I created a Django app in which I want to be able to authenticate users by checking not only the username and password, but also a specific field in a related model. The custom request body I want to POST
to the endpoint is:
payload = { 'username': user, 'password': password, 'app_id': uuid4}
I am using djangorestframework-simplejwt
module to get the access token.
models.py
class Application(models.Model):
app_name = models.CharField(max_length=300)
app_id = models.UUIDField(default=uuid.uuid4, editable=False)
def __str__(self):
return self.app_name
class ProfileApp(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
app = models.ForeignKey(Application, on_delete=models.CASCADE)
expires_on = models.DateTimeField(default=datetime.now() + timedelta(days=15))
def __str__(self):
return self.app.app_name + " | " + self.user.username
Is it possible to override the TokenObtainPairView
from rest_framework_simplejwt
to only authenticate an user if the expires_on
date is still not expired? Or is there an architecture problem by doing it like this?