From 40208ea0b63ab6ad7cc454d43cf9eabc09f9f8b6 Mon Sep 17 00:00:00 2001 From: Rami Chowdhury Date: Tue, 14 Apr 2020 13:26:52 -0400 Subject: [PATCH 1/2] Don't _require_ rest_framework_simplejwt Rather than importing it at the top level (which breaks dj-rest-auth entirely if you aren't using JWTs and don't have the library installed), only do the import if the user has the relevant setting enabled. --- dj_rest_auth/views.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py index 114856b..674c9b8 100644 --- a/dj_rest_auth/views.py +++ b/dj_rest_auth/views.py @@ -11,8 +11,20 @@ from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView from rest_framework.permissions import AllowAny, IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -from rest_framework_simplejwt.exceptions import TokenError -from rest_framework_simplejwt.tokens import RefreshToken + +if getattr(settings, 'REST_USE_JWT'): + from rest_framework_simplejwt.exceptions import TokenError + from rest_framework_simplejwt.tokens import RefreshToken +else: + # NOTE: these are not actually used except if `REST_USE_JWT` is True, but + # ensuring they're defined anyway in case + + class TokenError(Exception): + pass + + class RefreshToken: + pass + from .app_settings import (JWTSerializer, LoginSerializer, PasswordChangeSerializer, From 506912f83245ad6844527a5839bec6e34dc2a065 Mon Sep 17 00:00:00 2001 From: Rami Chowdhury Date: Tue, 14 Apr 2020 15:20:43 -0400 Subject: [PATCH 2/2] Move import inside response method This is not idiomatic, but I don't see another neat way to move it out of the top level and still handle testing / other situations where the settings are modified on-the-fly. --- dj_rest_auth/views.py | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py index 674c9b8..b5fcdb8 100644 --- a/dj_rest_auth/views.py +++ b/dj_rest_auth/views.py @@ -12,20 +12,6 @@ from rest_framework.permissions import AllowAny, IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView -if getattr(settings, 'REST_USE_JWT'): - from rest_framework_simplejwt.exceptions import TokenError - from rest_framework_simplejwt.tokens import RefreshToken -else: - # NOTE: these are not actually used except if `REST_USE_JWT` is True, but - # ensuring they're defined anyway in case - - class TokenError(Exception): - pass - - class RefreshToken: - pass - - from .app_settings import (JWTSerializer, LoginSerializer, PasswordChangeSerializer, PasswordResetConfirmSerializer, @@ -154,6 +140,13 @@ class LogoutView(APIView): status=status.HTTP_200_OK) if getattr(settings, 'REST_USE_JWT', False): + # NOTE: this import occurs here rather than at the top level + # because JWT support is optional, and if `REST_USE_JWT` isn't + # True we shouldn't need the dependency + from rest_framework_simplejwt.exceptions import TokenError + from rest_framework_simplejwt.tokens import RefreshToken + + cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None) if cookie_name: response.delete_cookie(cookie_name)