messy logout fixing

2025-12-15 12:01:41 +00:00
parent 06e5f252a4
commit 4fb3a144d7
27 changed files with 4396 additions and 95 deletions
--- a/backend/igny8_core/auth/utils.py
+++ b/backend/igny8_core/auth/utils.py
@@ -57,33 +57,48 @@ def generate_access_token(user, account=None):
    return token


-def generate_refresh_token(user, account=None):
+def generate_refresh_token_pair(user, account=None, remember_me=False, device_id='', user_agent='', ip_address=None):
    """
-    Generate JWT refresh token for user
+    Generate JWT refresh token and store it server-side for rotation/revocation.
    
    Args:
        user: User instance
        account: Account instance (optional, will use user.account if not provided)
+        remember_me: If True, token expires in 20 days; otherwise 7 days
+        device_id: Client device identifier
+        user_agent: Browser user agent
+        ip_address: Client IP address
    
    Returns:
-        str: JWT refresh token
+        tuple: (refresh_token_string, refresh_token_id, expiry_datetime)
    """
+    from .models_refresh_token import RefreshToken
+    
    if account is None:
        account = getattr(user, 'account', None)
    
-    now = timezone.now()
-    expiry = now + get_refresh_token_expiry()
+    # Create server-side refresh token record
+    token_record = RefreshToken.create_token(
+        user=user,
+        remember_me=remember_me,
+        device_id=device_id,
+        user_agent=user_agent,
+        ip_address=ip_address
+    )
    
+    # Generate JWT with token_id embedded (for rotation tracking)
+    now = timezone.now()
    payload = {
        'user_id': user.id,
        'account_id': account.id if account else None,
-        'exp': int(expiry.timestamp()),
+        'token_id': token_record.token_id,
+        'exp': int(token_record.expires_at.timestamp()),
        'iat': int(now.timestamp()),
        'type': 'refresh',
    }
    
-    token = jwt.encode(payload, get_jwt_secret_key(), algorithm=get_jwt_algorithm())
-    return token
+    token_string = jwt.encode(payload, get_jwt_secret_key(), algorithm=get_jwt_algorithm())
+    return token_string, token_record.token_id, token_record.expires_at


 def decode_token(token):