Merge branch 'pr91' into alichass-jwt-custom-claims

2024-12-02 05:43:44 +03:00 · 2020-06-20 13:39:20 -05:00 · 2020-06-20 13:39:20 -05:00 · 5c9a9f2e7f
commit 5c9a9f2e7f
parent 15ad7f4c73 ed99925d72
10 changed files with 93 additions and 10 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -12,15 +12,28 @@ jobs:
    executor: docker/docker
    steps:
      - checkout
-      - run: pip install --user -r dev-requirements.txt
-      - run: pip install --user -r dj_rest_auth/tests/requirements.pip
-      - run: pip install -q --user coveralls djangorestframework==$DRF Django==$DJANGO_VERSION
      - run:
-          command: coverage run --source=dj_rest_auth setup.py test
+          command: pip install --user -r dev-requirements.txt
+          name: "Pip Install dev requirements"
+      - run:
+          command: pip install --user -r dj_rest_auth/tests/requirements.pip
+          name: "Pip Install test requirements"
+      - run:
+          command: |
+            mkdir -p test-results/
+            coverage run --source=dj_rest_auth setup.py test
+            coverage report
          name: Test
      - run:
          command: COVERALLS_REPO_TOKEN=Q58WdUuZOi89XHyDeDsGE2lxUGQ2IfqP3 coveralls
          name: Coverage
+      - run:
+          command: python3 setup.py sdist
+          name: Build
+      - store_test_results:
+          path: test-results/
+      - store_artifacts:
+          path: dist/
  test-django-2:
    <<: *template
    environment:
--- a/.gitignore
+++ b/.gitignore
@ -46,6 +46,7 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
+test-results/

 # Translations
 *.mo
@ -106,4 +107,7 @@ venv.bak/
 # mypy
 .mypy_cache/
 demo/react-spa/node_modules/
-demo/react-spa/yarn.lock
+demo/react-spa/yarn.lock
+
+# Visual Studio Code
+.vscode/
--- a/demo/requirements.pip
+++ b/demo/requirements.pip
@ -1,5 +1,5 @@
-django>=1.9.0
-git+https://github.com/jazzband/dj-rest-auth.git@master
+django>=2.2
+dj-rest-auth @ git+https://github.com/jazzband/dj-rest-auth.git@master
 djangorestframework>=3.11.0
 djangorestframework-simplejwt==4.4.0
 django-allauth>=0.24.1
--- a/demo/templates/rest_framework/api.html
+++ b/demo/templates/rest_framework/api.html
@ -0,0 +1,52 @@
+{% extends "rest_framework/base.html" %}
+
+{% block style %}
+    {{ block.super }}
+        <style>
+            #btn-link {
+                border: none;
+                outline: none;
+                background: none;
+                display: block;
+                padding: 3px 20px;
+                clear: both;
+                font-weight: 400;
+                line-height: 1.42857143;
+                color: #A30000;
+                white-space: nowrap;
+                width: 100%;
+                text-align: left;
+            }
+            #btn-link:hover {
+                background: #EEEEEE;
+                color: #C20000;
+            }
+        </style>
+{% endblock %}
+
+{% block userlinks %}
+    {% if user.is_authenticated or response.data.access_token %}
+        <li class="dropdown">
+            <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                {% firstof user.username 'Registered' %}
+                <b class="caret"></b>
+            </a>
+            <ul class="dropdown-menu dropdown-menu-right">
+                {% url 'rest_user_details' as user_url %}
+                <li><a href="{{ user_url }}">User</a></li>
+                <li>
+                    {% url 'rest_logout' as logout_url %}
+                    <form action="{{ logout_url }}" method="post">
+                        {% csrf_token %}
+                        <button type="submit" id="btn-link">Logout</button>
+                    </form>
+                </li>
+            </ul>
+        </li>
+    {% else %}
+        {% url 'rest_login' as login_url %}
+        <li><a href="{{ login_url }}">Login</a></li>
+        {% url 'rest_register' as register_url %}
+        <li><a href="{{ register_url }}">Register</a></li>
+    {% endif %}
+{% endblock %}
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@ -1,5 +1,5 @@
 --editable .
 responses>=0.5.0
 djangorestframework-simplejwt==4.4.0
-django-allauth
+django-allauth>=0.25.0
 coveralls>=1.11.1
--- a/dj_rest_auth/tests/requirements.pip
+++ b/dj_rest_auth/tests/requirements.pip
@ -1,4 +1,4 @@
 django-allauth>=0.25.0
-responses>=0.3.0
+responses>=0.5.0
 flake8==2.4.0
 djangorestframework-simplejwt==4.4.0
--- a/dj_rest_auth/tests/settings.py
+++ b/dj_rest_auth/tests/settings.py
@ -72,6 +72,9 @@ REST_FRAMEWORK = {
    )
 }

