Implement auto-refreshing authentication token TTL

intuitem · Apr 18, 2024 · 3808ce4 · 3808ce4
1 parent ff914f8
commit 3808ce4
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py
@@ -12,8 +12,7 @@
 from pathlib import Path
 import os
 from dotenv import load_dotenv
-import subprocess
-import json
+from datetime import timedelta
 import logging.config
 import structlog
 from django.core.management.utils import get_random_secret_key
@@ -149,14 +148,12 @@ def set_ciso_assistant_url(_, __, event_dict):
 LOGIN_REDIRECT_URL = "home"
 LOGOUT_REDIRECT_URL = "login"
 
-SESSION_COOKIE_AGE = int(
-    os.environ.get("SESSION_COOKIE_AGE", default=60 * 15)
+AUTH_TOKEN_TTL = int(
+    os.environ.get("AUTH_TOKEN_TTL", default=60 * 15)
 )  # defaults to 15 minutes
-# prevents session from expiring when user is active
-SESSION_SAVE_EVERY_REQUEST = os.environ.get("SESSION_SAVE_EVERY_REQUEST", default=True)
-SESSION_EXPIRE_AT_BROWSER_CLOSE = os.environ.get(
-    "SESSION_EXPIRE_AT_BROWSER_CLOSE", default=True
-)
+AUTH_TOKEN_AUTO_REFRESH = (
+    os.environ.get("AUTH_TOKEN_AUTO_REFRESH", default="True") == "True"
+)  # prevents token from expiring while user is active
 
 CISO_ASSISTANT_SUPERUSER_EMAIL = os.environ.get("CISO_ASSISTANT_SUPERUSER_EMAIL")
 DEFAULT_FROM_EMAIL = os.environ.get("DEFAULT_FROM_EMAIL")
@@ -192,6 +189,15 @@ def set_ciso_assistant_url(_, __, event_dict):
     "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
 }
 
+REST_KNOX = {
+    "SECURE_HASH_ALGORITHM": "cryptography.hazmat.primitives.hashes.SHA512",
+    "AUTH_TOKEN_CHARACTER_LENGTH": 64,
+    "TOKEN_TTL": timedelta(seconds=AUTH_TOKEN_TTL),
+    "TOKEN_LIMIT_PER_USER": None,
+    "AUTO_REFRESH": AUTH_TOKEN_AUTO_REFRESH,
+    "MIN_REFRESH_INTERVAL": 60,
+}
+
 if DEBUG:
     REST_FRAMEWORK["DEFAULT_RENDERER_CLASSES"].append(
         "rest_framework.renderers.BrowsableAPIRenderer"