-
Notifications
You must be signed in to change notification settings - Fork 663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoke access token if user password is changed #719
Revoke access token if user password is changed #719
Conversation
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
for more information, see https://pre-commit.ci
* Update `django.po` for id translation * Update `django.mo` for Bahasa Indonesia (id) translations.
Co-authored-by: Mahdi <mahdi@Mahdis-MacBook-Pro.local>
In ""TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.MyTokenObtainPairSerializer"," replaced "rest_framework_simplejwt" to "my_app" to make it clearer that it should be a custom path, since the Django app folder having the same name as the library was confusing and hard to fix if copy and pasting in a hurry.
* Added write_only=True for better doc generation Auto doc generators can perform better and generate more accurate docs by having this argument. Username field in TokenObtainSerializer and token in TokenVerifySerializer has been changed. * Added write_only=True to TokenBlacklistSerializer's refresh field
* Add support for Django 4.2 * Exclude DRF 3.13 & Django 4.2 CI combination
* [pre-commit.ci] pre-commit autoupdate updates: - [github.com/asottile/yesqa: v1.4.0 → v1.5.0](asottile/yesqa@v1.4.0...v1.5.0) - [github.com/psf/black: 22.12.0 → 23.3.0](psf/black@22.12.0...23.3.0) - [github.com/asottile/pyupgrade: v3.3.1 → v3.7.0](asottile/pyupgrade@v3.3.1...v3.7.0) * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
* Support `override_api_settings` as decorator * Update test_authentication * black formatting test_authentication * Use drf status instead of literal status * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update test_integration * Update test_serializers * Update test_integration * Update test_token_blacklist * Update test_tokens * Update test_views * add `setUpTestData` to `TestToken` * fix typo `self` should be `cls` --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
@Andrew-Chen-Wang |
you should run the tests locally and debug. Follow our docs |
OK |
All tests passed. |
removing tests is not valid. |
I already added that line of the test to the test_get_user method, and these changes are implemented in the test_get_user_with_check_revoke_token. |
|
sorry didn't notice; only read latest commit. Thanks again:) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks again!
In this pull request, I have added a new key to the JWT token payload called hash_password, which is generated through the following function:
Then, during JWT token validation, I check if the current user password matches the value in the hash_password field of the JWT token payload. If these two values are not equal, it means that the user has changed their password.
Additionally, the tests related to JWT token validation have also been updated accordingly with these changes.