jazzband / django-rest-knox

Authentication Module for django rest auth
MIT License
1.17k stars 213 forks source link

TOKEN_LIMIT_PER_USER not taken into account #325

Closed mathbouq closed 6 months ago

mathbouq commented 11 months ago

TOKEN_LIMIT_PER_USER does not seem to be taken into account: I can open several simultaneous sessions with the same user, with seemingly as many tokens as I want.

Other REST_KNOX parameters listed in my settings.py are well taken into account, though, including AUTO_REFRESH and MIN_REFRESH_INTERVAL. Here is my configuration:

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ('knox.auth.TokenAuthentication',) }

REST_KNOX = { 'TOKEN_TTL': timedelta(hours=10), #time to live (without refresh) 'TOKEN_LIMIT_PER_USER': 1, 'AUTO_REFRESH': True, 'MIN_REFRESH_INTERVAL': 10 #number of seconds }

Am I missing anything?

johnraz commented 6 months ago

Considering that this is tested in https://github.com/jazzband/django-rest-knox/blob/09403255a069c2416a5dfb889f80342a2d7b2646/tests/tests.py#L338-L352

I'm confident the feature works and that something might be off with you setup.

Closing for now, if you can provide a minimal example reproducing the issue feel free to reopen.

johnraz commented 6 months ago

Also probably related -> https://github.com/jazzband/django-rest-knox/pull/318