Merge branch '45-investigate-if-the-jwt-part-can-be-improved' into 'develop'

Resolve "Investigate if the JWT part can be improved." Closes #45 See merge request bramw/baserow!57
2025-04-14 17:18:33 +00:00 · 2020-05-23 15:56:49 +00:00 · 2020-05-23 15:56:49 +00:00 · f160dae1b0
commit f160dae1b0
parent b1e0132eb9 47b5b9646d
6 changed files with 13 additions and 7 deletions
--- a/backend/src/baserow/config/settings/base.py
+++ b/backend/src/baserow/config/settings/base.py
@ -136,7 +136,7 @@ REST_FRAMEWORK = {
 CORS_ORIGIN_ALLOW_ALL = True

 JWT_AUTH = {
-    'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+    'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=60 * 60),
    'JWT_ALLOW_REFRESH': True,
    'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
    'JWT_RESPONSE_PAYLOAD_HANDLER': 'baserow.api.v0.user.jwt.'
--- a/changelog.md
+++ b/changelog.md
@ -22,3 +22,4 @@
 * Normalize the users email address when signing up and signing in.
 * Use Django REST framework status code constants instead of integers.
 * Added long text field.
+* Fixed not refreshing token bug and improved authentication a little bit.
--- a/web-frontend/modules/core/module.js
+++ b/web-frontend/modules/core/module.js
@ -66,11 +66,11 @@ export default function DatabaseModule(options) {
  this.addLayout(path.resolve(__dirname, 'layouts/login.vue'), 'login')

  const plugins = [
-    'middleware.js',
-    'plugin.js',
    'plugins/auth.js',
    'plugins/global.js',
    'plugins/vuelidate.js',
+    'middleware.js',
+    'plugin.js',
  ]
  plugins.forEach((plugin) => {
    this.addPlugin({
--- a/web-frontend/modules/core/store/auth.js
+++ b/web-frontend/modules/core/store/auth.js
@ -95,10 +95,12 @@ export const actions = {
    clearTimeout(this.refreshTimeout)
    commit('SET_REFRESHING', true)

+    // The token expires within an hour. We have to calculate how many seconds are
+    // left and 30 seconds before it expires we will refresh the token.
    this.refreshTimeout = setTimeout(() => {
      dispatch('refresh', getters.token)
      commit('SET_REFRESHING', false)
-    }, (getters.tokenExpireSeconds - 10) * 1000)
+    }, (getters.tokenExpireSeconds - 30) * 1000)
  },
 }

@ -107,7 +109,7 @@ export const getters = {
    return !!state.user
  },
  isRefreshing(state) {
-    return state.refresh
+    return state.refreshing
  },
  token(state) {
    return state.token
--- a/web-frontend/modules/core/utils/auth.js
+++ b/web-frontend/modules/core/utils/auth.js
@ -2,7 +2,10 @@ const cookieTokenName = 'jwt_token'

 export const setToken = (token, cookie) => {
  if (process.SERVER_BUILD) return
-  cookie.set(cookieTokenName, token)
+  cookie.set(cookieTokenName, token, {
+    path: '/',
+    maxAge: 60 * 60 * 24 * 7,
+  })
 }

 export const unsetToken = (cookie) => {
--- a/web-frontend/modules/database/components/view/grid/GridViewFieldLongText.vue
+++ b/web-frontend/modules/database/components/view/grid/GridViewFieldLongText.vue
@ -7,10 +7,10 @@
  >
    <div v-show="!editing" class="grid-field-long-text">{{ value }}</div>
    <textarea
-      v-prevent-parent-scroll
      v-if="editing"
      ref="input"
      v-model="copy"
+      v-prevent-parent-scroll
      type="text"
      class="grid-field-long-text-textarea"
    />