaceAI/settings.py
@@ -80,8 +80,25 @@ CSRF_TRUSTED_ORIGINS = [
# Note: CORS_ORIGIN_ALLOW_ALL is set to False for security reasons
CORS_ORIGIN_ALLOW_ALL = False
+CORS_ALLOW_CREDENTIALS = True
+CSRF_COOKIE_HTTPONLY = True
ROOT_URLCONF = 'MisplaceAI.urls'
+SESSION_COOKIE_AGE = 1209600 # 2 weeks in seconds
+
+# Do not expire the session when the browser closes
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+
+# Optionally, secure the session cookie (recommended for production)
+SESSION_COOKIE_SECURE = False # Set to True if using HTTPS
+
+# Save the session cookie on every request (optional, based on your needs)
+SESSION_SAVE_EVERY_REQUEST = True
+
+# Configuration of the session engine
+SESSION_ENGINE = 'django.contrib.sessions.backends.db'
+
+
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
diff --git a/frontend/src/services/api.js b/frontend/src/services/api.js
index e81f19b..26c4cd0 100644
--- a/frontend/src/services/api.js
+++ b/frontend/src/services/api.js
@@ -1,6 +1,7 @@
// src/services/api.js
+
import axios from 'axios';
-import { refreshToken } from './auth';
+import { refreshToken, logout } from './auth';
export const getCsrfToken = () => {
const cookies = document.cookie.split(';');
@@ -14,10 +15,11 @@ export const getCsrfToken = () => {
};
const api = axios.create({
- baseURL: 'http://localhost:8080', // Ensure this URL is correct
+ baseURL: 'http://localhost:8080',
headers: {
'Content-Type': 'application/json',
},
+ withCredentials: true, // Ensure credentials are sent with requests
});
api.interceptors.request.use(
@@ -34,16 +36,14 @@ api.interceptors.request.use(
localStorage.setItem('token', newTokens.access);
localStorage.setItem('tokenExpiry', newTokens.accessExpiry);
} else {
- localStorage.removeItem('token');
- localStorage.removeItem('refresh');
- localStorage.removeItem('tokenExpiry');
+ console.log('Token refresh failed. Logging out...');
+ logout();
window.location.href = '/login';
return Promise.reject('Session expired. Please log in again.');
}
} catch (err) {
- localStorage.removeItem('token');
- localStorage.removeItem('refresh');
- localStorage.removeItem('tokenExpiry');
+ console.log('Error during token refresh:', err);
+ logout();
window.location.href = '/login';
return Promise.reject('Session expired. Please log in again.');
}
@@ -56,17 +56,20 @@ api.interceptors.request.use(
}
return config;
},
- (error) => Promise.reject(error)
+ (error) => {
+ console.log('Request error:', error);
+ return Promise.reject(error);
+ }
);
api.interceptors.response.use(
(response) => response,
(error) => {
- console.log('API error:', error); // Debugging
+ console.log('API error:', error);
if (error.response && error.response.status === 500) {
window.location.href = '/error-500';
} else if (error.request && !error.response) {
- console.log('Network or server error'); // Debugging
+ console.log('Network or server error');
window.location.href = '/error-500';
}
return Promise.reject(error);
diff --git a/frontend/src/services/auth.js b/frontend/src/services/auth.js
index 42da518..f0d90d0 100644
--- a/frontend/src/services/auth.js
+++ b/frontend/src/services/auth.js
@@ -2,27 +2,37 @@
import api from './api';
export const login = async (credentials) => {
- const response = await api.post('/api/auth/login/', credentials);
- if (response.data.access) {
- localStorage.setItem('token', response.data.access);
- localStorage.setItem('refresh', response.data.refresh);
- const tokenPayload = JSON.parse(atob(response.data.access.split('.')[1]));
- localStorage.setItem('tokenExpiry', tokenPayload.exp);
- localStorage.setItem('isAuthenticated', true);
+ try {
+ const response = await api.post('/api/auth/login/', credentials);
+ if (response.data.access) {
+ localStorage.setItem('token', response.data.access);
+ localStorage.setItem('refresh', response.data.refresh);
+ const tokenPayload = JSON.parse(atob(response.data.access.split('.')[1]));
+ localStorage.setItem('tokenExpiry', tokenPayload.exp);
+ localStorage.setItem('isAuthenticated', true);
+ }
+ return response.data;
+ } catch (error) {
+ console.log('Login error:', error);
+ throw error;
}
- return response.data;
};
export const register = async (userData) => {
- const response = await api.post('/api/auth/register/', userData);
- if (response.data.access) {
- localStorage.setItem('token', response.data.access);
- localStorage.setItem('refresh', response.data.refresh);
- const tokenPayload = JSON.parse(atob(response.data.access.split('.')[1]));
- localStorage.setItem('tokenExpiry', tokenPayload.exp);
- localStorage.setItem('isAuthenticated', true);
+ try {
+ const response = await api.post('/api/auth/register/', userData);
+ if (response.data.access) {
+ localStorage.setItem('token', response.data.access);
+ localStorage.setItem('refresh', response.data.refresh);
+ const tokenPayload = JSON.parse(atob(response.data.access.split('.')[1]));
+ localStorage.setItem('tokenExpiry', tokenPayload.exp);
+ localStorage.setItem('isAuthenticated', true);
+ }
+ return response.data;
+ } catch (error) {
+ console.log('Registration error:', error);
+ throw error;
}
- return response.data;
};
export const logout = () => {
@@ -30,6 +40,9 @@ export const logout = () => {
localStorage.removeItem('refresh');
localStorage.removeItem('tokenExpiry');
localStorage.removeItem('isAuthenticated');
+ localStorage.removeItem('adminToken');
+ localStorage.removeItem('isAdmin');
+ localStorage.removeItem('username');
};
export const refreshToken = async () => {
@@ -42,26 +55,36 @@ export const refreshToken = async () => {
localStorage.setItem('tokenExpiry', tokenPayload.exp);
return response.data;
} catch (error) {
+ console.log('Token refresh error:', error);
logout();
+ return null;
}
}
return null;
};
export const getCurrentUser = async () => {
- const response = await api.get('/api/auth/user/');
- return response.data;
+ try {
+ const response = await api.get('/api/auth/user/');
+ return response.data;
+ } catch (error) {
+ console.log('Get current user error:', error);
+ throw error;
+ }
};
-
export const adminLogin = async (credentials) => {
- const response = await api.post('/api/auth/admin/login/', credentials);
- if (response.data.access) {
- localStorage.setItem('adminToken', response.data.access);
- localStorage.setItem('isAdmin', true);
- localStorage.setItem('username', credentials.username);
- localStorage.setItem('isAuthenticated', true);
+ try {
+ const response = await api.post('/api/auth/admin/login/', credentials);
+ if (response.data.access) {
+ localStorage.setItem('adminToken', response.data.access);
+ localStorage.setItem('isAdmin', true);
+ localStorage.setItem('username', credentials.username);
+ localStorage.setItem('isAuthenticated', true);
+ }
+ return response.data;
+ } catch (error) {
+ console.log('Admin login error:', error);
+ throw error;
}
- return response.data;
-}
-
+};
--
GitLab