Skip to content

Commit

Permalink
Add posibility to set up cookies max-age in runtime (#81)
Browse files Browse the repository at this point in the history
  • Loading branch information
DefteZ authored and vimalloc committed Aug 27, 2017
1 parent 043ba23 commit e41b6f7
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions flask_jwt_extended/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,10 +157,14 @@ def get_csrf_token(encoded_token):
return token['csrf']


def set_access_cookies(response, encoded_access_token):
def set_access_cookies(response, encoded_access_token, max_age=None):
"""
Takes a flask response object, and configures it to set the encoded access
token in a cookie (as well as a csrf access cookie if enabled)
:param max_age: If this is None, it will use the 'JWT_SESSION_COOKIE'
config value. Else it will use max_age as cookie "max-age".
Values should be integer number of seconds
"""
if not config.jwt_in_cookies:
raise RuntimeWarning("set_access_cookies() called without "
Expand All @@ -169,7 +173,7 @@ def set_access_cookies(response, encoded_access_token):
# Set the access JWT in the cookie
response.set_cookie(config.access_cookie_name,
value=encoded_access_token,
max_age=config.cookie_max_age,
max_age=max_age or config.cookie_max_age,
secure=config.cookie_secure,
httponly=True,
domain=config.cookie_domain,
Expand All @@ -179,17 +183,21 @@ def set_access_cookies(response, encoded_access_token):
if config.csrf_protect and config.csrf_in_cookies:
response.set_cookie(config.access_csrf_cookie_name,
value=get_csrf_token(encoded_access_token),
max_age=config.cookie_max_age,
max_age=max_age or config.cookie_max_age,
secure=config.cookie_secure,
httponly=False,
domain=config.cookie_domain,
path=config.access_csrf_cookie_path)


def set_refresh_cookies(response, encoded_refresh_token):
def set_refresh_cookies(response, encoded_refresh_token, max_age=None):
"""
Takes a flask response object, and configures it to set the encoded refresh
token in a cookie (as well as a csrf refresh cookie if enabled)
:param max_age: If this is None, it will use the 'JWT_SESSION_COOKIE'
config value. Else it will use max_age as cookie "max-age".
Values should be integer number of seconds
"""
if not config.jwt_in_cookies:
raise RuntimeWarning("set_refresh_cookies() called without "
Expand All @@ -198,7 +206,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
# Set the refresh JWT in the cookie
response.set_cookie(config.refresh_cookie_name,
value=encoded_refresh_token,
max_age=config.cookie_max_age,
max_age=max_age or config.cookie_max_age,
secure=config.cookie_secure,
httponly=True,
domain=config.cookie_domain,
Expand All @@ -208,7 +216,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
if config.csrf_protect and config.csrf_in_cookies:
response.set_cookie(config.refresh_csrf_cookie_name,
value=get_csrf_token(encoded_refresh_token),
max_age=config.cookie_max_age,
max_age=max_age or config.cookie_max_age,
secure=config.cookie_secure,
httponly=False,
domain=config.cookie_domain,
Expand Down

0 comments on commit e41b6f7

Please sign in to comment.