Implements AC-363. Authentication tokens now expire after a configurable timeout.

2026-03-07 11:41:08 -03:30 · 2013-09-06 00:36:45 -04:00
parent 60c44bead4
commit dfc687dfae
14 changed files with 607 additions and 46 deletions
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -127,7 +127,6 @@ INSTALLED_APPS = (
    'django.contrib.staticfiles',
    'south',
    'rest_framework',
-    'rest_framework.authtoken',
    'django_extensions',
    'djcelery',
    'kombu.transport.django',
@@ -144,7 +143,7 @@ REST_FRAMEWORK = {
    'PAGINATE_BY_PARAM': 'page_size',
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
-        'rest_framework.authentication.TokenAuthentication',
+        'awx.main.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
@@ -166,6 +165,9 @@ REST_FRAMEWORK = {
    ),
 }

+# Seconds before auth tokens expire.
+AUTH_TOKEN_EXPIRATION = 1800
+
 # If set, serve only minified JS for UI.
 USE_MINIFIED_JS = False