Add model for JWT refresh token

Author: stveit

changelog.d/3268.added.md

@@ -0,0 +1 @@
+Add database model for JWT refresh tokens

python/nav/models/api.py

@@ -15,7 +15,7 @@
 #
 """Models for the NAV API"""
 
-from datetime import datetime
+from datetime import datetime, timezone
 
 from django.contrib.postgres.fields import HStoreField
 from django.db import models
@@ -66,3 +66,25 @@ def get_absolute_url(self):
 
     class Meta(object):
         db_table = 'apitoken'
+
+
+class JWTRefreshToken(models.Model):
+
+    name = VarcharField(unique=True)
+    description = models.TextField(null=True, blank=True)
+    expires = models.DateTimeField()
+    activates = models.DateTimeField()
+    hash = VarcharField()
+
+    def __str__(self):
+        return self.name
+
+    def is_active(self) -> bool:
+        """True if token is active. A token is considered active when
+        `activates` is in the past and `expires` is in the future.
+        """
+        now = datetime.now(tz=timezone.utc)
+        return now >= self.activates and now < self.expires
+
+    class Meta(object):
+        db_table = 'jwtrefreshtoken'

python/nav/models/sql/changes/sc.05.13.0001.sql

@@ -0,0 +1,8 @@
+CREATE TABLE manage.JWTRefreshToken (
+    id SERIAL PRIMARY KEY,
+    name VARCHAR NOT NULL UNIQUE,
+    description VARCHAR,
+    expires TIMESTAMP NOT NULL,
+    activates TIMESTAMP NOT NULL,
+    hash VARCHAR NOT NULL
+);

tests/unittests/models/jwtrefreshtoken_test.py

@@ -0,0 +1,58 @@
+from datetime import datetime, timedelta, timezone
+
+from nav.models.api import JWTRefreshToken
+
+
+class TestIsActive:
+    def test_should_return_false_if_token_activates_in_the_future(self):
+        now = datetime.now(tz=timezone.utc)
+        token = JWTRefreshToken(
+            name="testtoken",
+            hash="dummyhash",
+            expires=now + timedelta(hours=1),
+            activates=now + timedelta(hours=1),
+        )
+        assert not token.is_active()
+
+    def test_should_return_false_if_token_expires_in_the_past(self):
+        now = datetime.now(tz=timezone.utc)
+        token = JWTRefreshToken(
+            name="testtoken",
+            hash="dummyhash",
+            expires=now - timedelta(hours=1),
+            activates=now - timedelta(hours=1),
+        )
+        assert not token.is_active()
+
+    def test_should_return_true_if_token_activates_in_the_past_and_expires_in_the_future(
+        self,
+    ):
+        now = datetime.now(tz=timezone.utc)
+        token = JWTRefreshToken(
+            name="testtoken",
+            hash="dummyhash",
+            expires=now + timedelta(hours=1),
+            activates=now - timedelta(hours=1),
+        )
+        assert token.is_active()
+
+    def test_should_return_true_if_token_activates_now_and_expires_in_the_future(self):
+        now = datetime.now(tz=timezone.utc)
+        token = JWTRefreshToken(
+            name="testtoken",
+            hash="dummyhash",
+            expires=now + timedelta(hours=1),
+            activates=now,
+        )
+        assert token.is_active()
+
+
+def test_string_representation_should_match_name():
+    now = datetime.now(tz=timezone.utc)
+    token = JWTRefreshToken(
+        name="testtoken",
+        hash="dummyhash",
+        expires=now + timedelta(hours=1),
+        activates=now - timedelta(hours=1),
+    )
+    assert str(token) == token.name