From 241011a353e0a3f4b7a62890bda71deb803c78bc Mon Sep 17 00:00:00 2001 From: Marc LaBelle Date: Wed, 1 Apr 2020 18:56:41 -0400 Subject: [PATCH] attempt to blacklist token if no JWT_AUTH_COOKIE is found --- dj_rest_auth/views.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py index 7f2e651..365545e 100644 --- a/dj_rest_auth/views.py +++ b/dj_rest_auth/views.py @@ -142,20 +142,20 @@ class LogoutView(APIView): cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None) if cookie_name: response.delete_cookie(cookie_name) - # add refresh token to blacklist - try: - token = RefreshToken(request.data['refresh']) - token.blacklist() - except KeyError: - response = Response({"detail": _("Refresh token was not included.")}, - status=status.HTTP_401_UNAUTHORIZED) - except TokenError as e: - if e.args[0] == 'Token is blacklisted': - response = Response({"detail": _("Token is already blacklisted.")}, - status=status.HTTP_404_NOT_FOUND) - except AttributeError as e: - # warn user blacklist is not enabled if not using JWT_AUTH_COOKIE - if not cookie_name: + else: + # add refresh token to blacklist + try: + token = RefreshToken(request.data['refresh']) + token.blacklist() + except KeyError: + response = Response({"detail": _("Refresh token was not included.")}, + status=status.HTTP_401_UNAUTHORIZED) + except TokenError as e: + if e.args[0] == 'Token is blacklisted': + response = Response({"detail": _("Token is already blacklisted.")}, + status=status.HTTP_404_NOT_FOUND) + except AttributeError as e: + # warn user blacklist is not enabled if e.args[0] == "'RefreshToken' object has no attribute 'blacklist'": response = Response({"detail": _("Blacklist is not enabled in INSTALLED_APPS.")}, status=status.HTTP_501_NOT_IMPLEMENTED)