+TEST_RUNNER = 'xmlrunner.extra.djangotestrunner.XMLTestRunner'
+TEST_OUTPUT_DIR = 'test-results'
+
 INSTALLED_APPS = [
    'django.contrib.messages',
    'django.contrib.admin',
--- a/dj_rest_auth/views.py
+++ b/dj_rest_auth/views.py
@ -86,6 +86,9 @@ class LoginView(GenericAPIView):
        response = Response(serializer.data, status=status.HTTP_200_OK)
        if getattr(settings, 'REST_USE_JWT', False):
            cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None)
+            cookie_secure = getattr(settings, 'JWT_AUTH_SECURE', False)
+            cookie_httponly = getattr(settings, 'JWT_AUTH_HTTPONLY', True)
+            cookie_samesite = getattr(settings, 'JWT_AUTH_SAMESITE', 'Lax')
            from rest_framework_simplejwt.settings import api_settings as jwt_settings
            if cookie_name:
                from datetime import datetime
@ -94,7 +97,9 @@ class LoginView(GenericAPIView):
                    cookie_name,
                    self.access_token,
                    expires=expiration,
-                    httponly=True
+                    secure=cookie_secure,
+                    httponly=cookie_httponly,
+                    samesite=cookie_samesite
                )
        return response

--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -12,6 +12,8 @@ Configuration

        - JWT_SERIALIZER - (Using REST_USE_JWT=True) response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.JWTSerializer``

+        - JWT_TOKEN_CLAIMS_SERIALIZER - A custom JWT Claim serializer. Default is `rest_framework_simplejwt.serializers.TokenObtainPairSerializer`
+
        - USER_DETAILS_SERIALIZER - serializer class in ``dj_rest_auth.views.UserDetailsView``, default value ``dj_rest_auth.serializers.UserDetailsSerializer``

        - PASSWORD_RESET_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetView``, default value ``dj_rest_auth.serializers.PasswordResetSerializer``
@ -48,6 +50,9 @@ Configuration

 - **REST_USE_JWT** - Enable JWT Authentication instead of Token/Session based. This is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt, which must also be installed. (default: False)
 - **JWT_AUTH_COOKIE** - The cookie name/key.
+- **JWT_AUTH_SECURE** - If you want the cookie to be only sent to the server when a request is made with the https scheme (default: False).
+- **JWT_AUTH_HTTPONLY** - If you want to prevent client-side JavaScript from having access to the cookie (default: True).
+- **JWT_AUTH_SAMESITE** - To tell the browser not to send this cookie when performing a cross-origin request (default: 'Lax'). SameSite isn’t supported by all browsers.
 - **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)

 - **LOGOUT_ON_PASSWORD_CHANGE** - set to False if you want to keep the current user logged in after a password change
--- a/setup.py
+++ b/setup.py
@ -34,6 +34,7 @@ setup(
        'with_social': ['django-allauth>=0.25.0'],
    },
    tests_require=[
+        'unittest-xml-reporting>=3.0.2',
        'responses>=0.5.0',
        'django-allauth>=0.25.0',
        'djangorestframework-simplejwt>=4.4.0 ',