Revoke access token if user password is changed #719
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
* Update `django.po` for id translation * Update `django.mo` for Bahasa Indonesia (id) translations.
Co-authored-by: Mahdi <mahdi@Mahdis-MacBook-Pro.local>
In ""TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.MyTokenObtainPairSerializer"," replaced "rest_framework_simplejwt" to "my_app" to make it clearer that it should be a custom path, since the Django app folder having the same name as the library was confusing and hard to fix if copy and pasting in a hurry.
* Added write_only=True for better doc generation Auto doc generators can perform better and generate more accurate docs by having this argument. Username field in TokenObtainSerializer and token in TokenVerifySerializer has been changed. * Added write_only=True to TokenBlacklistSerializer's refresh field
* Add support for Django 4.2 * Exclude DRF 3.13 & Django 4.2 CI combination
* [pre-commit.ci] pre-commit autoupdate updates: - [github.com/asottile/yesqa: v1.4.0 → v1.5.0](asottile/yesqa@v1.4.0...v1.5.0) - [github.com/psf/black: 22.12.0 → 23.3.0](psf/black@22.12.0...23.3.0) - [github.com/asottile/pyupgrade: v3.3.1 → v3.7.0](asottile/pyupgrade@v3.3.1...v3.7.0) * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
* Support `override_api_settings` as decorator * Update test_authentication * black formatting test_authentication * Use drf status instead of literal status * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update test_integration * Update test_serializers * Update test_integration * Update test_token_blacklist * Update test_tokens * Update test_views * add `setUpTestData` to `TestToken` * fix typo `self` should be `cls` --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
@Andrew-Chen-Wang |
|
you should run the tests locally and debug. Follow our docs |
OK |
|
All tests passed. |
|
removing tests is not valid. |
I already added that line of the test to the test_get_user method, and these changes are implemented in the test_get_user_with_check_revoke_token. |
|
|
sorry didn't notice; only read latest commit. Thanks again:) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this pull request, I have added a new key to the JWT token payload called hash_password, which is generated through the following function:
Then, during JWT token validation, I check if the current user password matches the value in the hash_password field of the JWT token payload. If these two values are not equal, it means that the user has changed their password.
Additionally, the tests related to JWT token validation have also been updated accordingly with these changes.