[refresh-token] renamed JWT_TOKEN_REFRESH_LIMIT -> JWT_REFRESH_EXPIRATION_DELTA

Author: alvinchow86

README.md

@@ -73,9 +73,9 @@ Pass in an existing token to the refresh endpoint as follows: `{"token": EXISTIN
 $ curl -X POST -H "Content-Type: application/json" -d '{"token":"<EXISTING_TOKEN>}' http://localhost:8000/api-token-refresh/
 ```
 
-Refresh with tokens can be repeated (token1 -> token2 -> token3), but this chain of token stores the time that the original token (obtained with username/password credentials), as `orig_iat`. You can only keep refreshing tokens up to `JWT_TOKEN_REFRESH_LIMIT`.
+Refresh with tokens can be repeated (token1 -> token2 -> token3), but this chain of token stores the time that the original token (obtained with username/password credentials), as `orig_iat`. You can only keep refreshing tokens up to `JWT_REFRESH_EXPIRATION_DELTA`.
 
-A typical use case might be a web app where you'd like to keep the user "logged in" the site without having to re-enter their password, or get kicked out by surprise before their token expired. Imagine they had a 1-hour token and are just at the last minute while they're still doing something. With mobile you could perhaps store the username/password to get a new token, but this is not a great idea in a browser. Each time the user loads the page, you can check if there is an existing non-expired token and if it's close to being expired, refresh it to extend their session. In other words, if a user is actively using your site, they can keep their "session" alive. 
+A typical use case might be a web app where you'd like to keep the user "logged in" the site without having to re-enter their password, or get kicked out by surprise before their token expired. Imagine they had a 1-hour token and are just at the last minute while they're still doing something. With mobile you could perhaps store the username/password to get a new token, but this is not a great idea in a browser. Each time the user loads the page, you can check if there is an existing non-expired token and if it's close to being expired, refresh it to extend their session. In other words, if a user is actively using your site, they can keep their "session" alive.
 
 ## Additional Settings
 There are some additional settings that you can override similar to how you'd do it with Django REST framework itself. Here are all the available defaults.
@@ -90,7 +90,7 @@ JWT_AUTH = {
 
     'JWT_PAYLOAD_HANDLER':
     'rest_framework_jwt.utils.jwt_payload_handler',
-    
+
     'JWT_PAYLOAD_GET_USER_ID_HANDLER':
     'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',
 
@@ -100,9 +100,9 @@ JWT_AUTH = {
     'JWT_VERIFY_EXPIRATION': True,
     'JWT_LEEWAY': 0,
     'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=300),
-    
+
     'JWT_ALLOW_TOKEN_REFRESH': False,
-    'JWT_TOKEN_REFRESH_LIMIT': datetime.timedelta(days=7),
+    'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
 }
 ```
 This packages uses the JSON Web Token Python implementation, [PyJWT](https://github.com/progrium/pyjwt) and allows to modify some of it's available options.
@@ -156,16 +156,13 @@ Default is `datetime.timedelta(seconds=300)`(5 minutes).
 ### JWT_ALLOW_TOKEN_REFRESH
 Enable token refresh functionality. Token issued from `rest_framework_jwt.views.obtain_jwt_token` will have an `orig_iat` field. Default is `False`
 
-### JWT_TOKEN_REFRESH_LIMIT
+### JWT_REFRESH_EXPIRATION_DELTA
 Limit on token refresh, is a `datetime.timedelta` instance. This is how much time after the original token that future tokens can be refreshed from.
 
 Default is `datetime.timedelta(days=7)` (7 days).
 
 ### JWT_PAYLOAD_HANDLER
 Specify a custom function to generate the token payload
-    
+
 ### JWT_PAYLOAD_GET_USER_ID_HANDLER
 If you store `user_id` differently than the default payload handler does, implement this function to fetch `user_id` from the payload.
-
-
-

rest_framework_jwt/serializers.py

@@ -101,7 +101,7 @@ def validate(self, attrs):
         orig_iat = payload.get('orig_iat')
         if orig_iat:
             # Verify expiration
-            refresh_limit = api_settings.JWT_TOKEN_REFRESH_LIMIT
+            refresh_limit = api_settings.JWT_REFRESH_EXPIRATION_DELTA
             if isinstance(refresh_limit, timedelta):
                 refresh_limit = (refresh_limit.days * 24 * 3600 +
                                  refresh_limit.seconds)

rest_framework_jwt/settings.py

@@ -27,7 +27,7 @@
     'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=300),
 
     'JWT_ALLOW_TOKEN_REFRESH': False,
-    'JWT_TOKEN_REFRESH_LIMIT': datetime.timedelta(days=7),
+    'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
 }
 
 # List of settings that may be in string import notation.

rest_framework_jwt/tests/test_views.py

@@ -237,7 +237,7 @@ def test_refresh_jwt_after_refresh_expiration(self):
         """
         client = APIClient(enforce_csrf_checks=True)
 
-        orig_iat = (datetime.utcnow() - api_settings.JWT_TOKEN_REFRESH_LIMIT -
+        orig_iat = (datetime.utcnow() - api_settings.JWT_REFRESH_EXPIRATION_DELTA -
                     timedelta(seconds=5))
         token = self.create_token(
             self.user,