Add model for JWT refresh token

[stveit]

Adds a model representing a JWT refresh token. Contains a hash of the real token. Refresh tokens can then effectively be authenticated by comparing the hash to incoming token to hashes in the database.

The model contains relevant information about the token that can be displayed in the frontend.

The function is_active in jwtgen.py exists so the logic for whether a token is active or not can be shared between the frontend and the API. The frontend will use JWTRefreshToken.is_active (which usesjwtgen.is_active internally), while the API will use jwtgen.is_active directly.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ PYTHON	black	4		0	0.61s
✅ PYTHON	ruff	4		0	0.01s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

[github-actions]

Test results

   12 files     12 suites   11m 25s ⏱️
2 186 tests 2 186 ✅ 0 💤 0 ❌
6 033 runs  6 033 ✅ 0 💤 0 ❌

Results for commit a3db8c2.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.83%. Comparing base (905a62f) to head (a3db8c2).
Report is 80 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3268      +/-   ##
==========================================
+ Coverage   60.58%   60.83%   +0.25%     
==========================================
  Files         606      606              
  Lines       43733    43793      +60     
  Branches       48       48              
==========================================
+ Hits        26494    26641     +147     
+ Misses      17227    17140      -87     
  Partials       12       12              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[hmpf]

The rest of NAV does not care about timezones. USE_TZ is False. Had it been True you could have used the "now" function in django.utils.timezone. Making NAV care about time zones is yet more techdebt we need to deal with eventually, but not now.

If timezones (including utc) is important for JWTs I recommend you write something about it in the body of an actual commit so that the info is not lost.

[stveit]

The rest of NAV does not care about timezones. USE_TZ is False. Had it been True you could have used the "now" function in django.utils.timezone. Making NAV care about time zones is yet more techdebt we need to deal with eventually, but not now.

If timezones (including utc) is important for JWTs I recommend you write something about it in the body of an actual commit so that the info is not lost.

JWT using unix timestamps for its claims isnt NAV specific, thats just how they work. But youre probably right that using timezones in the is_active function doesnt actually do anything. They should automatically be the same timezone if they're all naive, and the time delta between the timestamps and now is the only thing that matters in this context. I just did it this way since I believe its good practice to use UTC when you can, and in this case its isolated within the function so it shouldnt really cause any issues.

tl;dr I am fine with removing the timezones if we agree that it wont change the functionality

[johannaengland]

Some questions and some little test name changes

[lunkwill42]

Looks ok, but you know me, I can't not nitpick test names :D

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud